Information We Collect
1.1 Information You Provide Directly
We collect information you voluntarily provide when you interact with the Platform:
- Create an account — name, email address, password
- Purchase a course or service — name, billing details, email address (payment card data is handled exclusively by our payment processor and is never stored on our systems)
- Subscribe to our newsletter — name and email address
- Submit a consulting or booking enquiry — name, email, organisation, and details of your enquiry
- Join the Captain's Community — profile information you choose to provide
- Contact us directly — name, email address, and message content
1.2 Information Collected Automatically
When you visit the website, we may automatically collect certain technical information:
- Device and browser information — type, operating system, browser version
- IP address and approximate geographic location derived from it
- Pages visited, time spent on site, and referral source
- Cookies and similar tracking technologies — see Section 6 for full details
1.3 Information from Third Parties
We may receive limited information about you from third-party platforms where you interact with our content — such as LinkedIn, Instagram, Spotify, or Apple Podcasts — subject to your privacy settings on those platforms and their own privacy policies.
How We Use Your Information
We use the information we collect for the following purposes:
- Create and manage your account and course access
- Process transactions and send related confirmations, receipts, and access credentials
- Deliver newsletters, course content, podcast updates, and community features you have opted into
- Respond to enquiries and provide consulting, training, or service support
- Personalise your experience on the Platform where relevant
- Improve the website, courses, and services through analytics and usage data
- Send you updates about new content, courses, or services — only where you have provided consent
- Comply with our legal and regulatory obligations
We do not sell, rent, or trade your personal information to any third party for their marketing purposes. This is an absolute commitment.
Legal Basis for Processing
3.1 US Users — Legal Framework
For users in the United States, our data practices are governed by applicable federal law — including the Federal Trade Commission Act (FTC Act), the CAN-SPAM Act, and the Children's Online Privacy Protection Act (COPPA) — as well as applicable state privacy laws. We collect and use personal information only as described in this Policy and in a manner consistent with reasonable consumer expectations.
California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Virginia residents have rights under the Virginia Consumer Data Protection Act (VCDPA). Other US states with enacted privacy laws may provide similar rights. See Section 7 for full details on exercising your rights.
3.2 EEA & UK Users — GDPR Legal Basis
If you are located in the European Economic Area (EEA) or United Kingdom, we are required to identify a legal basis for processing your personal information. We rely on the following bases:
| Legal Basis | When We Use It |
|---|---|
| Contract | To fulfil a course purchase, service agreement, or other transaction with you |
| Legitimate Interests | To operate, improve, and protect the Platform and our business — where these interests are not overridden by your rights |
| Consent | For marketing communications such as newsletters and promotional emails — you may withdraw consent at any time without affecting prior processing |
| Legal Obligation | Where we are required to process data to comply with applicable law |
Sharing Your Information
We share your information only in the following limited and controlled circumstances:
4.1 Service Providers
We work with trusted third-party service providers who assist in operating the Platform — including email marketing platforms, payment processors, course delivery systems, website hosting, and analytics tools. These providers are contractually required to handle your data securely and only for the specific purposes we have authorised. They may not use your data for their own marketing purposes.
4.2 Legal Requirements
We may disclose your information if required to do so by law, regulation, court order, or governmental authority, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of any person or to prevent fraud or illegal activity.
4.3 Business Transfers
In the event of a merger, acquisition, sale of assets, or business restructuring, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have with regard to your personal data prior to the transfer taking effect.
Data Retention
We retain your personal information for as long as reasonably necessary to provide the services you have requested and to fulfil our legal, accounting, and compliance obligations. Our standard retention periods are:
| Data Type | Retention Period |
|---|---|
| Account and profile data | While account is active, plus 3 years after closure |
| Purchase and transaction records | 7 years (accounting and tax compliance) |
| Newsletter subscriber data | Until you unsubscribe |
| Enquiry and contact records | 2 years from last contact |
| Analytics and usage data | 26 months (aggregated) |
You may request deletion of your data at any time — see Section 7 for your rights.
Cookies
We use cookies and similar tracking technologies to enhance your experience on the Platform. Cookies are small data files placed on your device that help us recognise you, remember your preferences, and understand how the site is being used.
Types of Cookies We Use
- Essential cookies — required for the website to function (login sessions, shopping cart, security). Cannot be disabled without affecting core functionality.
- Analytics cookies — help us understand visitor behaviour and improve the Platform (e.g. Google Analytics). These are anonymised where possible.
- Marketing cookies — used to deliver relevant content and measure the effectiveness of our communications. Only placed with your explicit consent.
You can manage or disable non-essential cookies through your browser settings or via any cookie preference centre displayed on the site. Please note that disabling essential cookies may affect the functionality of the Platform.
Your Rights
Depending on your location and applicable law, you have the following rights regarding your personal information. We will respond to all verified requests within the timeframes required by law — generally within 45 days for US state law requests and 30 days for GDPR requests, with extensions where permitted.
7.1 Rights for All Users
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data, subject to legal retention requirements.
Right to Restriction
Request that we limit processing of your data in certain defined circumstances.
Right to Data Portability
Request your data in a structured, commonly used, machine-readable format.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
Withdraw Consent
Where processing is based on consent, withdraw it at any time without affecting prior processing.
Right to Complain
Lodge a complaint with your relevant data protection authority if unsatisfied with our response.
7.2 Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know — You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, our business purpose for collecting it, and the categories of third parties with whom we share it.
- Right to Delete — You may request deletion of your personal information, subject to certain exceptions permitted by law.
- Right to Correct — You may request correction of inaccurate personal information we maintain about you.
- Right to Opt Out of Sale or Sharing — We do not sell or share your personal information for cross-context behavioural advertising. If this practice ever changes, you will have the right to opt out and we will update this Policy accordingly.
- Right to Limit Use of Sensitive Personal Information — You may request that we limit use of sensitive personal information to purposes necessary for providing our services.
- Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights. You will not receive a different level of service or be charged a different price as a result of exercising these rights.
California residents may submit rights requests by emailing [email protected] with "California Privacy Request" in the subject line. We will verify your identity before processing your request and will respond within 45 days, with up to a 45-day extension where required.
7.3 Additional Rights for Virginia, Colorado & Other US State Residents
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with enacted consumer privacy laws have similar rights to access, correct, delete, and opt out of the processing of their personal data for targeted advertising or profiling. To exercise these rights, contact us at [email protected] with your state of residence and the right you wish to exercise.
To exercise any of the rights in this section, contact us at [email protected]. We may need to verify your identity before processing your request.
International Data Transfers
Captain Liam Devlin operates globally and works with service providers in various countries. Your information may therefore be processed in countries outside your own — including the United States and other countries where data protection laws may differ from those in your jurisdiction.
For users in the United States, your data may be processed by service providers operating in other countries. We select service providers that maintain appropriate security standards and are contractually bound to protect your information consistent with this Policy.
For users in the European Economic Area (EEA) or United Kingdom, where transfers of personal data to countries without an adequacy decision are required, we implement appropriate safeguards — such as Standard Contractual Clauses approved by the European Commission — to ensure your personal information receives an adequate level of protection. You may request details of the specific safeguards in place by contacting us.
Children's Privacy
The Platform is not directed at, and is not intended for use by, anyone under the age of 18. We do not knowingly collect or solicit personal information from anyone under 18.
With respect to children under the age of 13 specifically, we comply fully with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq. We do not knowingly collect, use, or disclose personal information from children under 13 without verifiable parental consent. We do not condition a child's participation in any activity on the disclosure of more personal information than is reasonably necessary.
If you believe that a child under 13 has provided personal information to us without verifiable parental consent, or that a child under 18 has accessed the Platform, please contact us immediately at [email protected] and we will take prompt steps to delete that information from our systems and close any associated account.
Security
We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, loss, or destruction. These measures include:
- Encrypted connections (SSL/HTTPS) across the entire Platform
- Secure, PCI-compliant third-party payment processing
- Access controls and authentication requirements on our internal systems
- Regular security reviews and updates
No method of transmission over the internet or electronic storage is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security. If you suspect your account has been compromised, please contact us immediately at [email protected].
Third-Party Platforms
Our Platform may link to or integrate with third-party platforms including LinkedIn, Instagram, Spotify, Apple Podcasts, YouTube, and others. These platforms operate independently and have their own privacy policies.
We are not responsible for the privacy practices or content of any third-party platform. We encourage you to review the privacy policies of any third-party services before interacting with them.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the technology we use, applicable law, or the way we operate the Platform. When we make changes, we will update the effective date displayed at the top of this page.
For significant changes that materially affect your rights or the way we use your personal information, we will notify registered users via email prior to the changes taking effect. Your continued use of the Platform following notification of any update constitutes your acceptance of the revised Policy.
Contact & Complaints
If you have any questions, concerns, or complaints about this Privacy Policy or the way we handle your personal information, please contact us:
US Privacy Requests
To submit a privacy rights request under the CCPA, VCDPA, or other applicable US state privacy law, please email [email protected] with the subject line "US Privacy Request" and include your full name, state of residence, and a description of the right you wish to exercise. We will verify your identity and respond within the timeframe required by your state's law.
US Complaints
If you believe your privacy rights have been violated and we have not adequately resolved your complaint, you may file a complaint with the Federal Trade Commission (FTC) at ftc.gov/complaint. California residents may also contact the California Privacy Protection Agency (CPPA) at cppa.ca.gov. We are committed to working with you to resolve any concerns before escalation becomes necessary.
EEA & UK Complaints
If you are located in the EEA or United Kingdom and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority — such as the Information Commissioner's Office (ICO) in the UK or your national data protection authority within the EEA.