Privacy Policy

1. Who we are

West London AI Workshop is operated by Adanna Bankole and Ebele Muorah. We deliver cohort-based AI training programmes for professionals in West London. Our contact address for data-related matters is [email protected].

UK data protection law applies to all data we hold. We comply with the UK GDPR and the Data Protection Act 2018.

2. What data we collect

We collect the following personal data when you create an account or book a cohort:

• Identity data — your full name
• Contact data — your email address and, optionally, phone number
• Professional data — your profession and company or firm name
• Transaction data — details of cohort bookings and membership payments, including amounts paid and enrollment status
• Account data — login credentials (password stored as a secure hash; we never see it in plain text)

We do not collect or store card numbers, CVV codes, or bank account details. All payment data is handled entirely by Stripe (see section 5).

3. How we use your data

We use your personal data for the following purposes:

• To create and manage your account
• To process cohort bookings and confirm your place
• To manage annual membership billing and status
• To send you booking confirmations, session reminders and cohort updates
• To provide access to the alumni resource library
• To respond to enquiries and support requests
• To comply with our legal and financial record-keeping obligations

Our lawful basis for processing is contract performance (to deliver the service you have booked) and legitimate interests (programme communications). Where we rely on legitimate interests we have weighed these against your rights and concluded the processing is proportionate.

4. Where your data is stored

Account, profile and enrollment data is stored in Supabase, a cloud database provider. Data is held in the EU (Ireland region) and is protected by industry-standard encryption in transit and at rest.

We do not transfer your personal data outside the UK or EEA except via sub-processors (Supabase, Stripe) who maintain adequate data protection standards.

5. Payment data and Stripe

All payment processing is handled by Stripe, Inc., a PCI DSS Level 1 certified payment processor. When you enter card details, they are sent directly to Stripe's servers — we never receive or store them.

We store only a Stripe customer ID against your account so we can manage billing and subscriptions. Stripe's privacy policy is available at stripe.com/privacy.

6. Data sharing and third parties

We do not sell, rent or share your personal data with third parties for marketing purposes.

We share data only with the following sub-processors to deliver our service:

• Supabase — database and authentication
• Stripe — payment processing and subscription billing

We may disclose data if required to do so by law or to protect our legal rights.

7. How long we keep your data

We retain your account and enrollment records for as long as your account is active and for up to 6 years afterwards, as required for financial record-keeping under UK law. If you request deletion, we will delete or anonymise your data within 30 days except where retention is legally required.

8. Your rights

Under UK GDPR you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — request deletion of your data (subject to legal retention obligations)
• Restriction — ask us to limit how we use your data
• Portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interests

To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

We use only essential cookies required for authentication (to keep you signed in). We do not use tracking, analytics or advertising cookies.

10. Changes to this policy

We may update this policy from time to time. The date at the top of this page reflects when it was last revised. Continued use of the service after a change constitutes acceptance of the updated policy.