top of page

Product Privacy Policy

MyProgress, MyShowcase.me, and OpenBadges.me

​

Version 2.0
January 2026
MyKnowledgeMap Limited

​

Introduction


MyKnowledgeMap Limited ("we", "our", "us") is committed to protecting the privacy and security of
your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard
your information when you use our MyProgress, MyShowcase.me and OpenBadges.me software-as-aservice (SaaS) platforms ("Service").


By accessing or using the Service, you agree to this Privacy Policy.


Effective Date: 02.02.2026
Previous Version: 1st September 2024

 

Data Controller and Data Processor Roles

 

Understanding who is responsible for your data is important. Depending on the type of data, different
organisations have different responsibilities:

 

Your University or Employer as Data Controller
For the following data, your university or employer is the data controller and determines why and
how this data is processed. MyKnowledgeMap acts as a data processor, processing this data only on
their instructions:

  • Your name and learner/employee identifier

  • Your email address

  • Your work or placement location

  • Your study programme or course information

  • Content you upload to the platform (evidence, documents, reflections)

  • Academic assessments, feedback, and grades

  • Your progress and completion records

​

Tip: For questions about how your university or employer uses this data, please refer to their
privacy notice.
 

MyKnowledgeMap as Data Controller
For the following data, MyKnowledgeMap is the data controller and determines why and how this
data is processed:

  • Platform analytics and usage patterns (how users interact with features, pages viewed, time spent)

  • - used to improve and develop our Service

  • Technical performance data (error logs, system diagnostics) - used to maintain service reliability

  • Device and browser information collected for security monitoring

  • Data collected through third-party integrations we have chosen to implement (such as ShareThis for social sharing)

​

Authentication Data
Authentication cookies and tokens (used to keep you logged in) are processed by MyKnowledgeMap
as a data processor on behalf of your university or employer, who requires users to be authenticated
to access the Service.

 

Information We Collect

 

Personal Information
We collect personal data that you, your university, or employer provides to us, including:

Automatically Collected Information

When you access our platform, we automatically collect:


Usage Data
Information on how you use the Service, such as the features you interact with, pages you view, and
time spent on the platform.


Device Information
Information about the devices used to access our Service, including IP address, browser type,
operating system, and device identifiers.


Cookies and Tracking Technologies
We use cookies, web beacons, and similar technologies to track your use of the platform. See: Cookies section for details. You can control cookie settings in your browser.
 

Third-Party Information

We may receive personal information from your university or employer via automated system
integration (such as single sign-on or student record systems)

How We Use Your Information

We process personal data for the following purposes:

Legitimate Interests

Where we rely on legitimate interests as our lawful basis, we have conducted a balancing assessment
to ensure our interests do not override your rights and freedoms. You have the right to object to
processing based on legitimate interests - see  Your Privacy Rights section.

Sharing Your Information

We do not sell or rent your personal information to third parties. We may share your information in
the following circumstances:


With Your University or Employer
As your university or employer is the data controller for your educational/work data, they have access
to your data within the Service.


Service Providers
We use trusted third-party service providers to help us operate our Service (such as cloud hosting
providers). These providers process data only on our instructions and are contractually bound to
protect your data.


Legal Obligations
We may disclose your data if required by law, such as to comply with a legal or regulatory request, or
to protect the rights, property, or safety of MyKnowledgeMap or others.


With Your Consent
We will share your information for other purposes only if you provide explicit consent.

Sub-Processors

We use trusted third-party service providers (sub-processors) to help us deliver the Service. These
providers process data only on our instructions and are contractually bound to protect your data.

We maintain contracts with all sub-processors that include data protection obligations equivalent to
those in our agreements with customers.

​

Note: For a complete list of sub-processors and their security certifications, please contact us or
request our Technical Overview Document.

Data Location and International Transfers

Regional Data Residency


We operate a regional data residency model. Your data is stored and processed entirely within the
geographic region where your university or employer's instance is hosted. Data does not transfer
between regions.


We operate data centres in the following locations:

All platform components - including application servers, databases, file storage, authentication
services, logging, and backups - remain within your designated region.

For UK and EU Users

If your institution is hosted in our UK South data centre, your personal data remains within the United
Kingdom and is not transferred internationally. The UK has adequate data protection laws, and no
additional safeguards are required.

Microsoft as Sub-Processor

​Our infrastructure is hosted on Microsoft Azure. Microsoft acts as a sub-processor and is contractually
bound to process data only within the designated region. Microsoft's data protection commitments
are documented in their Data Protection Addendum and compliance with UK GDPR is detailed in their
Trust Center.

Staff Access

​MyKnowledgeMap staff may access data for support and maintenance purposes. Our team is
structured to align with regional data residency:

 

  • UK-based staff provide support for UK, US, Asian, and Middle Eastern customers

  • Australia-based staff provide support primarily for Australian customers
     

Staff access data only within the regions they support. In exceptional circumstances (such as
escalations or out-of-hours support), staff may access data in other regions. All staff are bound by
strict confidentiality obligations, data protection training, and contractual terms that ensure equivalent
protection regardless of location.
Both the United Kingdom and Australia have adequate data protection frameworks recognised for the
protection of personal data

Data Security

We implement industry-standard security measures to protect your personal data from unauthorised
access, disclosure, alteration, or destruction.

Security Certifications

  • MyKnowledgeMap: Cyber Essentials Plus certified

  • Microsoft Azure (our hosting provider): ISO 27001 and SOC 2 Type 2 compliant

Technical Measures

  • Encryption in transit: TLS 1.2 with RSA 2048-bit certificates

  • Encryption at rest: Azure Transparent Data Encryption (TDE) for databases; AES-256 for backups

  • Access controls: Role-based access control (RBAC) and multi-factor authentication (MFA)

  • Monitoring: 24/7 security monitoring via Azure Security Center

  • Vulnerability management: Regular security audits, penetration testing, and vulnerability assessments

Organisational Measures

  • All staff complete mandatory security and data protection training

  • Staff are bound by confidentiality obligations

  • Access to customer data is limited to personnel with an operational need

  • Clean desk and clean screen policies enforced

Breach Notification

Breach Response: In the event of a personal data breach affecting your data, we will notify your
university or employer (as the data controller) within one hour of confirming the breach. We will
provide updates as the investigation progresses and support any required regulatory reporting.


For further technical details on our security practices, please refer to our Technical Overview
Document, available on request to customers

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes outlined in this
Privacy Policy:

Educational and Account Data

Your university or employer is the data controller for your educational data and account information.
They determine how long this data is retained based on their own policies, legal obligations, and
regulatory requirements (such as education sector record-keeping rules).


Note: If you wish to request deletion of this data, please contact your university or employer
directly. They will instruct us to delete your data if appropriate. We cannot delete data controlled
by your university or employer without their authorisation.

Data Controlled by MyKnowledgeMap

For analytics and security data that we control, we retain this only for the periods specified above.
Once no longer needed, we securely delete or anonymise it. You may request deletion of this data by
contacting us directly.


For further technical details on our data retention and security practices, please refer to our Technical
Overview Document, available on request to customers.

Your Privacy Rights

​Depending on your location, you may have certain rights regarding your personal information under
the UK GDPR or EU GDPR:

How to Exercise Your Rights

For data controlled by your university or employer (educational/work data):
Please contact your university or employer directly, as they are the data controller.


For data controlled by MyKnowledgeMap (analytics, security data):
Contact us at info@myknowledgemap.com. Please state your university or employer so we can locate
your records.


We will respond to valid requests within one month.

Right to Complain

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the
UK Information Commissioner's Office:

 

  • Website: ico.org.uk

  • Telephone: 0303 123 1113

  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Cookies

What Are Cookies?

​Cookies are small text files stored on your computer or mobile device by a website's server. Each
cookie is unique to your web browser and contains information such as a unique identifier and the
website's domain name.

Types of Cookies We Use

Essential Cookies


These are necessary for our Service to function properly. Without these cookies, you would not be
able to log in or use core features.

Analytics Cookies

​

These cookies help us understand how users interact with our Service so we can improve it.
MyKnowledgeMap is the data controller for data collected by these cookies.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Third-Party Cookies

​

These cookies are set by third-party services we have integrated into our platform.
MyKnowledgeMap is responsible for the decision to integrate these services, but the third parties
have their own privacy policies governing the data they collect.

Note: ShareThis cookies are only present when using MyShowcase.me. MyProgress does not
include social sharing functionality.

Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies will
prevent you from using the Service.

Children's Privacy

Our Service is not intended for use by individuals under the age of 16. We do not knowingly collect
personal data from children. If we learn that we have collected such data, we will take steps to delete it
promptly.


If you believe a child under 16 has provided us with personal data, please contact us at
info@myknowledgemap.com

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an
updated "Effective Date."


For significant changes, we will notify users via email or a prominent notice within the Service.


We encourage you to review this policy periodically.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us
at:


MyKnowledgeMap Limited
Email: info@myknowledgemap.com
Address: Kings House, 12 King Street, York, YO1 9WP, United Kingdom
Company Registration: 03954387 (Companies House)


Data Protection Officer
Craig Willis, Chief Technology Officer
Email: Craig.Willis@myknowledgemap.com


Security Incident Reporting
To report a security concern or suspected data breach:
Email: Craig.Willis@myknowledgemap.com
Telephone: 01904 659 465

Summary of Data Roles

By using MyProgress, MyShowcase.me, or OpenBadges.me, you acknowledge that you have read and
understood this Privacy Policy.

Download the Product Privacy Policy here.

bottom of page