← Home

Privacy Policy

Last updated: 25 May 2026

⚠️ Template — review with a data protection adviser / DPO before publishing. It describes how the platform currently handles data but is not legal advice.

Who we are

Petrios is a teaching-management platform for NHS educators and trainees. It lets organisers schedule teaching sessions, record attendance, collect feedback, and issue certificates.

Information we collect

  • Account details — email address, and (where provided) name and grade.
  • Membership — the organisation and department(s) you belong to and your role.
  • Teaching activity — sessions you create or attend, and attendance evidence (QR/group-code check-ins, teacher confirmations).
  • Feedback — session feedback, which is collected anonymously.
  • Certificates — records of certificates issued to teachers and attendees.
  • Technical data — a session cookie used to keep you signed in.

How we use your information

To provide the service: authenticate you, organise teaching, track attendance, generate certificates, share feedback reports, and send you sign-in links and session-related emails. We do not sell your data or use it for advertising.

Legal basis (UK GDPR)

We process personal data to perform our service to you and your organisation (contract), and on the basis of legitimate interests in running an education platform. Where required, processing relies on your consent, which you may withdraw.

Sharing & processors

We share data only with processors that help us run the service:

  • Supabase — database, authentication, and file storage.
  • Resend — sending sign-in and notification emails.

We may disclose data where required by law.

Retention

We keep personal data for as long as your account and your organisation’s records are active, and as needed to meet legal or training-record obligations. Contact us to request deletion.

Your rights

Under UK GDPR you can request access to, correction of, or deletion of your personal data, object to or restrict processing, and request portability. To exercise these rights, contact us using the details below.

Security

Access is controlled by role-based permissions and row-level security. Connections are encrypted in transit. No system is perfectly secure; please use a strong, unique email account.

Changes

We may update this policy; material changes will be reflected by the “last updated” date above.

Contact

Questions or data requests: contact your organisation’s administrator or the Petrios team at privacy@petrios.example. (Update this address before publishing.)