Skip to main content

Privacy Notice

Last updated: [Date]

This privacy notice explains what personal information we collect, why we collect it, and what we do with it. It applies to everyone who uses DMS or visits our website.

We're Little Bits Software Limited ("we", "us", "our"), and we're the data controller for the personal information described in this notice — unless we're processing data on behalf of a Customer, in which case we act as a data processor (see our Data Processing Agreement for details).

Contact details

Email: [email protected]

If you have any questions about this notice or want to exercise your data protection rights, contact us using the details above.

What information we collect and why

If you're a Customer (organisation account holder)

We collect this information to set up and manage your account, provide the Services, and communicate with you:

  • Name and contact details
  • Organisation name and details
  • Account and billing information
  • Usage data (how you use DMS, feature usage, login history)

If you're a User (invited by a Customer)

We collect this information on behalf of your organisation to provide the Services:

  • Name and contact details
  • Account information (username, role, permissions)
  • Activity within the platform (content viewed, feedback submitted, progress data)

Your organisation (the Customer) controls what data is collected about you through DMS. For questions about how your organisation uses your data, contact them directly.

If you're a website visitor

We collect limited information to improve our website and understand how people find us:

  • Website usage data (pages visited, time on site)
  • Cookie data (see our Cookie Policy)

Where we get your information from

  • Directly from you — when you create an account, contact us, or use the platform.
  • From your organisation — if a Customer invites you to use DMS, they provide your details to set up your account.
  • Automatically — we collect some technical data automatically when you use DMS (such as IP address, browser type, and usage data).

Our lawful bases

Under UK data protection law, we must have a lawful basis for collecting and using your personal information. We rely on the following:

Lawful basisWhen we use it
ContractTo provide DMS to you as part of your subscription.
Legitimate interestsTo improve the platform, ensure security, and communicate with you about your account. We only do this where the benefit is proportionate and doesn't override your rights.
ConsentFor optional activities like marketing emails. You can withdraw consent at any time.
Legal obligationWhere we need to comply with the law (e.g., tax records, regulatory requests).

Your data protection rights

Under UK GDPR, you have the following rights:

  • Access — ask us for a copy of the personal information we hold about you.
  • Rectification — ask us to correct information that's inaccurate or incomplete.
  • Erasure — ask us to delete your personal information.
  • Restriction — ask us to limit how we use your information.
  • Portability — ask us to transfer your information to another service, in a structured, commonly used format.
  • Object — object to our processing of your information, particularly where we rely on legitimate interests.
  • Withdraw consent — where we rely on your consent, you can withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We'll respond within one month.

If you're a User whose data is managed by a Customer, some of these requests may need to go through your organisation first, as they control your data on the platform.

How long we keep your information

Data typeRetention period
Customer account dataFor the duration of your subscription, plus 30 days for data export.
User account dataAs long as the Customer's subscription is active, or until the Customer deletes it.
Billing and payment recordsUp to 7 years, as required by UK tax law.
Support correspondenceUp to 2 years after the issue is resolved.
Website analyticsUp to 12 months.

After these periods, we securely delete or anonymise the data.

Who we share your information with

We only share your information where necessary to provide the Services or comply with the law. We never sell your personal data.

Data processors

These organisations process data on our behalf, under our instructions:

ProviderWhat they doLocation
Amazon Web Services (AWS)Cloud hosting and storageGermany (EU)
Google Cloud Platform (GCP)Cloud hosting and infrastructureGermany (EU)
CloudflareNetwork security and performanceGermany (EU)

Other sharing

We may also share your information:

  • With professional advisers (e.g., lawyers, accountants) where necessary.
  • With law enforcement or regulators, if required by law.
  • In connection with a merger, acquisition, or sale of our business — we'd let you know in advance.

Sharing information outside the UK

Our data processors listed above store data in Germany, which is within the European Economic Area. The UK has recognised the EEA as providing adequate protection for personal data (known as a "UK data bridge"), so no additional safeguards are needed for these transfers.

If we ever need to transfer data outside the UK or EEA, we'll make sure appropriate safeguards are in place, such as UK Standard Contractual Clauses.

For more details about any international transfer, contact us using the details above.

How to complain

If you're not happy with how we've handled your data:

  1. Contact us first at [email protected] — we'll do our best to resolve the issue.
  2. Contact the ICO if you're still not satisfied:

Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline: 0303 123 1113

Website: ico.org.uk/make-a-complaint

Changes to this notice

We may update this notice from time to time. We'll let you know about significant changes by email or through the platform.