Launch offer — every paid plan ships with white-glove course migration.
Legal

Data Processing Addendum

Last updated: 2026-05-24

This Data Processing Addendum ("DPA") forms part of the JR LearnHub Terms of Service and applies whenever you, as a creator, process personal data of students located in the EU, UK, or other jurisdictions whose data-protection laws require a processor agreement.

1. Roles

You are the data controller of personal data of students enrolled in your academy. JR LearnHub is the data processor acting on your documented instructions.

2. Scope of processing

JR LearnHub processes student personal data only as necessary to operate the academy service you have configured: authentication, lesson delivery, payment processing, progress tracking, certificate issuance, support, and the analytics features you have enabled.

3. Confidentiality

All JR LearnHub personnel with access to student personal data are bound by written confidentiality obligations. Access is restricted to the minimum personnel required to operate the service and is logged.

4. Security measures

Technical and organisational security measures are described in our Security page. These include encryption at rest and in transit, signed-URL asset delivery, role-based access control, audit logging, and a documented incident-response procedure.

5. Sub-processors

We use a small set of trusted sub-processors to operate the service (payments, storage, email, CDN). The list is published and maintained on this page and updated when sub-processors are added or replaced. Material changes will be notified to you at least 30 days in advance.

6. Data-subject requests

We provide tooling for you to fulfil data-subject access, correction, deletion and portability requests from your students. Where you need our assistance, we will provide it within reasonable timeframes.

7. International transfers

Where personal data is transferred from the EEA/UK to a third country, we rely on the EU Standard Contractual Clauses (and the UK addendum where applicable) as the transfer mechanism. Specific safeguards depend on your selected academy region.

8. Incident notification

We will notify you of any personal data breach affecting your students without undue delay and in any case within 72 hours of becoming aware, with sufficient detail to allow you to meet your own notification obligations.

9. Return and deletion

On termination of your account, you may export your student data within 30 days. Thereafter, we will delete or anonymise the data, except where retention is required for legal compliance.

10. Audit

You may request a summary of our security and compliance controls at any time. For on-site or document-room audits, we ask for reasonable notice and may charge a documented administrative fee.

11. Contact

To execute a counter-signed DPA, or for any data-processing questions, email dpo@jrlearnhub.com.

Operator entity: JR Nexus Solutions FZ-LLC, RAKEZ Free Zone, Al Hulaila Industrial Zone, Ras Al Khaimah, United Arab Emirates (license 47032257).
Contact: legal@jrlearnhub.com