Last updated: 24 June 2026
This policy explains how your personal information is handled when you use the Esmisys Student Portal website and the Esmisys Student Portal Android app (together, the “Services”). It is written for anyone using these Services, including students and, where relevant, parents or guardians.
Esmisys is operated by Nathan Webb (sole trader), 73 Griggs Road, Loughborough, LE11 2LJ, United Kingdom.
Privacy contact: contact@esms.systems
Your organisation (the school, club, academy, or provider that gave you access) is usually the data controller for your membership information, training records, grading results, progress reports, and shop orders.
Esmisys is a data processor. We provide the technology platform on behalf of your organisation. We process personal data only as needed to operate the Services and according to your organisation’s instructions.
If you want to access, correct, or delete your personal data, or if you have a complaint about how your data is used, you should contact your organisation in the first instance. Esmisys can assist your organisation with platform-related requests at contact@esms.systems.
To use the portal you sign in with your surname and date of birth (as held by your organisation). Before full access is granted, we may require two-factor authentication by email. Verification emails are sent through the Esmisys platform (email delivery is handled via our hosting provider).
Essential cookies and similar storage are required for the portal to work. They include:
Without essential cookies, the portal will not function as intended.
If you choose “Accept All” on the cookie consent banner, we may also collect anonymous usage statistics for your organisation, such as:
These statistics are reported to your organisation in an anonymous format. Your organisation cannot see from these statistics alone how often a named individual logged in or watched a particular video.
If you choose “Accept Essential Use Only”, we do not record this non-essential statistical data for your session. You can change your choice at any time using Manage your privacy settings on the portal login page or home page.
Depending on your organisation’s setup, the portal may show information such as syllabus progress, grading results, achievements, online training links, and shop features. Grading results and progress reports may reveal details about your training or learning activity; your organisation decides what is made available to you.
If you use Connect App on the portal, we create a temporary pairing code (QR code or link) and store an app API key on our servers linked to your account and a device name you choose. After you scan the code in the app, that device can sign in without entering your surname and date of birth each time. Keys remain active until you sign out of the app, revoke access, or your organisation removes access.
When you place an order through the members shop, your organisation is the data controller for that order. Esmisys is the data processor providing the shop platform.
Order information may include your name, contact details, delivery or collection choices, items ordered, customisations, voucher use, and payment confirmation details (such as card last four digits processed via your organisation’s Square account). Payment card details are handled by Square on behalf of your organisation; Esmisys does not receive or store your full card number.
After you connect the app (QR code from the portal), the app stores the following locally in encrypted storage on your device:
The app does not permanently store your syllabus progress, grading results, shop basket, or order history on the device. That information is held on Esmisys servers and loaded when you use the app, in the same way as the web portal.
Signing out of the app removes the local credentials and revokes the app key on our servers.
The app may ask for camera permission only to scan a QR code when connecting to your account. The app does not record or upload camera footage; it reads the pairing code only.
When you first connect the app, we ask whether to include anonymous usage statistics for your organisation. You can change this later under Your Privacy in the app menu.
Your choice is stored on your device and sent with relevant app requests so our servers know whether to log statistics. It is not stored as a separate permanent log on your phone beyond that preference.
Push notifications are not currently used. If we introduce them in future, we will update this policy and ask for any permissions or consent required.
Technique videos are chosen and hosted by your organisation, not by Esmisys. A video may be served from YouTube or another provider, or as a direct video file link, depending on how your organisation configured it.
When you play a video, your device may connect directly to that host (for example YouTube or your organisation’s file server). That host may collect its own usage data under its own privacy policy. For details about how a specific video is hosted, ask your organisation who their video provider is and request their privacy information.
Esmisys acts as a technical intermediary: we display or stream the source URL your organisation has configured. We do not control third-party video platforms.
Many users of the Services are children or young people enrolled in classes, programmes, or activities run by an organisation. Access is normally arranged by that organisation with a parent or guardian’s knowledge. If you are a parent or guardian and have questions about a child’s data, please contact the child’s organisation in the first instance.
Under UK data protection law you may have rights including access, correction, erasure, restriction, objection, and data portability, depending on the circumstances and whether your organisation or Esmisys holds the data as controller or processor.
Requests about your personal membership data should be made to your organisation. Platform or technical questions can be sent to contact@esms.systems.
You also have the right to complain to the Information Commissioner’s Office (ICO) in the UK: ico.org.uk.
We use appropriate technical and organisational measures to protect data, including encrypted app storage for authentication credentials, HTTPS for web traffic, and access controls on our platform. No system is completely secure; please keep your devices and email accounts safe, especially for two-factor authentication.
We may update this policy from time to time. The “Last updated” date at the top will change when we do. Continued use of the Services after changes means you accept the updated policy.
Questions about this policy or the Esmisys platform: contact@esms.systems
Nathan Webb, Esmisys, 73 Griggs Road, Loughborough, LE11 2LJ, United Kingdom.