The Upgrade Project Privacy Policy

This Privacy Policy sets out how Sumantha McMahon trading as The Upgrade Project uses and protects information that you give us when you use this website and our services. This policy is effective from 25 May 2018 to reflect our compliance with the GDPR (the General Data Protection Regulation).

What information do we collect and what do we do with it?

Our courses, resources and site is hosted by Thinkific Labs Inc. (“Thinkific”). They provide us with the online course creation platform that allow us to sell our product/services to you.  

Your data is stored through Thinkific’s data storage, databases and the general Thinkific application. They store your data on a secure server behind a firewall.

When you enrol as a student or subscriber (“learner”) on our site or related courses, as part of the enrolling process, we collect the personal information you give us such as your name and email address.

Email marketing (ConvertKit LLC): we may send you emails about our site and related course(s), registration, course content, your course progress or other updates. We may also use your email to inform you about changes to the course, survey you about your usage, or collect your opinion.

Your data is also collected by:

    Xero Limited - accounting software for invoicing private tuition clients. 

    Sumantha’s phone when email and telephone correspondence has been exchanged.

Data is not shared with any other party unless legally required to do so.

For private tuition, your personal data will not be shared unless concerns are raised under child protection where we have a duty of care to a child. In these circumstances, we have a duty of care to pass on the child’s details to the relevant authorities.


When you provide us with personal information to become a learner on our site, make a purchase, or participate in the course, you imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent or provide you with an opportunity to say no.

Third-Party Services

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

Certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our course website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service/Use/Conditions.

When you click on links on our course site, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.


If you make a purchase on our site, we use a third party payment processor such as Stripe or GoCardless. Payments are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our site and related courses and its service providers.

For more insight, you may also want to read Thinkific’s Terms of Service here or Privacy Statement here .

    Stripe, Inc - payment processor for card payments.

    GoCardless Ltd. - payment processor for direct debit payments.

What Data is being collected?

Email Subscribers – we will hold your email address, name, and data on times you have visited the site & opened emails.

Students and Purchases through website – we will hold your name, email, payments made (no card details are held as payments are made through GoCardless or Stripe), and progress of the courses that you have undertaken.

Cookies -  our website may use cookies (small text files that are added to a computer when visiting a website) to know who you are, help the site perform certain functions, and for tracking purposes, for example we use Google analytics to understand general traffic.

What will we do with your data? Do we share data?

As a subscriber, your data will be used to send email newsletters informing you of new features, resources, and available courses.

Members may receive additional emails confirming the courses and upcoming courses which will be available to them.

Tuition students will receive additional details of their progress, results of tests, and helpful resources.

Where students over the age of 13 have provided consent, correspondence will be sent to students with parents copied in.

Where quotes, lesson snippets, exemplars or any other material used for marketing purposes, student identities will be concealed. 

How long is your data kept?

All data is kept for the purposes of contact. Subscribers emails will be maintained on file until such time that the subscriber unsubscribes from the list.

Student’s lesson data for tuition is held for a period of up to two years following the final lesson, unless deletion is specifically requested.

Payment details are maintained for 7 years for tax purposes. All payments are processed via GoCardless or Stripe to protect the data security of website users.

What rights do I have to see, change, or delete my data?

Subscribers, members, and students may request a digital copy of all data held about them by Sumantha McMahon trading as The Upgrade Project. We will provide a digital copy of this within 30 days of a written request to the email address held on file.

Subscribers, members, and students may request an amendment to any personal details at any time to ensure that your data is correct and up to date.

Subscribers, members, and students may request deletion of their data under the right to be forgotten by submitting a written request. This data will be deleted within 30 days.  Please note, however, that for child protection reasons tuition cannot be continued after information is deleted and that terms and conditions regarding cancellation remain the same.

Excluded within this right to deletion are payment details and any data relating to child protection or legal concerns raised.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website and we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites. Such sites are not governed by this Privacy Policy.

Our contact details

You may contact us to discuss this policy and how we use your personal information and to exercise your rights under the GDPR at any time using the following contact details