Digiotouch Skills logo
Digiotouch Skills

PRIVACY POLICY

Last Updated: April 1, 2026

Effective from – April 21, 2026

1. GENERAL

Digiotouch OÜ ("Digiotouch", "we" or "us") operates Digiotouch Skills (hereinafter the "Platform"), an online learning service accessible at https://skills.digiotouch.ai. The Platform allows learners to discover, enrol in and complete online courses, take quizzes, earn certificates and participate in course-related discussions, and allows course creators to publish courses, manage students, send course-related communications and view course analytics.

Digiotouch is committed to protecting personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR") and applicable Estonian law. For the purposes of this Privacy Policy, Digiotouch acts as the data controller of the personal data processed through the Platform, unless expressly stated otherwise. Where course creators upload content and correspond with their enrolled learners, each creator acts as an independent controller for the content and messages they choose to send.

This Privacy Policy explains which categories of personal data we collect, for which purposes and on which legal bases we process them, how long we keep them, with whom we share them, and which rights data subjects have. Digiotouch Skills is a separate product from Digiotouch AI and is governed by this Privacy Policy; use of other Digiotouch products is governed by their own respective privacy notices.

2. CATEGORIES AND SOURCES OF PERSONAL DATA

We process the following categories of personal data. The data is either provided by you when you create an account or use the Platform, generated automatically as you interact with the Platform, or obtained from third parties where you choose to sign in through them.

2.1 Account and Profile Data

  • Identification data: first name, last name, email address, password hash, and (where you choose to sign in via a third-party identity provider) the external account identifier.
  • Profile data: optional profile picture, short biography, job title, workplace and education entries, and preferred language.
  • Onboarding preferences: your stated intent (learn, create or both), professional profile, topics of interest, experience level and learning goal, collected in a one-time welcome flow to tailor the Platform to your needs.

2.2 Course and Learning Data

  • Enrolment records, including the courses you have enrolled in, the date of enrolment and the enrolled name and email stored on the enrolment.
  • Learning progress: completion of lessons, chapter PDF views, quiz attempts and answers, resume points (including the last played video position), and certificate records including the learner name that appears on the certificate.
  • Reviews and ratings you submit for a course, including the star rating, optional text, and display name.
  • For course creators: course content you upload (titles, descriptions, modules, chapters, PDFs, videos, quizzes, images, signatures), invitations sent to collaborators, lists of enrolled students in your own courses, and emails you choose to send to your enrolled learners.

2.3 Payment Data

Where a course is paid, we process billing information required to complete the transaction (such as your name, email address, billing address and the course purchased). Card details are entered directly on our payment provider's interface and are not stored by Digiotouch. We only receive a transaction reference and status.

2.4 Communication Data

  • Transactional emails and notifications we send you (for example: email verification, password reset, certificate eligibility, post-completion rating requests, collaborator invites, creator-to-learner notifications and weekly enrolment digests).
  • Support correspondence and other messages you send to us.
  • For course creators: message content and recipient lists where you email your own enrolled learners through the creator tools; for learners: the same messages when you are their recipient.

2.5 Usage, Analytics and Log Data

  • Device and connection data: IP address, browser type and version, operating system, language, and referrer.
  • Usage data: pages viewed, features used, search queries inside the Platform, the time spent on lessons and videos, and error reports.
  • Cookies and similar technologies used to keep you signed in (session cookies, including an httpOnly JWT cookie) and, where you consent, to measure aggregated audience statistics (for example Core Web Vitals and anonymised analytics).
  • Server logs of requests made to our backend services, used for security, debugging and abuse prevention.

2.6 Third-Party Sign-In and Integrations

If you choose to sign in through Google, Microsoft Entra or LinkedIn, we receive from the relevant provider the minimum profile information necessary to create and link your account (typically your email address, name and a stable provider identifier). If you link an external service such as LinkedIn to share a certificate, we only use that integration for the purpose you have requested.

3. PURPOSES AND LEGAL BASES OF PROCESSING PERSONAL DATA

The table below sets out the purposes for which we process personal data and the corresponding legal bases under Article 6 GDPR.

PurposeCategories usedLegal basis
Creating and maintaining your account, authenticating you, and providing the core functionality of the Platform (enrolment, lesson playback, quizzes, certificates, reviews).Account and Profile Data; Course and Learning Data; Usage and Log Data.Performance of a contract (Art. 6(1)(b) GDPR) — our Terms of Service.
Processing payments for paid courses and maintaining transactional records.Payment Data; Account and Profile Data.Performance of a contract (Art. 6(1)(b) GDPR); compliance with legal obligations such as accounting rules (Art. 6(1)(c) GDPR).
Issuing certificates of completion (including the learner name on the certificate) and enabling certificate verification.Account and Profile Data; Course and Learning Data.Performance of a contract (Art. 6(1)(b) GDPR).
Enabling course creators to manage their courses, see enrolled students and communicate with them where necessary for the course.Account and Profile Data; Course and Learning Data; Communication Data.Performance of a contract (Art. 6(1)(b) GDPR) with the creator; legitimate interests of the learner in receiving course-related information (Art. 6(1)(f) GDPR).
Sending transactional notifications such as verification emails, password resets, certificate-eligibility notices, and post-completion rating requests.Communication Data.Performance of a contract (Art. 6(1)(b) GDPR); legitimate interests in operating a functioning service (Art. 6(1)(f) GDPR).
Sending optional marketing or product-news emails about the Platform.Account and Profile Data; Communication Data.Consent (Art. 6(1)(a) GDPR), which you can withdraw at any time.
Maintaining security, preventing fraud and abuse, enforcing rate limits and blocking attacks.Usage and Log Data; Account and Profile Data.Legitimate interests (Art. 6(1)(f) GDPR) in operating a secure service.
Measuring aggregated audience and performance metrics, improving the Platform, and understanding user needs through the onboarding preferences you share with us.Usage and Log Data; onboarding preferences.Legitimate interests (Art. 6(1)(f) GDPR); where required by law, consent (Art. 6(1)(a) GDPR).
Complying with legal obligations and responding to lawful requests by competent authorities or courts.Any category as required.Legal obligation (Art. 6(1)(c) GDPR).

4. RETENTION OF PERSONAL DATA

We retain personal data only for as long as necessary for the purposes for which it was collected, or for as long as we are required to retain it by law. Typical retention periods are set out below.

  • Account data: for as long as you maintain an account with the Platform. When you delete your account, we remove your account and associated learning data within the timeframe described in section 6 below, subject to any legal retention obligations.
  • Course and learning data (progress, quiz attempts, certificates, reviews): retained for the duration of your account so that you can access your certificates and history. Reviews you submit may remain visible on the Platform even if you delete your account, displayed under the reviewer display name you chose at the time of submission.
  • Payment records: retained for the period required by applicable accounting and tax law (typically seven (7) years in Estonia).
  • Transactional and support email records: retained for as long as necessary to evidence the communication and handle related disputes.
  • Server logs: retained for a limited period for security and operational purposes, typically not exceeding twelve (12) months.
  • Account deletion requests: if you request deletion of an account that owns published course content, we may apply a recovery window (approximately fifteen (15) days) during which you can cancel the request by signing in again. After the window, the account and associated data are permanently deleted as described in section 6.

5. DISCLOSURE OF PERSONAL DATA

We do not sell personal data. We share personal data only with the following categories of recipients, and only to the extent necessary for the purposes described in this Privacy Policy.

  • Processors acting on our behalf: cloud hosting, object storage (for lesson videos, PDFs and uploaded images), email delivery, database hosting, authentication providers, payment processing, logging and error monitoring. The current list is maintained in Annex 2 of our Terms of Service.
  • Course creators: where you enrol in a course, the creator of that course (and any collaborator they have accepted) can see your enrolled display name, email address, enrolment date, learning progress, quiz results, certificate status and last-accessed time, and can send you course-related emails subject to applicable rate limits.
  • Other learners: your reviewer display name and your review text are visible on the course page to other users of the Platform. Your identity is not otherwise made public by the Platform.
  • Authorities and legal advisors: where required to comply with a legal obligation, a lawful request, or to establish, exercise or defend legal claims.
  • Corporate transactions: in the context of a merger, acquisition, reorganisation or sale of assets, subject to appropriate safeguards and notice.

6. TRANSFER OF PERSONAL DATA OUTSIDE OF THE EEA

Digiotouch primarily stores personal data within the European Economic Area ("EEA"). However, some of our sub-processors may process personal data in countries outside the EEA. Where that is the case, we rely on appropriate safeguards permitted under the GDPR, such as (i) European Commission adequacy decisions, or (ii) Standard Contractual Clauses adopted by the European Commission, together with supplementary measures where necessary. You can obtain a copy of the safeguards we rely on by contacting us at contact@digiotouch.com.

7. DATA SUBJECT RIGHTS

Subject to the conditions and limitations set out in the GDPR, you have the following rights in relation to your personal data:

  • Right of access: to obtain confirmation as to whether we process personal data concerning you, and, where that is the case, a copy of that data.
  • Right to rectification: to have inaccurate personal data corrected and incomplete data completed.
  • Right to erasure ("right to be forgotten"): to have your personal data deleted, subject to legal retention obligations.
  • Right to restriction of processing: to request that we limit processing of your personal data in specific circumstances.
  • Right to data portability: to receive the personal data you provided to us in a structured, commonly used and machine-readable format and to transmit it to another controller.
  • Right to object: to object at any time to processing based on our legitimate interests, and to object to direct marketing at any time.
  • Right to withdraw consent: where processing is based on your consent, to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint: to lodge a complaint with a supervisory authority, in particular the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, www.aki.ee) or the authority in your place of residence, work or alleged infringement.

To exercise any of these rights, please contact us at contact@digiotouch.com. We will respond within the timeframes prescribed by the GDPR. Many actions, such as editing your profile, changing your email preferences or deleting your account, can also be performed directly from your account settings on the Platform.

8. AMENDMENTS TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in the Platform, in applicable law, or in our practices. When we make material changes, we will notify you through the Platform and/or by email before the changes take effect. The "Last updated" date at the top of this document indicates when it was last revised. We encourage you to review this Privacy Policy periodically.

9. CONTACT

If you have any questions, concerns or requests regarding this Privacy Policy or the processing of your personal data, you can contact us at:

  • Digiotouch OÜ (registry code 14507464)
  • Registered office: Narva mnt 5, 10117 Tallinn, Estonia
  • Additional office: 143 René Boulevard Cassin, 06200 Nice, France
  • Email: contact@digiotouch.com
  • Phone: +372 5309 7030

Digiotouch needs to store cookies on your device. Cookies enhance site navigation, usage analysis, and improve marketing.