Privacy Policy

Draft for legal review. This describes how your data is actually handled, but must be reviewed and finalised by Aspect Network’s legal / data-protection adviser before public launch. It is not legal advice.

Who controls your data

Aspect Network is the data controller for the personal data you provide when you create an account and use Aspect.

Aspect runs on the getTWOit platform. getTWOit acts as a data processor, processing your data only on Aspect Network’s instructions in order to deliver the service.

What we collect

  • Account details — your name, email address, and a password (kept securely by our authentication provider).
  • Profile — optional photo, bio and interests you add during onboarding.
  • Learning activity — courses you join, your progress, and the micro-credentials you earn.
  • Payments — for paid courses, handled by our payment processor. We never store your card number.
  • Technical data — device/browser information and cookies needed to run the site securely.

Why we use it, and our legal basis

  • To provide your account and courses — performance of our contract with you (UK/EU GDPR Article 6(1)(b)).
  • To send essential service emails (verification, receipts, account notices) — necessary for the contract.
  • To keep the service secure and working — our legitimate interests (Article 6(1)(f)).
  • Marketing — only if you opt in, on the basis of your consent (Article 6(1)(a)), which you can withdraw at any time.

Who processes your data

Aspect Network uses the following processors to run Aspect:

  • Google Firebaseauthentication, database and hosting (EU / US).
  • SendGrid (Twilio)transactional email (verification, receipts) (US).
  • Stripepayments for paid courses (US / EU).
  • Cloudinaryimage hosting (avatars, course artwork) (EU / US).

International transfers

Some of these processors are outside the UK/EEA (for example, the US). Where personal data is transferred, it is protected by appropriate safeguards such as Standard Contractual Clauses or an adequacy decision (e.g. the UK/EU–US Data Privacy Framework). [Legal to confirm the exact mechanisms.]

How long we keep it

We keep your account data while your account is active and for a limited period afterwards, then delete or anonymise it. [Legal to set exact retention periods.]

Your rights

Under UK/EU GDPR you can ask to access, correct, delete, restrict or port your data, and object to certain processing — and withdraw consent at any time. You also have the right to complain to your data-protection supervisory authority (in the UK, the Information Commissioner’s Office).

Contact

To exercise any of these rights or ask about this policy, contact Aspect Network [add data-protection contact email].