Privacy Policy

Last updated: 29 April 2026

This Privacy Policy explains how Powercademy Ltd (“Powercademy”, “we”, “us”) collects, uses, and protects your personal data when you use the Powercademy platform at powercademy.com (the “Service”). We are the data controller for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We aim to be straightforward about what we collect and why. If anything here is unclear, email us at support@powercademy.com and we’ll explain.

1. Who we are

  • Company: Powercademy Ltd, registered in England and Wales (company number 16247693)
  • Registered address: C/O Aardvark Accounting, 1 Cedar Office Park, Cobham Road, Wimborne, BH21 7SB, United Kingdom
  • Contact for privacy questions and data requests: support@powercademy.com

2. What personal data we collect

We only collect what we need to run the Service. Specifically:

  • Account information: your name, email address, and (optionally) profile photo, display name, bio, timezone, and region. If you sign in with Google or Microsoft, we receive your name and email from that provider — nothing more.
  • Authentication data: your hashed password (we never see or store the plaintext) and OAuth tokens issued by Google or Microsoft if you use social sign-in.
  • Subscription and billing information: your current subscription tier and status, and the customer / subscription identifiers issued by Stripe. We do not see or store your payment-card details — those go directly to Stripe (see Section 5).
  • Learning activity:which courses you’re enrolled in, lessons you’ve started or completed, lab progress, and the timestamps of each.
  • Community contributions: posts, replies, reactions, and any images you upload to the community.
  • Support and feedback: messages you send us via the in-product feedback button or by email, and any screenshots you choose to attach.
  • Newsletter subscription: if you sign up for the Power Hour newsletter (e.g. via the Success Kit), we record your email address and the fact that you opted in. You can unsubscribe at any time from any email we send.
  • Technical and usage data: last sign-in time, last active time, and (via our hosting and authentication providers) IP address and browser user-agent for security and abuse prevention.

3. Why we process your data, and our lawful basis

Under UK GDPR we need a lawful basis for every type of processing. Here’s ours:

  • To provide the Service (contract): creating and running your account, processing subscription payments, delivering course content, tracking your progress, and operating the community.
  • To keep the Service working safely (legitimate interest): authentication, fraud prevention, security monitoring, abuse investigation, community moderation, and preventing spam.
  • To improve the Service (legitimate interest): understanding which features are used so we can fix bugs and prioritise improvements. We do not run third-party analytics or behavioural tracking on the platform.
  • To send you transactional emails (contract):sign-up confirmation, password resets, billing receipts, and important Service notices. You can’t opt out of these while you have an account.
  • To send the Power Hour newsletter (legitimate interest, with opt-out):if you signed up for our Success Kit or otherwise asked to hear from us, we’ll send periodic newsletters about new content, courses, and platform updates. Every email contains a one-click unsubscribe link.
  • To meet our legal obligations: retaining tax records, responding to lawful requests from authorities, and complying with UK consumer-protection law.

4. Who we share your data with

We don’t sell your data. We do share specific information with the service providers (“processors”) we rely on to run the Service. Each one only receives what it needs:

  • Supabase— authentication and database hosting. Your account data lives here. Hosted in the EU (Frankfurt).
  • Vercel— web hosting and content delivery for the platform itself. United States, with edge nodes globally.
  • Stripe— subscription payments and tax invoices. Stripe receives your name, email, and payment details directly when you check out. We only receive Stripe’s customer and subscription identifiers — never card numbers. Stripe retains payment records for as long as required by financial-services law. United States, EU–US Data Privacy Framework certified.
  • Resend— transactional email delivery (sign-up, password reset, billing receipts). Receives your email address and the relevant message body. United States.
  • Mailchimp (a service of Intuit) — newsletter delivery, only if you’ve subscribed. Receives your email address and any tags relevant to which list you’re on. United States, EU–US Data Privacy Framework certified.
  • Bunny CDN— video hosting and streaming for course content. Does not receive your account data; only the video files themselves and standard delivery telemetry. Slovenia, EU.

We may also share information when legally required (e.g. in response to a court order or regulatory request) or to protect Powercademy or another user from harm or fraud.

5. International transfers

Some of our processors are based in the United States (Stripe, Resend, Mailchimp, and Vercel). Where personal data is transferred outside the UK, we rely on the UK extension to the EU–US Data Privacy Framework, the UK’s International Data Transfer Agreement, and/or Standard Contractual Clauses to ensure your data receives equivalent protection.

6. Cookies and tracking

We only use cookies that are strictly necessary for the Service to work:

  • A Supabase authentication cookie that keeps you logged in
  • A small “last active” cookie used to throttle activity- tracking writes to the database

Stripe sets its own cookies during checkout; that’s governed by Stripe’s own privacy notice. We do not run Google Analytics, any marketing pixels, or any other tracking technology. Because we only set strictly-necessary cookies, we don’t need a cookie-consent banner under PECR. If we ever add analytics or marketing cookies, we will ask for your consent first.

7. How long we keep your data

  • Account data and learning history:we keep this for as long as your account exists. We do not automatically delete inactive accounts — if you want your data removed, ask us (see Section 9) and we’ll delete it.
  • Community content: kept while your account exists. When you delete your account we remove your posts, replies, and reactions.
  • Payment records:Stripe retains a record of transactions to comply with financial-services and tax law (typically 6 years in the UK). We don’t hold a separate payment-record archive ourselves.
  • Newsletter:if you unsubscribe, Mailchimp retains a suppression entry (so we don’t accidentally re-add you), but on request we can remove your identifiable record entirely.
  • Backups: our database backups may retain already-deleted data for up to 30 days before they roll off.

8. How we keep your data safe

We use industry-standard practices: encrypted connections (HTTPS) for all traffic, encrypted-at-rest storage on managed databases, hashed passwords (we never see your plaintext password), row-level access controls so users can only see their own data, and regular dependency and security updates. No system is perfect, but we take this seriously.

9. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you
  • Rectifyinaccurate data — you can edit most of this yourself in Settings
  • Eraseyour data (the “right to be forgotten”) — you can delete your account directly from Settings › Privacy, or email us
  • Restrict or object to our processing
  • Data portability— receive a machine-readable copy of your data
  • Withdraw consent at any time, where consent is the basis for processing (e.g. unsubscribing from the newsletter)
  • Complain to the Information Commissioner’s Office (ICO) if you think we’ve handled your data badly: ico.org.uk/make-a-complaint

To exercise any of these rights, email us at support@powercademy.com. We aim to respond within 30 days. We may need to verify your identity before acting on a request.

10. Children

Powercademy is intended for use by people aged 16 or over. We do not knowingly collect personal data from anyone under 16. If you believe a child has signed up to the Service, please contact us and we will delete the account.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes (for example, adding a new processor or starting a new category of processing), we will notify you by email and/or with an in-product notice at least 30 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

12. Contact

For any privacy or data-protection question, or to exercise any of the rights listed above:

  • Email: support@powercademy.com
  • Post: Powercademy Ltd, C/O Aardvark Accounting, 1 Cedar Office Park, Cobham Road, Wimborne, BH21 7SB, United Kingdom