Privacy policy

Last updated: 6th June 2026

This Privacy Policy explains how TheInvestmentAnalyst.com Ltd ("we", "us", "our") collects, uses, shares, and protects your personal data when you use our website (www.theinvestmentanalyst.com and its sub-domains), the InsightOne application, and our in-person and online training (together, the "Services").

We are the data controller for the personal data described in this Policy. We are committed to processing your data lawfully, fairly, and transparently in accordance with the UK GDPR and the Data Protection Act 2018 (and the EU GDPR where it applies to EU-based users).

1. Who we are & how to contact us
Controller: TheInvestmentAnalyst.com Ltd, a company registered in [England & Wales] under company number [#######].
Registered address: 71-75 Shelton St, London WC2H 9JQ 
Privacy contact: support@theinvestmentanalyst.com

2. The personal data we collect
Depending on how you use the Services, we may collect:

Account & profile data: name, username, email, password (stored hashed), job title/profession, and learning-profile details you choose to provide (goals, experience, focus areas).
Learning data: your progress, course activity, assessment results, and usage of features within the InsightOne app and our learning platform.
Payment data: billing details and card information are collected and processed by our payment provider; we do not store full card numbers ourselves.
Communications: messages you send us (support, email, enquiries) and your marketing preferences.
Technical & usage data (collected automatically): IP address, device, browser type and version, operating system, referring/exit pages, on-site activity, and cookie data (see §5).
Demographic data you provide (e.g. country, interests).
We collect this data when you create an account or start a trial, use the Services, make a purchase, attend training, contact us, or browse the website.

3. How we use your data and our lawful bases

What we do / Lawful basis (UK GDPR Art. 6)
Provide your account, courses, the InsightOne app, and training / Contract — to deliver the Services you signed up for
Maintain, secure, and improve the Services; prevent fraud/abuse / Legitimate interests — running a safe, reliable, improving product
Send service/transactional messages (e.g. account, billing) / Contract / legitimate interests
Send marketing emails and show relevant advertising / Consent (you can withdraw at any time — see §10)
Non-essential cookies and analytics / Consent (via the cookie banner — see §5)
Keep financial/tax records and meet legal obligations / Legal obligation

We will tell you if we need to use your data for a new purpose not covered here.

4. Automated tools and AI
Some features (e.g. AI-powered coaching and recommendations in InsightOne) use automated processing to personalise your learning experience. These tools support your learning; they do not make decisions that produce legal or similarly significant effects about you. Where we use third-party AI services, we send only the information needed and do not share your data for those providers to train their own models. Some content may be AI-generated or AI-assisted and is provided for educational purposes only.

5. Cookies and similar technologies
We use cookies and similar technologies, grouped as:

Strictly necessary: required for the site to function (e.g. login/session). Always on.
Functional: remember your preferences and choices.
Analytics: measure and improve performance (e.g. Microsoft Clarity — heatmaps, session replay).
Marketing: deliver and measure relevant advertising (e.g. Microsoft Advertising).

You control non-essential cookies through our cookie banner and your browser settings. For how Microsoft processes data collected via these tools, see the Microsoft Privacy Statement.

6. Who we share your data with
We do not sell your personal data. We share it only with:
Service providers (processors) who help us run the Services under contract and only on our instructions, including: LearnWorlds (our learning-platform host), our cloud hosting/database provider, our payment provider, email/communications providers, and analytics/advertising providers (Microsoft). [Confirm and complete this list — see the sub-processor register.]
Professional advisers, regulators, or authorities where required by law.

A buyer or successor if we sell or restructure the business (you will be informed — see §12).

7. International data transfers
Some of our providers are located outside the UK/EEA (including the United States). Where your data is transferred internationally, we ensure an appropriate safeguard is in place — such as a UK International Data Transfer Agreement / Addendum, the EU Standard Contractual Clauses, or a finding of adequacy (e.g. the UK Extension to the EU-US Data Privacy Framework) — so your data receives equivalent protection.

8. How long we keep your data
We keep personal data only as long as necessary:
Account & learning data: for as long as your account is active, then deleted or anonymised within [e.g. 12 months] of account closure, unless we must keep it longer.
Financial/tax records: retained for [6 years] to meet legal obligations.
Marketing data: until you withdraw consent or object.
Analytics/cookie data: per each provider's retention period.
Our full retention schedule is available on request.

9. How we protect your data
We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, audit logging, and secure, vetted infrastructure providers. See our Security Statement for more detail. No method of transmission or storage is 100% secure, but we work to protect your data and to notify you and the regulator of any breach where required.

10. Your rights
Under UK GDPR you have the right to:

Be informed about how we use your data (this Policy);
Access a copy of your data — free of charge, normally within one month;
Rectify inaccurate or incomplete data;
Erase your data ("right to be forgotten") in certain circumstances;
Restrict or object to our processing, including an absolute right to object to direct marketing;
Data portability receive your data in a portable format;
Withdraw consent at any time where we rely on consent;
Not be subject to solely automated decisions with legal/significant effects.

To exercise any right, contact us at [privacy@theinvestmentanalyst.com]. We support data access and deletion requests through a documented process. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113,  though we'd ask you to contact us first so we can help.

11. Marketing
We send marketing only where you have consented. Every marketing email includes an unsubscribe link, and you can change your preferences or opt out at any time via your account or by contacting us.

12. Changes of business ownership
If we sell or transfer part of our business, relevant data may transfer to the new owner under the terms of this Policy. We will inform you in advance and give you the choice to have your data withheld or deleted before any transfer.

13. Children
The Services are intended for adults (18+) [confirm minimum age]. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

14. Changes to this Policy
We may update this Policy from time to time. We will post any changes here and update the "Last updated" date; for material changes we will take reasonable steps to notify you.

15. Contact us
Questions about this Policy or your data: support@theinvestmentanalyst.com].
Postal: 71-75 Shelton St, London WC2H 9JQ