Skip to content
Back to LESSO

Privacy Policy

Last updated: January 2026

1. Introduction

LESSO Ltd ("we", "our", "us") is committed to protecting the privacy of educators who use our platform. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

LESSO is a teacher productivity platform that provides AI-powered document generation, lesson planning, and educational resource creation through our AI assistant, Mrs J.

2. UK Data Sovereignty

Your data is stored exclusively in the United Kingdom. We partner with a UK-based, UK-owned data sovereign cloud provider to ensure your information is subject only to UK law and protected from foreign jurisdictional overreach.

  • All data processing occurs within UK borders
  • Subject only to UK law (protected from US CLOUD Act and FISA 702)
  • ISO 27001, SOC 2, and Cyber Essentials Plus certified infrastructure
  • G-Cloud listed provider for UK public sector standards

3. Data Controller

LESSO Ltd is the data controller for personal data collected through our platform.
Contact: support@lesso.co.uk

4. Data We Collect

Account Information

  • Name, email address, job title, and employer
  • Year group and subjects taught
  • Account credentials (securely hashed)

Teaching Data

  • Lesson plans and calendar events
  • Generated documents and teaching materials
  • Uploaded resources (templates, branding, curriculum frameworks)

Conversation Data

  • Chat interactions with Mrs J (our AI assistant)
  • Preferences and feedback

Technical Data

  • Browser type, device information
  • Usage patterns and session data
  • Anonymised analytics (if enabled)

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance (Article 6(1)(b))

Processing necessary to provide the LESSO service you have subscribed to, including document generation, lesson planning, and AI assistance.

Legitimate Interests (Article 6(1)(f))

AI Learning and Service Improvement: By default, we use your anonymised interactions to improve Mrs J's ability to create high-quality, personalised educational content. This processing is based on our legitimate interest in providing an effective AI assistant that learns your teaching style and preferences.

We have conducted a legitimate interests assessment and determined that:

  • The processing directly benefits teachers by improving document quality and relevance
  • Data is aggregated and anonymised where possible
  • You can opt out at any time via Settings → Privacy & Data
  • The processing does not override your fundamental rights

Consent (Article 6(1)(a))

For optional marketing communications and newsletters. You can withdraw consent at any time.

6. AI and Automated Decision-Making

Mrs J, our AI assistant, processes your requests to generate educational content. This involves:

  • Content Generation: Creating lesson plans, PowerPoints, worksheets, and other teaching materials based on your instructions
  • Personalisation: Learning your teaching style, preferred formats, and curriculum requirements to deliver "right first time" results
  • Context Memory: Remembering previous conversations to provide consistent, tailored assistance (can be disabled)

Mrs J does not make decisions that produce legal effects or similarly significant effects on you. All generated content is for your review and approval before use.

For more details on how Mrs J uses data, see our AI Transparency Statement.

7. Data Retention

To deliver our "right first time" promise, we retain your lesson history, documents, and Mrs J interactions for a minimum of 12 months. This allows Mrs J to understand your teaching style and consistently create materials that match your brand and preferences.

  • Account data: Retained while your account is active
  • Teaching materials and chat history: 12 months minimum for service quality
  • Billing records: 7 years (legal requirement)
  • Analytics data: Anonymised and aggregated, retained indefinitely

You can request deletion of your data at any time. Deletion requests are processed within 30 days as required by UK GDPR.

8. Your Rights

Under UK GDPR, you have the following rights:

  • Right of Access (Article 15): Request a copy of all data we hold about you
  • Right to Rectification (Article 16): Correct inaccurate personal data
  • Right to Erasure (Article 17): Request deletion of your personal data
  • Right to Restrict Processing (Article 18): Limit how we use your data
  • Right to Data Portability (Article 20): Receive your data in a machine-readable format
  • Right to Object (Article 21): Object to processing based on legitimate interests

To exercise these rights, visit Settings → Privacy & Data in your LESSO account, or contact us at support@lesso.co.uk.

9. Data Sharing

We do not sell your personal data. We only share data with:

  • UK-based infrastructure providers: For hosting and data storage (UK data sovereign partner)
  • AI processing: UK-hosted AI models for content generation
  • Payment processors: Stripe for subscription management (PCI-DSS compliant)
  • Communication providers: When you connect Google Workspace or Microsoft 365

All third parties are bound by data processing agreements and UK GDPR requirements.

10. Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • Employee access controls and training
  • Incident response procedures

11. Cookies

We use essential cookies for authentication and session management. Optional analytics cookies are only set with your consent. You can manage cookie preferences at any time via the cookie banner or Settings → Privacy & Data.

12. Children's Data

LESSO is designed for teachers and educators. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of LESSO after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related inquiries or to exercise your rights:
Email: support@lesso.co.uk

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

LESSO Ltd | Registered in England and Wales

Terms of ServiceAI Transparency