Last updated: June 2026 · Applies to all JTL services
1 Data Controller
This website is operated by Jacopo (Jack) — JTL, Jack Teaching Languages, an independent online language teaching service.
Based in: Italy
Contact: jack.teaching.languages@gmail.com
Website: jackteachinglanguages.com
WhatsApp: +39 351 828 7492
If you have any questions about how your data is handled, contact us directly at the email above. We will respond within 72 hours.
2 What Data We Collect
We only collect data you voluntarily provide. This may include:
- Contact form: your name, email address, message, and selected language/level
- Account registration: name, email address, and password (hashed)
- WhatsApp: your phone number and messages if you contact us via WhatsApp
- Level/placement test: your answers and assessed level
- Payment: processed by Stripe — we do not store card details
- Google Sign-In (optional): if you choose "Continue with Google", we receive your name, email address and profile picture from Google to create and sign you into your account. We do not access any other Google data (Gmail, Drive, Calendar or contacts).
We do not use tracking cookies, third-party advertising, or analytics tools that profile you.
3 Why We Collect It (Legal Basis)
- Booking & lessons — to fulfil our contract with you (Art. 6(1)(b) GDPR)
- Responding to enquiries — legitimate interest in communicating with prospective students (Art. 6(1)(f) GDPR)
- Account creation — contract performance and your consent (Art. 6(1)(a) GDPR)
- Legal obligations — e.g. keeping records for tax purposes (Art. 6(1)(c) GDPR)
4 How We Use Your Data
- To respond to your booking enquiry or message
- To schedule and conduct online lessons
- To send lesson materials, notes, and PDFs
- To manage your student account and progress
- To issue invoices or receipts
We will never sell, rent, or share your data with third parties for marketing purposes.
5 Third-Party Services
We use a small number of trusted services to operate the website:
- Vercel — website hosting (USA/EU, GDPR compliant)
- Supabase — database for student accounts (EU region)
- Stripe — payment processing (PCI DSS compliant, GDPR compliant)
- FormSubmit — delivers your booking/contact form message to us by email
- Google Calendar — appointment scheduling, only if you book via the calendar button
- Google Sign-In (Google LLC) — optional account login; provides your name, email and profile picture for authentication only (USA; certified under the EU–US Data Privacy Framework)
- TikTok — some pages embed our TikTok videos; if you interact with them, TikTok may set its own cookies under TikTok's privacy policy
- WhatsApp / Meta — if you contact us via WhatsApp, Meta's privacy policy applies
Each of these providers has their own privacy policy and appropriate data protection agreements in place.
International transfers: Stripe and Google are certified under the EU–US Data Privacy Framework; any other transfers outside the EU/EEA rely on the European Commission's Standard Contractual Clauses.
6 TikTok Integration & Data
JTL operates a private integration with the TikTok Developer Platform that lets us publish our own educational videos to our own official JTL TikTok account. This integration uses TikTok's Login Kit and Content Posting API. It is used only by JTL to manage JTL's own account — it is not offered to students or website visitors.
What TikTok data we access:
- Basic profile information (TikTok scope
user.info.basic) — the open ID, display name and avatar of the JTL account that authorises the app, used solely to confirm which account we are publishing to. - Video upload (TikTok scope
video.upload) — we send our own video files to the authorised account's TikTok inbox as drafts. Videos are never posted publicly automatically; they are reviewed and published manually inside the TikTok app.
We do not collect, access, request or store any data belonging to TikTok viewers, followers, commenters, or any other TikTok user. We do not access TikTok analytics, direct messages, comments, or your contacts.
How we store and protect it: the access token issued by TikTok is stored securely and used only to upload our videos. We never sell, rent or share TikTok data with any third party, and we use TikTok data only in accordance with TikTok's Developer Terms of Service and Usage Guidelines.
7 How Long We Keep Your Data
- Enquiry messages: up to 12 months after last contact
- Student account data: for as long as your account is active, then deleted within 90 days of account closure
- Payment records: 7 years (legal/tax obligation)
- Lesson recordings (if any): deleted within 30 days unless you request otherwise
8 Your Rights (GDPR)
Under GDPR, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Restriction — limit how we process your data
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — at any time, where processing is based on consent
9 Cookies
This website uses only essential cookies and local storage (e.g. to keep you logged in and to remember your cookie choice). We do not use advertising or cross-site tracking cookies.
A short cookie notice confirms this when you first visit. Some pages embed third-party content (e.g. Google Calendar booking or TikTok videos); if you interact with that content, the provider may set its own cookies, governed by their own privacy policy. You can clear cookies in your browser settings at any time.
10 Data Security
We take data security seriously. Your data is stored on secure, encrypted servers. Passwords are hashed and never stored in plain text. All connections to this website use HTTPS/TLS encryption.
In the unlikely event of a data breach affecting your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.
11 Complaints
If you believe your data rights have been violated, you have the right to lodge a complaint with your national data protection authority.
- Italy: Garante per la protezione dei dati personali
- UK: Information Commissioner's Office (ICO)
- EU: Your local national supervisory authority
We would always prefer to resolve any issue directly — please contact us first.
12 Children's Privacy
Many of our students are children. We do not knowingly create student accounts for children under 14 (the age of digital consent in Italy) without verifiable parental or guardian consent. Where lessons are provided to a minor, a parent or guardian must make the booking and provide consent on the child's behalf, and is responsible for supervising the child's use of the service.
We collect only the minimum data needed to deliver lessons to a child (e.g. first name and level). A parent or guardian may exercise all of the rights set out above on the child's behalf. If you believe we have collected a child's data without appropriate consent, contact us and we will delete it.
13 Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Significant changes will be communicated to registered users by email.