Privacy Policy

Your Privacy Rights & Data Protection
📅 Effective Date: 25-07-2024 | Last Updated: 25-08-202

🛡️ Your Privacy Commitment

InCommon Humans is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with GDPR (UK/EU) and CCPA (California/US) regulations.

Quick Summary: We only collect data necessary for providing our learning services, never sell personal information, and give you full control over your data.

📊 Information We Collect

Legal Basis for Processing: We process your data based on contract performance (providing our services), legitimate interests (improving our platform), and consent (where explicitly given).

Information You Provide Directly

  • Account Information: Name, email address, username, password
  • Profile Data: Optional profile photo, bio, learning preferences
  • Payment Information: Billing address, payment method details (processed by secure third parties)
  • Communication Data: Messages, support requests, feedback, community posts
  • Course Progress: Completion status, quiz results, learning achievements

Information Collected Automatically

  • Usage Data: Pages viewed, time spent, course interactions, feature usage
  • Device Information: IP address, browser type, device type, operating system
  • Analytics Data: User behavior patterns, platform performance metrics
  • Location Data: General location (country/region) for content delivery

🍪 Cookie & Tracking Information

We use cookies and similar technologies for essential platform functionality, analytics, and user experience improvements. See our detailed Cookie Policy for more information.

Third-Party Information

  • Social Login: If you log in via Google/Facebook, we receive basic profile information
  • Payment Processors: Transaction data from payment service providers
  • Marketing Partners: Campaign performance data (aggregated, non-personal)

🎯 How We Use Your Information

🎓 Primary Purpose: Learning Services

Your data primarily enables us to provide, personalize, and improve your learning experience on the InCommon Humans platform.

Service Provision & Account Management

  • Platform Access: Authenticate users and provide secure account access
  • Course Delivery: Track progress, save preferences, provide personalized recommendations
  • Payment Processing: Handle subscriptions, refunds, and billing inquiries
  • Customer Support: Respond to inquiries, resolve technical issues

Platform Improvement & Analytics

  • Usage Analytics: Understand how users interact with courses and features
  • Performance Optimization: Improve platform speed, reliability, and functionality
  • Content Enhancement: Analyze learning patterns to improve course effectiveness
  • Feature Development: Develop new features based on user needs and feedback

Communication & Marketing

  • Service Communications: Account updates, course announcements, security alerts
  • Educational Content: Tips, learning resources, course recommendations
  • Marketing Messages: New course launches, special offers (with consent)
  • Community Features: Discussion forums, peer interactions, achievements

📧 Email Communication Preferences

You Control Your Inbox: You can unsubscribe from marketing emails anytime while still receiving essential service communications. Use the unsubscribe link in emails or manage preferences in your account settings.

🤝 When We Share Your Information

Core Principle: We never sell your personal data. We only share information when necessary for service provision, legal compliance, or with your explicit consent.

Service Providers & Business Partners

  • Payment Processing: Stripe, PayPal for secure payment handling
  • Email Services: Automated email delivery and newsletter services
  • Cloud Storage: Secure data hosting and backup services
  • Analytics: Google Analytics, platform performance monitoring tools
  • Customer Support: Help desk and live chat service providers

🔗 Third-Party Data Processing Agreements

All service providers sign Data Processing Agreements (DPAs) ensuring they handle your data according to GDPR and privacy law requirements. They cannot use your data for their own purposes.

Legal & Safety Requirements

  • Legal Compliance: Court orders, legal processes, regulatory investigations
  • Platform Security: Preventing fraud, abuse, or security threats
  • User Safety: Protecting users from harm or illegal activities
  • Business Transfers: In case of merger, acquisition, or business sale

With Your Consent

  • Social Features: Sharing achievements or progress with community (when you choose)
  • Integrations: Connecting with external learning tools or calendars
  • Testimonials: Using your feedback in marketing (with explicit permission)

👤 Your Privacy Rights

🌍 Global Privacy Rights

UK/EU Users: Full GDPR rights including access, rectification, erasure, portability, and objection to processing.

California Users: CCPA/CPRA rights including right to know, delete, correct, and opt-out of sale.

All Users: Core privacy protections regardless of location.

🔍 Right to Access Your Data

  • Data Export: Download all your personal data in a portable format
  • Processing Information: Understand how and why we process your data
  • Third-Party Sharing: See who we've shared your data with and why
  • Data Sources: Learn where we obtained your information

✏️ Right to Correction & Updates

  • Profile Updates: Correct or update your account information anytime
  • Data Accuracy: Request correction of inaccurate or incomplete data
  • Contact Preferences: Update email preferences and communication settings

🗑️ Right to Deletion ("Right to be Forgotten")

  • Account Deletion: Permanently delete your account and associated data
  • Selective Deletion: Remove specific pieces of personal information
  • Legal Exceptions: Some data may be retained for legal or security purposes
  • Backup Removal: Data removed from active systems and backups

⚖️ Exercising Your Rights

How to Request: Contact our Data Protection Officer at [email protected] or use your account settings for most actions.

Response Time: We respond to privacy requests within 30 days (GDPR) or 45 days (CCPA).

Identity Verification: We may need to verify your identity before processing requests.

Additional Rights

  • Data Portability: Transfer your data to another service provider
  • Processing Objection: Object to processing based on legitimate interests
  • Automated Decision Opt-out: Avoid purely automated decision-making
  • Complaint Rights: Lodge complaints with supervisory authorities

🍪 Cookies & Tracking Technologies

📋 Cookie Summary

We use cookies for essential platform functionality, analytics, and user experience. You can control cookie preferences through your browser settings or our cookie consent manager. For detailed information, see our Cookie Policy.

Types of Cookies We Use

  • Essential Cookies: Required for platform functionality, login, security
  • Performance Cookies: Anonymous analytics to improve platform performance
  • Functional Cookies: Remember preferences, settings, and personalization
  • Marketing Cookies: Measure campaign effectiveness (with consent)

Managing Cookie Preferences

  • Cookie Banner: Adjust preferences via the cookie consent popup
  • Account Settings: Manage tracking preferences in your account
  • Browser Settings: Control cookies through browser privacy settings
  • Opt-Out Tools: Use industry opt-out mechanisms for advertising cookies

🔒 Data Security & Protection

🛡️ Security Measures

We implement industry-standard security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Technical Security

  • Encryption: All data encrypted in transit (SSL/TLS) and at rest (AES-256)
  • Access Controls: Strict employee access controls with multi-factor authentication
  • Regular Audits: Security assessments and penetration testing
  • Monitoring: 24/7 security monitoring and incident response

Organizational Security

  • Staff Training: Regular privacy and security training for all employees
  • Data Minimization: We only collect and retain necessary data
  • Incident Response: Documented procedures for security breaches
  • Vendor Management: Security requirements for all third-party providers

🚨 Data Breach Notification

In Case of Breach: We will notify affected users within 72 hours if a data breach poses high risk to your rights and freedoms, as required by GDPR and other applicable laws.

📅 Data Retention Periods

Retention Principle: We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy or as required by law.

Active Account Data

  • Account Information: Retained while your account is active
  • Course Progress: Retained indefinitely for your reference and certificates
  • Communication Data: Support tickets retained for 3 years
  • Analytics Data: Aggregated data retained for 7 years, personal identifiers removed after 2 years

Closed Account Data

  • Account Deletion: Most data deleted within 30 days of account closure
  • Legal Requirements: Some financial records retained for 7 years (tax/legal compliance)
  • Security Logs: Access logs retained for 12 months for security purposes
  • Anonymized Data: Non-personal analytics data may be retained indefinitely

Special Retention Periods

  • Payment Data: Transaction records kept for 10 years (financial regulations)
  • Legal Disputes: Data preserved during active legal proceedings
  • Fraud Prevention: Security-related data kept longer to prevent repeat offenses

📞 Contact & Data Protection

🔐 Data Protection Officer

Our Data Protection Officer oversees privacy compliance and handles all privacy-related inquiries, requests, and concerns.

Privacy Contact Information

Data Protection Officer: [email protected]

Privacy Inquiries: [email protected]

Data Subject Requests: [email protected]

Security Issues: [email protected]

Supervisory Authorities

  • UK Users: Information Commissioner's Office (ICO) - ico.org.uk
  • EU Users: Your local data protection authority
  • California Users: California Attorney General - oag.ca.gov
  • Other Jurisdictions: Relevant local privacy regulators

🌐 International Data Transfers

When we transfer data outside the UK/EU, we use appropriate safeguards such as Standard Contractual Clauses or adequacy decisions to ensure your data remains protected.

Updates to This Privacy Policy

  • Change Notifications: We'll notify you 30 days before significant privacy policy changes
  • Continued Use: Continued platform use after changes constitutes acceptance
  • Version Control: Previous versions available upon request
  • Regular Reviews: Policy reviewed annually and updated as needed

📋 Questions About This Policy?

If you have questions about this Privacy Policy or our data practices, please contact our Data Protection Officer at [email protected]. We're here to help you understand and exercise your privacy rights.