Privacy Policy

Last updated: 27 February 2026

This policy explains how Classia handles personal data when you use our service, use a public class page, submit an enrolment request, or contact us. It is written in plain language and applies alongside UK GDPR and the Data Protection Act 2018.

Contents

  1. Who we are and how to contact us
  2. Who controls personal data
  3. Personal data we collect by role
  4. How we use personal data
  5. Our lawful bases
  6. Payments and Stripe
  7. Cookies and website analytics
  8. Who we share data with
  9. International transfers
  10. How long we keep data
  11. Security
  12. Your rights
  13. Children and parent/guardian context
  14. Public class pages
  15. How to raise a complaint
  16. Changes to this policy

Who we are and how to contact us

Classia is a product of Toskaas Limited, a company registered in England and Wales (Company Number: 16275508). Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.

For privacy requests or questions, contact privacy@classia.co.uk. For general support, contact support@classia.co.uk.

Who controls personal data

Under UK GDPR, roles depend on the type of processing.

  • Class providers are usually the data controllers for personal data they collect and use to run their classes.

  • Classia is a data processor for those provider-led activities in the platform.

  • Classia is also a data controller for its own operations, such as account management, platform security, service communications, billing, website analytics where consent applies, and legal compliance.

Personal data we collect by role

Providers and staff

  • Name, email address, phone number, and role

  • Sign-in and account security data

  • Provider profile details such as business name and address

  • Class setup, timetable, attendance, and enrolment records

  • Address geocoding information where providers use map and location features

Parents/guardians

  • Name and contact details

  • Relationship to participant and enrolment request details

  • Communication records related to class administration

Participants

  • Name and date of birth

  • Enrolment, attendance, and booking details

  • Photo consent flags where recorded

Adults may have their own user access. Children are managed through parent/guardian and provider records.

Public support and contact users

If you contact us, including through support chat, we process your message, conversation history, and basic technical context such as visitor identifier, IP address, and browser details.

Technical and security data

We process technical records such as IP address, session and cookie identifiers, browser type, timestamps, and abuse-prevention records.

How we use personal data

We use personal data to:

  • Provide and maintain the service

  • Operate enrolment, attendance, communication, and payment tools

  • Process sign-in, account access, and security checks

  • Send service messages such as login codes and support replies

  • Support payment account setup and payment processing with Stripe

  • Understand and improve website performance where analytics consent is given

  • Comply with legal, tax, and regulatory obligations

We do not sell personal data. We do not run third-party advertising profiles based on personal data collected through Classia.

Our lawful bases

Depending on the activity, we rely on one or more of:

  • Contract, where processing is needed to provide the service requested.

  • Legitimate interests, for platform security, fraud prevention, service reliability, and service administration.

  • Legal obligation, where we must keep or disclose records by law.

  • Consent, for non-essential cookies and analytics where required.

Payments and Stripe

Stripe processes payment details. Classia does not store raw card details or full bank account details.

Classia stores payment records and transaction metadata needed to run the service, such as payment status, amounts, references, and timing.

Cookies and website analytics

We use cookies and similar tools for essential service functions and, where you choose, website analytics.

  • Essential cookies support sign-in, security, session handling, and your cookie preferences.

  • Analytics cookies support website statistics through tools including Google Tag Manager and Ahrefs, only if you give analytics consent.

You can manage your choices through the cookie banner and cookie preferences control on our public site.

Who we share data with

We use service providers to operate Classia. Key providers include:

  • Stripe, for payment processing and connected account services

  • Cloudflare, as edge proxy and security layer, plus R2 storage/delivery where used

  • Myra Security, for EU CAPTCHA bot checks on public forms

  • Resend, for transactional email delivery

  • Google Tag Manager and Ahrefs, for website analytics where consent is given

  • Mapbox, where address geocoding and map features are used

We may disclose data to professional advisers, regulators, law enforcement, or courts where legally required.

International transfers

We handle personal data in the UK where practical. Some providers may process personal data outside the UK. Where transfers occur, we use safeguards required by UK data protection law, including the UK International Data Transfer Agreement (IDTA) or the UK Addendum to Standard Contractual Clauses where appropriate.

How long we keep data

We keep personal data only for as long as needed for service delivery, legal and compliance needs, security and fraud prevention, and legitimate business record keeping. Retention depends on the record type and purpose.

  • Records are kept while accounts are active and in use.

  • Financial and payment records are kept where required for accounting, tax, disputes, and compliance.

  • Security and abuse-prevention records are kept for operational protection.

  • When records are no longer needed, we delete them or anonymise them.

Security

We use reasonable technical and organisational measures to protect personal data, including access controls, encrypted transport, monitoring, and abuse-prevention checks. No online service can be guaranteed fully secure at all times.

Your rights

Under UK GDPR, you can ask to:

  • Access your personal data

  • Correct inaccurate personal data

  • Delete personal data in certain cases

  • Restrict or object to certain processing

  • Receive portable data in certain cases

  • Withdraw consent where consent is the lawful basis

Contact privacy@classia.co.uk to make a request. We may need to verify identity before acting.

Children and parent/guardian context

Classia is used by providers that run classes for children and adults. We design platform flows to support parent/guardian involvement for under-18 enrolment contexts. Providers remain responsible for their safeguarding policy, consent practices, and class supervision duties.

We aim to keep children's personal data limited to what is needed for class administration.

Public class pages

Providers can publish public class pages. These pages show class and provider information selected for public use, such as class name, timetable, and booking information.

Parent/guardian and participant personal contact details are not intended for public display on these pages.

How to raise a complaint

If you are not satisfied with how we handle your personal data, please contact us first at privacy@classia.co.uk.

You can also complain to the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint.

Changes to this policy

We may update this policy from time to time. We will update the "Last updated" date on this page and provide additional notice where appropriate.

Contact

Questions about Classia or need a hand? Get in touch.

support@classia.co.uk+44 (0) 1373 656373