Privacy Policy

1. Introduction

IA Software Agency (“we,” “us,” or “our”) operates the Indispensable Sprint platform. We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have regarding your data. It applies to all users of our website, platform, and services.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that data promptly.

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

• Full name
• Email address
• Password (stored in hashed form; we never have access to your plain-text password)
• Company name and professional role

2.2 Payment Data

When you make a purchase, payment is processed by Stripe. We receive and store:

• Stripe customer ID
• Transaction amount and date
• Last four digits of your payment card (for your reference)
• Billing address

We do not store full credit card numbers, CVV codes, or other sensitive payment details. These are handled exclusively by Stripe in accordance with PCI DSS standards.

2.3 Usage Data

We automatically collect certain information when you use the Service, including:

• Pages and modules viewed
• Course progress and completion status
• Device type, browser type, and operating system
• IP address (anonymized where possible)
• Date, time, and duration of visits
• Referring website or source

2.4 Enterprise Inquiry Data

If you submit an enterprise inquiry through our contact form, we collect your name, email address, company name, job title, and any information you voluntarily include in your message.

3. How We Use Your Data

We use your personal data for the following purposes:

• Provide the Service: To create and manage your account, deliver course content, track your progress, and grant access to the appropriate program tier.
• Process Payments: To process your purchase of the full program via Stripe, issue receipts, and handle refund requests.
• Communicate with You: To send transactional emails (e.g., account confirmations, payment receipts, program updates), respond to inquiries, and, with your consent, send marketing communications.
• Improve the Platform: To analyze usage patterns, identify issues, optimize content delivery, and develop new features.
• Advertising Measurement: With your consent, to measure the effectiveness of our advertising campaigns on Meta (Facebook/Instagram) and LinkedIn, and to track conversion events such as registration and purchase.
• Legal Compliance: To comply with applicable legal obligations, resolve disputes, and enforce our Terms and Conditions.

4. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

• Performance of a Contract: Processing your account and payment data is necessary to provide the Service you have purchased or registered for.
• Legitimate Interest: We process usage data and analytics to improve our platform and business operations, where this does not override your fundamental rights and freedoms.
• Consent: Where we send marketing communications or use non-essential cookies, we do so only with your explicit consent. You may withdraw this consent at any time.
• Legal Obligation: We may process data where necessary to comply with a legal obligation, such as tax reporting requirements.

5. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We share your data only with the following third parties, strictly as necessary to operate and promote the Service:

• Stripe (data processor and independent controller): For secure payment processing. Stripe receives your payment information directly and processes it under their own privacy policy and PCI DSS compliance. Stripe acts as an independent controller for fraud prevention purposes.
• Supabase (data processor): For authentication and database hosting. Your account data is stored on Supabase infrastructure in accordance with their security and privacy practices.
• Resend: For transactional and program-related email delivery (e.g., account confirmations, program updates, nurture sequences). Resend processes your email address and name on our behalf in order to send these communications. Resend acts as a data processor under our instructions.
• Meta (Facebook) Pixel (independent controller): With your consent, we use the Meta Pixel to measure the effectiveness of our advertising campaigns on Facebook and Instagram. When activated, Meta receives data such as page views and conversion events (e.g., registration, purchase) and processes this data as an independent controller for its own purposes, including ad optimization. This data is sent to Meta Platforms Ireland Ltd. and may be transferred to Meta Platforms, Inc. in the United States. The Meta Pixel is only activated if you accept marketing cookies. For more information, see Meta's Privacy Policy.
• LinkedIn Insight Tag (independent controller): With your consent, we use the LinkedIn Insight Tag to measure the effectiveness of our advertising on LinkedIn. When activated, LinkedIn receives data such as page views, URL, referrer, device and browser characteristics, and conversion events, and processes this data as an independent controller for its own purposes. This data is sent to LinkedIn Ireland Unlimited Company and may be transferred to LinkedIn Corporation in the United States. The Insight Tag is only activated if you accept marketing cookies. For more information, see LinkedIn's Privacy Policy.
• Vercel (data processor): For hosting the website and delivering content reliably and securely. Vercel processes server logs (including IP addresses) on our behalf as part of normal web hosting operations.

We may also disclose your data if required to do so by law or in response to valid legal process, such as a court order or government request.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account data is retained for as long as your account is active. If you delete your account, we will delete or anonymize your data within 30 days, except where we are legally required to retain it.
• Payment records are retained for a minimum of 7 years to comply with tax and accounting obligations.
• Usage data is retained in anonymized or aggregated form and may be kept indefinitely for analytics purposes.
• Enterprise inquiry data is retained for up to 24 months after your last interaction with us, unless you request earlier deletion.
• Marketing cookie data collected by Meta and LinkedIn is subject to their respective retention policies. When you withdraw consent, we stop sending new data to these providers, but data already transmitted is retained by them in accordance with their own privacy policies.

7. Your Rights

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data.
• Right to Erasure: You have the right to request deletion of your personal data, subject to certain legal exceptions.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.
• Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at contact@getindispensable.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority. Our lead supervisory authority is the Office of the Commissioner for the Protection of Personal Data Rights of Cyprus (www.dataprotection.gov.cy).

8. Cookies

Our platform uses cookies and similar technologies to provide and improve the Service. Essential cookies are used to manage your authentication session through Supabase. We also use marketing cookies from Meta (Facebook) and LinkedIn, but only if you explicitly consent by clicking “Accept All” on our cookie banner. You can withdraw your consent at any time.

For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS. We enforce HTTP Strict Transport Security (HSTS).
• Password security: User passwords are hashed using industry-standard algorithms and are never stored in plain text.
• Access controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. Database access is protected by Row Level Security (RLS) policies.
• Security headers: We deploy industry-standard security headers to protect against common web vulnerabilities.
• Payment security: All payment data is handled by Stripe, a PCI DSS Level 1 certified processor. We never store full card details.

While we take reasonable precautions to protect your data, no method of transmission over the internet or electronic storage is 100% secure. If you become aware of any security breach, please notify us immediately at contact@getindispensable.com.

10. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including to our service providers such as Supabase, Stripe, Resend, Vercel, Meta, and LinkedIn, whose infrastructure may be located in the United States or other jurisdictions.

Where such transfers occur, we ensure that appropriate safeguards are in place to protect your personal data, including Standard Contractual Clauses (SCCs) approved by the European Commission, reliance on the EU-US Data Privacy Framework where applicable, or other approved transfer mechanisms. You may request a copy of the safeguards in place by contacting us.

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you, as described in Article 22 of the GDPR.

12. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

See also our Terms and Conditions and Cookie Policy.