Module Six is operated as a sole trader business based in England. We provide an online learning app at app.modulesix.co.uk and a marketing website at modulesix.co.uk.
For the purposes of UK data protection law, Module Six is the data controller responsible for your personal data.
Contact: You can reach us at hello@modulesix.co.uk for any questions about this policy or how we handle your data.
We collect only the data we need to provide the service. We do not collect more than is necessary.
When you create an account, we collect your name and email address. This is required to identify your account and send you essential communications such as payment receipts.
If you make a purchase, payments are processed by Stripe. We do not receive or store your full card number, expiry date, or CVV. Stripe provides us with a token reference confirming a successful payment, along with the last four digits of your card and card type for your records. Stripe's own privacy policy applies to the data they process: stripe.com/gb/privacy.
The app records your progress through the course: which topics you have completed, your question scores, and your overall readiness percentage. This data is stored against your account and used solely to power your personal dashboard and readiness report.
We do not use analytics tools, advertising trackers, or any third-party scripts that collect browsing behaviour. We do not use cookies beyond those strictly necessary for the app to function.
Under UK GDPR, we must have a lawful basis for processing your personal data. The table below sets out what we process, why, and on what basis.
| Data | Purpose | Lawful basis |
|---|---|---|
| Name and email address | Creating and managing your account | Contract: necessary to perform the service you have signed up for |
| Email address | Sending payment receipts and essential service communications | Contract: necessary to perform the service |
| Payment token from Stripe | Confirming your purchase and unlocking paid content | Contract: necessary to perform the service |
| Progress and score data | Powering your dashboard, readiness report, and revision queue | Contract: necessary to deliver the core functionality of the app |
| Email address | Responding to support enquiries | Legitimate interests: responding to direct requests you have made |
We do not use your data for marketing purposes without your explicit consent. We do not send promotional emails unless you have opted in.
We keep your account data for as long as your account is active. If you request deletion of your account, we will delete your personal data within 30 days, except where we are required by law to retain certain records.
Payment records, including the Stripe transaction reference and the amount paid, are retained for six years in accordance with UK tax and accounting obligations.
Progress and score data is deleted when your account is deleted.
We share your data only where necessary to provide the service. We do not sell your data. We do not share your data with advertisers.
| Third party | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Name, email address, payment card details. Stripe processes this data under their own privacy policy and as a data processor acting on our behalf. |
| Cloudflare | Website and app hosting, content delivery | IP address and request data as part of normal web infrastructure. Cloudflare's privacy policy applies: cloudflare.com/privacypolicy |
No other third parties receive your personal data.
Your account and progress data is stored on servers within the UK and European Economic Area (EEA). Cloudflare operates a global network but contractually commits to GDPR-compliant data handling.
Stripe is a US-based company. They are certified under the EU-US Data Privacy Framework and use Standard Contractual Clauses to ensure an adequate level of protection for personal data transferred outside the UK and EEA.
Under UK GDPR you have the following rights regarding your personal data. To exercise any of these rights, contact us at hello@modulesix.co.uk. We will respond within one month.
If you are not satisfied with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.
ICO website: ico.org.uk
ICO helpline: 0303 123 1113
We use cookies only where strictly necessary for the app to function. This includes session cookies that keep you logged in while you use the app. We do not use advertising cookies, tracking cookies, or any cookies from third-party advertising networks.
Because we use only strictly necessary cookies, we are not required to request your consent for them under PECR (Privacy and Electronic Communications Regulations). No cookie banner is shown because there is nothing optional to consent to.
Module Six is intended for adults. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided us with personal data, please contact us at hello@modulesix.co.uk and we will delete it promptly.
We may update this policy from time to time. When we do, we will update the date at the top of this page. If we make a significant change that affects how we use your personal data, we will notify you by email.
Continued use of the app after a policy update constitutes acceptance of the updated terms.
If you have any questions about how we handle your data, or if you want to exercise any of your rights, get in touch.
Email: hello@modulesix.co.uk
We aim to respond to all data-related requests within one month as required by UK GDPR.