This Privacy Policy ("Policy") explains how ENROLA GLOBAL LTD, a company registered in England and Wales under number 16588390, with registered office at 126 East Ferry Road, London, Greater London, United Kingdom, E14 9FP ("Enrola", "we", "us"), processes personal data in connection with the Enrola Business partner portal at business.enrola.ai ("Portal"). The Portal is intended for organisations — education agencies, consultancies and similar businesses ("Partner", "you") — and the staff they authorise to use it ("Authorised Users"). Through the Portal, a Partner uploads and manages information about its own students and applicants ("End Clients").
Contact Information:
How the Portal handles data depends on the type of data involved:
The Partner is responsible for having a lawful basis and any necessary consents to upload End-Client data and to have us process it on its behalf.
We use this data to provide, administer and secure the Portal; authenticate Authorised Users; bill the Partner; provide support; improve the Portal; and meet our legal obligations.
We use this data solely to provide the Portal to the Partner — to store documents, run OCR, run the UK Visa Compliance Engine and its specialised AI agents, generate compliance reports, and enforce plan usage limits — all on the Partner's instructions. We do not use End-Client data for our own purposes, do not sell it, do not use it for advertising, and do not use it to train third-party AI models.
Data processed through the Enrola Business Portal is stored on secure servers located in Germany (European Union). Because the United Kingdom and the European Union recognise each other as providing adequate data protection, personal data can move between the UK and the EU without additional transfer safeguards. Where data originates from other regions, we rely on appropriate safeguards such as Standard Contractual Clauses or an equivalent mechanism.
To run the Portal we use a limited set of vetted providers:
We require each provider to protect the data and process it only for the purposes we specify. We never transfer data to advertising networks or share it for marketing, and we will tell Partners about material changes to our sub-processors.
We apply encryption in transit and at rest, role-based access controls, regular backups and security reviews. If we become aware of a personal-data breach affecting End-Client data, we will notify the affected Partner without undue delay so it can meet its own obligations as controller.
Partner and account data is kept for the life of the account and for a limited period afterwards to meet legal, tax and audit obligations.
End-Client data is retained for as long as the Partner's subscription requires it for the service. On termination, we return or delete End-Client data within 30 days of the Partner's request, except where law requires us to keep it. The Partner controls deletion of its End-Client data through the Portal or by request.
A Partner may access, export or delete its account data and its End-Client data through the Portal or by contacting us at [email protected] or via Telegram @enrolaai. We respond to Partner requests within 30 days.
Where an End Client (data subject) exercises a right — such as access, correction, deletion, portability, or objection to automated decision-making — the Partner, as controller, is responsible for responding. We will assist the Partner to do so and will forward to the Partner any such request we receive directly.
We process data on the following bases:
This Policy is designed to align with:
The Portal uses cookies that are strictly necessary for it to function (authentication, session, security) and, optionally, to remember your settings. Because the Portal is a professional tool behind login, we keep non-essential cookies to a minimum.
We may update this Policy and will notify Partners of material changes by email or in-Portal notice. Continued use of the Portal after changes take effect means acceptance of the updated Policy.
For any privacy question, contact [email protected] or @enrolaai on Telegram.
If you are not satisfied with our response, you may contact the UK supervisory authority, the Information Commissioner's Office (ICO) — ico.org.uk
Last updated: June 1, 2026.