Skip to content
Draco Learning LMS Healthcare Education

Privacy Policy

Last updated 2026-05-20 · Draco Learning LMS

Draco Learning LMS does not store protected health information (PHI) by design. We store training data — who completed which course, when, with what score, and the resulting CE-credit certificate. We do not store, process, transmit, or analyze patient records.

What we collect

We collect the minimum data needed to operate the platform:

  • Account data — name, work email, role at your facility, hashed password, language preference.
  • Training data — courses you've been assigned, completions, quiz scores, certificates issued, CE hours.
  • License data — credential type, number, state, issuer, expiration date (when you provide it).
  • Operational data — last login timestamp, IP address of login attempts (for security throttling), browser user-agent, activity-log entries for admin write operations.
  • Billing data — facility-level invoice records. Payment card details are never stored on our servers; they live with Stripe under PCI-DSS Level 1 controls.

How we use it

  • To deliver the platform's features (assignments, reminders, reports, certificates).
  • To detect and block abusive sign-in or signup activity.
  • To bill your facility on the published $1.98-per-active-user/month schedule (50-user minimum).
  • To send transactional emails (assignment notifications, due-date reminders, license-renewal nudges, monthly summaries) that you control via your facility notification settings.
We do not sell your data, share it with advertisers, or use it to train AI models.

Where it lives

  • All data is hosted in the United States.
  • Encrypted in transit (TLS 1.2+).
  • Encrypted at rest (managed-database storage encryption).
  • Daily off-site backups, retained for the most-recent 5 days.

Access and export

You own your data. You can:

  • Export your facility's full dataset (users, courses, completions, certificates, activity log) at any time as CSV/XLSX/PDF.
  • Email damien@dracolearning.com to request a full structured archive.
  • Email damien@dracolearning.com to request deletion of your facility's account and data. Deletion processed within 14 business days.

Cookies and tracking

We use a session cookie for authentication and a preferences cookie (lms_theme) for your light/dark mode choice. We do not use third-party analytics trackers, ad pixels, or behavioral fingerprinting.

Children

Draco Learning LMS is a B2B product sold to skilled-nursing and assisted-living facilities. We do not knowingly collect data from anyone under 18.

Changes

Material changes to this policy will be announced via email to every facility admin at least 30 days before they take effect.

Contact

Privacy questions: damien@dracolearning.com · Draco Learning