Privacy Policy
Key Points — the short version
- 📬We collect your email, name, and payment details to deliver the programme and process payments. We do not sell your data to third parties.
- 🎓We process your data to provide educational services. We are not a financial adviser and your data is never used for investment purposes.
- 🤝We share data only with service providers (Stripe for payments, Resend/Mailchimp for email, Discord for community) under strict data processing agreements.
- 🛡️You have the right to access, correct, delete, or export your data at any time. EU/UK residents have additional rights under GDPR.
- 📩Privacy questions? Email {APP_CONFIG.contact.legalEmail} — we respond within 72 hours.
1. Information We Collect
We collect information you provide directly to us, information collected automatically when you use our services, and information from third parties.
Information You Provide
- Account data: name, email address, and password when you create an account or sign up for the free course.
- Payment data: billing address and payment card details when purchasing the mentorship programme. Card details are processed directly by Stripe Inc. and are never stored on our servers.
- Profile data: trading experience level, country of residence, and any other information you choose to share in community spaces or during onboarding.
- Communications: emails, support tickets, and survey responses you send to us.
- Trading results: member-reported funded challenge results, monthly P&L figures, and other trading metrics you voluntarily submit for testimonial, leaderboard, or mentorship review purposes.
Information Collected Automatically
- Usage data: pages visited, course modules accessed, time spent, and feature interactions.
- Device data: IP address, browser type, operating system, and referring URLs.
- Cookie data: session identifiers, preference cookies, and analytics identifiers. See Section 5 for full cookie details.
Information from Third Parties
- If you connect a third-party account (Google, etc.) for login, we receive your name, email, and profile photo.
- Payment processors may share transaction status and fraud-risk scores with us.
2. How We Use Your Data
We use your personal information for the following purposes:
- Service delivery: delivering course modules, processing enrolments, sending live session links, and maintaining your account.
- Payment processing: processing transactions, issuing receipts, and managing refunds.
- Communications: responding to enquiries, sending programme updates, and important notices regarding your account.
- Marketing communications: sending our weekly market preparation newsletter and promotional offers, subject to your consent where required. See Section 10.
- Analytics and improvement: understanding how members use our platform and improving our educational content and website experience.
- Legal compliance: meeting our obligations under applicable UK, EU, and international laws.
- Safety and fraud prevention: detecting and preventing fraudulent transactions and unauthorised access.
We do not use your data to make automated decisions with legal or significant effects on you.
3. Legal Bases (GDPR / UK GDPR)
If you are located in the UK, EU, or EEA, we rely on the following legal bases under the UK GDPR and EU GDPR to process your personal data:
- Contract performance (Article 6(1)(b)): processing necessary to deliver the services you have purchased or registered for — including course access, live sessions, and account management.
- Legitimate interests (Article 6(1)(f)): fraud prevention, platform security, improving our services, and communicating with existing customers about similar products. We have conducted a balancing test and concluded that our interests do not override your rights.
- Consent (Article 6(1)(a)): marketing emails to subscribers who have opted in. You may withdraw consent at any time via the unsubscribe link in any email or by contacting us.
- Legal obligation (Article 6(1)(c)): retaining financial transaction records to comply with UK tax law and anti-money laundering regulations.
For special category data (we do not intentionally collect any), or where we are required to provide additional information, we will notify you separately.
6. Data Retention
We retain your personal data only as long as necessary for the purposes for which it was collected, unless a longer period is required by law.
- Account data: retained for the duration of your account and for 2 years after account closure, to handle disputes and re-enrolment requests.
- Financial records: retained for 7 years to comply with HMRC (UK tax authority) requirements.
- Marketing contact data: retained until you unsubscribe or request deletion, plus 1 year for our records of consent.
- Usage/analytics data: aggregated and anonymised after 26 months (Google Analytics default).
- Support communications: retained for 3 years.
Where data is no longer needed, it is securely deleted or anonymised in accordance with our data deletion schedule.
7. International Transfers
[NAME] Ltd is a UK company. When we transfer personal data outside the UK and EEA, we do so only with appropriate safeguards in place.
- Stripe Inc. (USA): Stripe is certified under the EU-US Data Privacy Framework and the UK Extension, providing adequate protection.
- Vercel Inc. (USA): transfers are protected by UK International Data Transfer Agreements (IDTAs) and EU Standard Contractual Clauses (SCCs).
- Google LLC (USA): Google Workspace and Analytics transfers are covered by SCCs and the Data Privacy Framework.
Users located in Ghana, Nigeria, and other African countries are also subject to local data protection laws (e.g., Ghana's Data Protection Act 2012, Nigeria's NDPR). We comply with applicable requirements in your jurisdiction. Contact us if you have jurisdiction-specific questions.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction.
- All data in transit is encrypted using TLS 1.3.
- Databases are encrypted at rest using AES-256.
- Access to personal data is restricted to authorised personnel on a need-to-know basis.
- We conduct regular security reviews and penetration testing.
- Payment card data is never stored on our servers — it is tokenised by Stripe at the point of capture.
Despite our efforts, no internet transmission or electronic storage system is completely secure. If you become aware of a security vulnerability, please report it to[SECURITY_EMAIL_ADDRESS].
Data breach notification: in the event of a breach affecting your rights and freedoms, we will notify you and the ICO within 72 hours of discovery, as required by UK GDPR Article 33.
9. Your Privacy Rights
Depending on your location, you have the following rights regarding your personal data. To exercise any of them, email [LEGAL_EMAIL_ADDRESS] with the subject line “Data Rights Request”. We will respond within 30 days (UK/EU GDPR) or 45 days (CCPA).
UK & EU Residents (UK GDPR / EU GDPR)
- Right of access: request a copy of all personal data we hold about you.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”): request deletion of your data where we have no legal basis to retain it.
- Right to data portability: receive your data in a machine-readable format and transfer it to another controller.
- Right to object: object to processing based on legitimate interests or for direct marketing.
- Right to restrict processing: request we suspend processing while a dispute is resolved.
- Right to withdraw consent: at any time for consent-based processing. Withdrawal does not affect prior lawful processing.
California Residents (CCPA / CPRA)
- Right to know what personal information we collect, use, disclose, and share.
- Right to delete personal information (with limited exceptions).
- Right to opt out of the sale or sharing of personal information. We do not sell personal information.
- Right to non-discrimination for exercising your rights.
Ghana Residents (Data Protection Act 2012)
- Right to access personal data held about you and to correct inaccurate data.
- Right to object to processing in certain circumstances.
Complaints
UK residents may complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. EU residents may contact their local supervisory authority.
10. Marketing Communications
We send the following types of communications:
- Transactional: receipts, course delivery, account notices. These are not marketing and cannot be opted out of while your account is active.
- Newsletter (Weekly Market Prep): sent to subscribers who opted in via our website form. You can unsubscribe at any time via the link in every email.
- Programme promotions:sent to existing customers about related services under the UK GDPR “soft opt-in” provision, or to those who have provided explicit consent.
We do not send unsolicited commercial messages (spam). We comply with the UK Privacy and Electronic Communications Regulations (PECR) and the EU ePrivacy Directive for all electronic marketing.
To unsubscribe from all marketing: click the “Unsubscribe” link in any marketing email, or email [LEGAL_EMAIL_ADDRESS].
11. Member Testimonials & Results
When you submit trading results, testimonials, or reviews to us:
- We may use this information in our marketing materials, social media, and website.
- We always seek your explicit consent before publishing your name and results.
- You may request removal of your testimonial from our marketing at any time by emailing[LEGAL_EMAIL_ADDRESS].
- Published testimonials include the member's first name and country. Full names or identifying details are only published with explicit written consent.
Results disclaimer: member results included on this website are self-reported and individual. They are not representative of typical outcomes. See our Earnings Disclosure for full context.
12. Third-Party Platforms
Our services integrate with or link to third-party platforms that have their own privacy policies. We are not responsible for those platforms' data practices.
- Discord:our community operates on Discord Inc.'s platform. Discord's Privacy Policy is available at discord.com/privacy.
- Prop firm partner links: when you click links to prop firms (FTMO, FundedNext, etc.), those sites have their own privacy policies. Some links may be affiliate links; see our Earnings Disclosure.
- YouTube:embedded videos use YouTube’s privacy-enhanced mode.
- Social media:our social profiles are operated by their respective platforms (X/Twitter, Instagram, Telegram, YouTube) under those platforms’ policies.
We recommend reviewing the privacy policies of any third-party service you interact with through our platform.
13. Children's Privacy
Our services are intended for adults aged 18 and over. We do not knowingly collect personal information from children under the age of 13 (or 16 in the EU, where local law requires a higher age for consent).
If we become aware that we have inadvertently collected data from a child under the applicable minimum age, we will delete that data promptly. If you believe we have collected data from a child, please contact [LEGAL_EMAIL_ADDRESS] immediately.
Parents and guardians who believe their child has provided personal information to us should contact us at the email above.
14. Educational Use Disclaimer
This section clarifies the scope of our data processing in the context of our educational services.
- [NAME] Ltd is an educational company, not a regulated financial adviser, investment manager, or broker.
- Personal data you share with us — including trading results, strategy questions, and performance metrics — is processed for the purpose of delivering educational and coaching services only.
- We do not use your data to provide personalised investment advice or to manage funds on your behalf.
- We do not share your personal data with financial regulators except where required by law.
- Our services are not regulated by the Financial Conduct Authority (FCA). Nothing on our platform constitutes financial advice under the Financial Services and Markets Act 2000 (FSMA).
Read our full Risk Disclaimer and Terms of Service for complete scope of our educational offering.
15. Policy Updates
We review and update this Privacy Policy periodically to reflect changes in our services, applicable laws, or data practices.
- Material changes: we will notify you by email and by displaying a prominent notice on our website at least 30 days before a material change takes effect.
- Minor changes:clarifications and non-substantive updates will be reflected by updating the ”Last Updated” date at the top of this page.
- Version history: prior versions of this policy are available on request by emailing [PRIVACY_EMAIL_ADDRESS].
Your continued use of our services after a policy update constitutes your acceptance of the revised policy, to the extent permitted by law.
16. Contact & Complaints
For all privacy-related enquiries, data subject access requests, or complaints:
[NAME] Ltd
[Registered Address, England]
Company No. 12345678
Legal enquiries: [LEGAL_EMAIL_ADDRESS]
Support: [SUPPORT_EMAIL_ADDRESS]
We aim to respond to all legal enquiries within 5 business days.
If you are not satisfied with our response, UK residents may escalate to the Information Commissioner‘s Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
- ICO casework address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
EU residents may contact their local data protection authority (DPA). A list of EU DPAs is available at edpb.europa.eu.
Related policies
![[NAME] Logo](/_next/image?url=%2Fassets%2Fimages%2Fcandles.webp&w=3840&q=75)