Privacy Policy
This Privacy Policy explains what personal information uxpeak ("we", "us", "our") collects about you, why we collect it, how we use and share it, and what rights you have. It applies to uxpeak.com and our courses, playbooks, memberships, and related services (the "Services").
We take your privacy seriously. We collect only what we need, keep it secure, and we don't sell it. This policy is written to comply with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 ("PECR"), the EU GDPR where it applies, and the California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA").
Who's the data controller
The data controller responsible for your personal data is uxpeak, a sole trader registered in the United Kingdom. Our address for formal notices is Uxpeak, Unit 121228, PO Box 6945, London, W1A 6US. For all privacy questions, data-subject requests, and complaints, please email us at support@uxpeak.com — this is the fastest route and we respond to all requests within 30 days (usually much faster).
What we collect and why
| Category | What & why |
|---|---|
| Account data | Name, email, password (hashed), country. Used to create and secure your account and deliver what you bought. |
| Payment data | Billing name, billing address, last 4 digits of card, transaction ID. Full card details are processed by our payment provider (Stripe / PayPal) and never touch our servers. |
| Course activity | Lessons watched, progress, quiz results, certificates earned. Used to save your progress and improve the course. |
| Communications | Emails and messages you send us, support tickets, survey responses. Used to reply to you and improve our Services. |
| Device & usage data | IP address, browser, device type, operating system, pages viewed, referring URL, timestamps. Used for security, debugging, and analytics. |
| Cookies & similar | See the Cookies section below. |
| Marketing preferences | Your email-subscription status. Used only if you've asked to hear from us. |
Our legal bases (UK GDPR / EU GDPR)
We only process your personal data where we have a lawful basis to do so under Article 6 of the UK GDPR (and EU GDPR, where it applies):
- Performance of a contract (Art. 6(1)(b)) — to deliver what you bought, run your account, process payments, issue certificates, and provide support.
- Legitimate interests (Art. 6(1)(f)) — to keep the Services secure, prevent fraud and abuse, understand aggregate usage, improve our products, protect our intellectual property, and pursue or defend legal claims. We've balanced these interests against your rights and freedoms.
- Consent (Art. 6(1)(a)) — for optional cookies, analytics, and marketing emails. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
- Legal obligation (Art. 6(1)(c)) — to keep tax, VAT, accounting, and anti-fraud records required by UK law (typically 6+ years under HMRC rules).
Who we share it with
We don't sell your personal data. We share it only with service providers who help us run uxpeak, and only under strict contracts:
- Payment: Stripe, PayPal (payment processing, fraud prevention).
- Hosting & infrastructure: our website hosting and content delivery providers.
- Email: transactional and marketing email providers (for order receipts, course access, newsletters).
- Analytics: privacy-friendly analytics tools to understand aggregate usage.
- Support & customer service: ticketing or inbox tools we use to reply to you.
- Professional advisors: accountants and lawyers, when strictly necessary.
- Authorities: if required by law, court order, or to protect our rights and users.
- Business transfers: if uxpeak is sold or restructured, your data may transfer under the same protections.
International transfers
Some of our providers are located outside the UK/EEA (including in the United States). When we transfer personal data outside the UK, we rely on appropriate safeguards recognised under UK GDPR, which may include: UK adequacy regulations, the UK International Data Transfer Agreement ("IDTA"), the UK Addendum to the EU Standard Contractual Clauses, or other valid transfer mechanisms. You can ask us for a copy of the safeguards by emailing support@uxpeak.com.
How long we keep it
We keep your data only as long as needed for the purpose we collected it, plus any period required by law:
- Account data — while your account is active, plus up to 24 months after deletion (to allow us to respond to disputes and comply with legal obligations).
- Payment & invoice data — 6 years after the end of the tax year in which the transaction occurred (required by HMRC), extending to 10 years for VAT MOSS records where applicable.
- Marketing data — until you unsubscribe, then removed from active marketing lists within 30 days (a suppression record is kept so we don't email you again by mistake).
- Support tickets — up to 3 years after the ticket is closed.
- Analytics / server logs — typically up to 24 months, aggregated or anonymised sooner where possible.
- Dispute / fraud records — up to 7 years where necessary to defend or bring legal claims.
Your rights
Depending on where you live, you may have the right to:
- Access a copy of the personal data we hold about you.
- Correct data that's inaccurate or incomplete.
- Delete your data ("right to be forgotten"), subject to legal retention obligations.
- Restrict or object to certain processing, including direct marketing.
- Portability — receive your data in a machine-readable format.
- Withdraw consent at any time, without affecting past processing.
- Complain to your local data-protection authority. In the UK that's the Information Commissioner's Office (ICO) — ico.org.uk/make-a-complaint or 0303 123 1113. We'd really appreciate the chance to sort things out first, so please email us before you go to the ICO.
To exercise any of these rights, email support@uxpeak.com. We'll respond within 30 days (or sooner where required, and we may extend by a further 60 days for complex requests, telling you why). Requests are free, but we may charge a reasonable fee or refuse requests that are manifestly unfounded, excessive, or repetitive, as UK GDPR allows.
California residents (CCPA / CPRA)
If you live in California, you have rights to know, delete, correct, and limit the use of your personal information, and to opt out of its "sale" or "sharing". We do not sell or share personal information for cross-context behavioral advertising. To exercise your rights, email support@uxpeak.com. We won't discriminate against you for using your rights.
Cookies
We use cookies and similar technologies to keep you logged in, remember preferences, secure the site, and understand aggregate usage. We use:
- Strictly necessary — required to run the site (login, checkout, security). These can't be turned off.
- Analytics — help us see which pages and lessons are most useful. Only set with your consent where required.
- Marketing — only if you've opted in. You can opt out any time.
You can control cookies in your browser settings. Turning off some cookies may break parts of the Services.
Security
We use industry-standard safeguards — HTTPS everywhere, hashed passwords, access controls, encrypted backups, and vetted providers. No system is 100% secure, but we work hard to protect your data. If we ever have a breach affecting your personal data, we'll notify you and the relevant authority as the law requires.
Children
The Services are not intended for children under 13 (or 16 in parts of the EU). We don't knowingly collect data from children. If you believe a child has given us data, email us and we'll delete it.
Third-party links
Our site links to third-party tools like Figma, YouTube, or payment providers. Their privacy practices are their own — please read their policies before using them.
Automated decisions
We don't make decisions about you using only automated processing that would produce legal or similarly significant effects.
Changes to this policy
We may update this policy from time to time. We'll change the "Last updated" date at the top and, for material changes, notify you by email or in-product notice. Continuing to use the Services after changes means you accept the updated policy.
Contact
Questions, requests, or concerns about your data? Email support@uxpeak.com. We'll reply within 2 business days.
← Back to homepage