Legal

Privacy Notice

How iMentiX handles the personal data of people who visit imentix.ai and take our courses.

Draft for legal review — not yet in force. This is a thorough working draft, structured around the EU GDPR, to be reviewed and finalised by a qualified lawyer. It is not legal advice. Items marked [in brackets] are decisions only iMentiX and its counsel can confirm (registered entity, supervisory authority, retention periods, processor list, governing law). Replace those before publishing.

1. Controller & contact

The controller of your personal data is [iMentiX legal entity name and registered address — to confirm] ("iMentiX", "we", "us"). For any privacy matter, or to exercise your rights, contact [email protected]. [If a Data Protection Officer or EU representative is appointed, add their contact here.]

2. What we collect

Information you give us — your name and email when you contact us, join the founding cohort, or type your name onto a course diploma you choose to share with us.
Course activity — the courses run in your browser. Quiz/exam answers, scores and the diploma name stay on your device (local storage) unless you choose to send them to us; we do not silently collect them.
Technical & usage data — standard information your browser sends (approximate location from IP, device and browser type, pages viewed), and privacy-respecting analytics where enabled, to keep the site secure and understand usage.
Cookies / local storage — see §5.

We do not intentionally collect special-category data, and we do not sell personal data.

3. Why we use it, and our legal basis

Under the GDPR we rely on these legal bases:

Purpose	Legal basis (GDPR Art. 6)
Replying to you and providing the courses/site	Performance of a contract, or our legitimate interest in running the service
Founding-cohort communications you opt into	Consent
Security, fraud prevention, keeping the site working	Legitimate interests
Non-essential analytics / any marketing cookies	Consent
Meeting legal and accounting obligations	Legal obligation

Where we rely on consent you can withdraw it at any time; where we rely on legitimate interests you can object (see §7).

4. Service providers (processors) & recipients

We share personal data only with providers who process it on our instructions to operate the service, and where the law requires it. Our main processors are:

Processor	Purpose
Cloudflare, Inc.	Website hosting, CDN and security for imentix.ai
Google (Google Workspace)	Our email ([email protected] / [email protected])
[Analytics provider, if any — to confirm]	[Usage analytics]

Fonts are self-hosted on imentix.ai, so loading a page does not send your data to a third-party font CDN. We keep an up-to-date processor list and require each to provide appropriate safeguards. [Confirm final processor list and that a data-processing agreement is in place with each.]

5. Cookies & analytics

We aim to use only what is necessary to run the site, plus privacy-respecting analytics where enabled. Strictly necessary cookies/storage do not need consent; any non-essential or analytics/marketing cookies are set only after you consent, and you can decline or withdraw at any time. [If a consent banner / cookie table is used, link it here.]

6. International transfers

Some providers (e.g. Cloudflare, Google) may process data outside the European Economic Area, including in the United States. Where that happens, transfers are protected by an appropriate safeguard — typically the European Commission's Standard Contractual Clauses and/or an adequacy mechanism such as the EU–US Data Privacy Framework. You can ask us for details of the safeguard used. [Confirm the exact mechanism per provider.]

7. Your rights

If the GDPR applies to you, you have the right to: access your data; have it corrected; have it erased; restrict or object to processing; data portability; and withdraw consent at any time without affecting prior processing. To exercise any of these, email [email protected]; we respond within the legal time limits (normally one month). You also have the right to lodge a complaint with your data-protection supervisory authority — for example [your EU/EEA national authority; for Poland UODO, Slovenia IP-RS, Czechia ÚOOÚ; for Ukraine and Belarus the applicable national authority]. We honour comparable rights for users in Ukraine, Belarus and elsewhere to the extent local law provides them.

8. Retention & security

We keep personal data only as long as needed for the purposes above, then delete or anonymise it. [Set concrete retention periods, e.g. enquiry emails 24 months; cohort data: duration of cohort + 12 months.] We take reasonable technical and organisational measures to protect it.

9. Children

The courses and site are intended for adults and professional learners and are not directed at children under [16 / the digital-consent age in your country]. We do not knowingly collect their data.

10. Changes

We may update this notice; the current version always lives at this page, with the "last updated" date below.

Draft · last verified June 2026

Read the Terms of Use →