Privacy Policy

Mustard Investments Ltd is the data controller responsible for your personal data. If you have questions about this policy or your data, you can contact us at privacy@mustardinvestments.com.

We collect the following types of personal data: Account Information: When you create an account, we collect your email address, display name, and profile picture (if you choose to upload one). If you sign in with Google, we receive your name and email from your Google account. Learning Data: We record your course progress, quiz scores, XP earned, badges unlocked, streak data, and other gamification metrics to personalise your learning experience. Usage Data: We collect information about how you interact with our platform, including pages visited, features used, and time spent on lessons. Device Information: We may collect your browser type, operating system, and device type for analytics and to improve our service.

We use your personal data for the following purposes: • To provide and maintain your account and personalised learning experience • To track your progress through courses, quizzes, and challenges • To calculate and display gamification features (XP, levels, badges, streaks, leaderboards) • To send you important account notifications (e.g. password resets) • To improve our platform, content, and user experience • To ensure the security and integrity of our service We process your data on the basis of contractual necessity (to provide the service you signed up for) and legitimate interest (to improve our platform).

Your data is stored securely using Google Firebase services, including Firebase Authentication and Cloud Firestore. These services are provided by Google LLC and data is processed in accordance with Google Cloud's security standards and certifications. We implement appropriate technical measures to protect your data, including encrypted connections (HTTPS/TLS), Firebase Security Rules to restrict database access, and secure authentication flows. While we take reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

We do not sell your personal data to third parties. We share data only with the following service providers who help us operate the platform: • Google Firebase — authentication, database, and file storage • Google Analytics — anonymised usage analytics (if enabled and you consent to analytics cookies) These providers process data on our behalf and are bound by data processing agreements. We do not share your personal data with advertisers or marketing companies.

We use a limited number of cookies: Essential Cookies: Required for authentication and keeping you signed in. These cannot be disabled as the platform cannot function without them. Analytics Cookies: Used to understand how visitors use our platform via Google Analytics. These are only set if you consent via our cookie banner. For more details, see our Cookie Policy.

We retain your personal data for as long as you have an active account with us. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain certain records. Anonymised, aggregated data (which cannot identify you) may be retained indefinitely for analytics and platform improvement.

Under the UK GDPR, you have the following rights: Right of Access: You can request a copy of the personal data we hold about you. Right to Rectification: You can ask us to correct inaccurate or incomplete data. Right to Erasure: You can ask us to delete your personal data (the "right to be forgotten"). Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format. Right to Restrict Processing: You can ask us to limit how we use your data. Right to Object: You can object to processing based on legitimate interest. To exercise any of these rights, contact us at privacy@mustardinvestments.com. We will respond within one month.

Our platform is designed for users aged 16 and over. We do not knowingly collect personal data from children under 16. If you are under 16, please do not create an account. If we learn that we have collected data from a child under 16 without parental consent, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our platform or by email. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the platform after changes are posted constitutes your acceptance of the updated policy.

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at: Email: privacy@mustardinvestments.com Mustard Investments Ltd London, United Kingdom You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection: ico.org.uk.