Leaders LoopPrivacy Policy
Leaders Loop (leadersloop.com) is a leadership skills toolkit, editorial profiles, a 360° feedback app and instructor-led learning groups. For this policy, the service is operated by Mybizopz Ltd, United Kingdom ("we", "us"). This policy explains what personal data we collect, why, how long we keep it, and the rights you have. We handle personal data in line with the UK GDPR and the Data Protection Act 2018.
The personal data we collect
- Account details: your name, email, password (stored only as a secure hash), and optionally your role and organisation, when you create a leader account.
- 360° feedback: the assessments you create, and the ratings and comments exchanged within them. This includes feedback you give about another named person when you take part in their 360, and feedback others give about you. Individual responses are pooled by relationship group in reports and are not shown in isolation.
- Skill-check results: your attempts, scores and any completion badges, awards or credentials earned.
- Bookings, enquiries & payments: name, email, organisation and any message when you book a learning group or make an enquiry. Card payments are taken by our payment processor (Stripe); we do not see or store full card numbers.
- Technical & security data: IP address, browser user-agent and security-relevant events (such as sign-in attempts), used to run the service and investigate abuse.
- Usage analytics: first-party, aggregate statistics about how the site is used (pages viewed, approximate country, device type, how you arrived). This is measured with our own cookies; we do not profile you, track you across other sites, or use third-party advertising trackers. See our Cookie Policy.
Why we use it, and our lawful basis
- To provide the service you ask for: accounts, assessments, skill-checks, bookings and support (performance of a contract, or steps taken at your request).
- To take payment: for paid plans, learning-group bookings and additional seats (performance of a contract).
- To keep the service secure: preventing unauthorised access and abuse via security logging and rate limiting (our legitimate interests).
- To understand and improve the service: first-party, aggregate analytics relied on with your consent where required, and otherwise on our legitimate interest in maintaining and improving the site; you can withdraw or change your choice at any time.
We do not sell your personal data, and we do not use it for third-party advertising.
Who we share it with
Your data is processed on our own infrastructure (Amazon Web Services, London region). We use a small number of service providers ("processors") who act on our instructions:
- Cloudflare: content delivery and edge security for the site.
- Stripe: payment processing for paid plans, bookings and seats (UK payments via our UK entity, Australian payments via our Australian entity). We never store card numbers.
- Amazon Web Services: application and database hosting, and transactional email (Amazon SES) for things like sign-in and booking confirmations.
Semantic search over the toolkit runs on a self-hosted model, so search queries are not sent to a third-party AI provider. Fonts and on-page diagrams are served from our own servers, so simply browsing the site does not disclose your details to font or script CDNs. We otherwise share personal data only where required by law.
International transfers
Depending on which entity you deal with, your data may be processed in the United Kingdom, Australia, or other countries where our processors operate. Where data is transferred across borders, we rely on appropriate safeguards (such as adequacy decisions or standard contractual clauses) so that it remains protected.
How long we keep it
- Account & assessment data: kept while your account is active and erased when you delete your account. An account inactive for 36 months may be removed after notice.
- Booking & enquiry records: retained for 24 months after the booking or last contact, then removed or anonymised, except where we must keep financial records longer to meet tax and accounting obligations.
- Security & access logs (IP, user-agent, sign-in events) : retained for up to 13 months for monitoring and investigation, then deleted.
- Usage analytics: de-identified on account deletion and otherwise retained only in aggregate; session identifiers expire within 12 months.
- Email-verification & password-reset tokens: single-use and expire within hours; expired tokens are purged automatically.
These periods are enforced by a scheduled purge.
Your rights
Subject to the UK GDPR and the Data Protection Act 2018, you can ask to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Where we rely on consent (for example, analytics cookies), you can withdraw it at any time without affecting prior processing.
You can delete your own account and all of its data at any time from your account settings. This permanently removes your account, your assessments and their responses, your skill-check history and credentials, and your bookings and enquiries.
To exercise any other right, contact us at support@leadersloop.com. We respond within the time required by law (one month under the UK GDPR; a reasonable period under the Australian Privacy Act). In the UK you can complain to the Information Commissioner's Office (ICO) at ico.org.uk.
Children
Leaders Loop is intended for working professionals and is not directed at children. We do not knowingly collect personal data from anyone under 16.
Changes to this policy
We may update this policy from time to time. We will change the "last updated" date above and, for material changes, take reasonable steps to bring them to your attention.
Contact
Questions about this policy or your data: support@leadersloop.com.