Superintelligent Academy

Superintelligent Academy (Thinkific)
Controller: Superintelligent Group AB (Org.nr 559213-4836)
Address: Ekerödsgatan 13, 254 47 Helsingborg, Sweden
Contact: Thomas Dalebring, [email protected]
Effective date: [insert date]

1. Scope

This Privacy Policy explains how Superintelligent Group AB (“we”, “us”) processes personal data in connection with Superintelligent Academy (the “Academy”), including our Thinkific-based learning platform, websites, customer support, community features, and marketing.

2. Categories of personal data we process

We process the following categories (as applicable to your use):

• Account and identity data: name, email address, username, password (stored by platform provider), role (e.g., learner/admin).

• Customer and billing data: billing address, company/municipality information, VAT/Org number (if provided), purchase history.

• Payment data: handled primarily by Stripe (we receive confirmation and limited payment metadata; we do not store full card details).

• Learning and engagement data: course enrollments, progress, completion status, quiz/assignment responses, certificates, attendance, timestamps.

• Community and communications: posts, comments, messages, submissions, support tickets, survey responses.

• Technical data: IP address, device and browser info, log data, session data, approximate location (derived from IP), identifiers/cookies.

• Marketing preferences: consent/opt-in status, subscription settings, campaign engagement (opens/clicks where enabled).

3. Purposes and legal bases (GDPR Art. 6)

We process personal data for the following purposes and legal bases:

• Provide the Academy and deliver purchased services (account access, course delivery, progress tracking) — Contract.

• Customer support and service communications — Contract and/or Legitimate interests.

• Payments, invoicing, accounting, fraud prevention — Contract and Legal obligation (e.g., bookkeeping).

• Platform security, abuse prevention, audits — Legitimate interests and, where applicable, Legal obligation.

• Analytics and improvement (usage statistics, performance, UX) — typically Consent for non-essential cookies; otherwise Legitimate interests where permitted and configured.

• Marketing communications (newsletters, promotions) — Consent (and in certain B2B contexts, Legitimate interests where allowed). You can opt out anytime.

• Compliance and legal claims — Legal obligation and/or Legitimate interests.

4. Cookies, analytics, and marketing technologies

We use cookies and similar technologies to:

• operate essential platform functions (authentication, session management),

• measure and improve performance and usage,

• support marketing and retargeting where enabled.

Non-essential cookies/trackers (e.g., Google Analytics and advertising pixels such as Meta/LinkedIn) are used only where we have a valid legal basis, typically your consent via a cookie banner/consent tool. You can change preferences in your browser and/or our cookie settings (where available). Note that disabling certain cookies may affect functionality.

5. AI use notice (EU AI Act–aware transparency)

We use AI tools from OpenAI, Google, and Microsoft to create and edit course content (e.g., drafts, summaries, question generation, language improvements).

• No personal data is entered into these AI tools as part of our content creation process.

• We do not use AI for automated decision-making that produces legal or similarly significant effects on individuals (GDPR Art. 22).

• Where content is AI-assisted, we apply human review and editorial control before publication.

• If we ever introduce user-facing AI features, we will update this policy and provide any required notices and controls.

6. Sharing and recipients (processors and independent controllers)

We share personal data only as needed for the purposes above, including with:

• Thinkific (learning platform hosting and delivery) as a processor/sub-processor.

• Stripe (payment processing). Stripe acts as a processor and/or independent controller for certain operations (depending on configuration).

• Analytics/marketing providers (e.g., Google, Meta, LinkedIn) where enabled and lawful.

• Email and support tools (newsletter delivery, customer support systems) where enabled.

• Professional advisors (accountants, auditors, legal counsel) where necessary.

• Authorities where required by law.

We maintain appropriate agreements (e.g., Data Processing Agreements) with processors where required.

7. International data transfers

Some service providers may process data outside the EU/EEA (e.g., the United States). Where personal data is transferred internationally, we use appropriate safeguards such as:

• European Commission Adequacy Decisions (where applicable), and/or

• Standard Contractual Clauses (SCCs) and supplementary measures where required.

8. Data retention

We retain personal data only as long as necessary:

• Account and learning data: for as long as your account is active and typically up to 24 months after inactivity or account closure (unless you request deletion earlier and we can comply).

• Support communications: typically up to 24 months after resolution.

• Accounting/transaction records: as required by applicable law (often 7 years for bookkeeping/tax documentation in Sweden).

• Marketing data: until you withdraw consent/opt out, plus a short suppression period to ensure your preferences are honored.

9. Your rights (GDPR)

You have the right to:

• access your personal data,

• rectify inaccurate data,

• request erasure (with legal exceptions),

• restrict processing,

• data portability (where applicable),

• object to processing based on legitimate interests,

• withdraw consent at any time (does not affect processing already done),

• lodge a complaint with a supervisory authority (in Sweden: IMY).

Requests can be submitted to [email protected]. We may need to verify your identity before responding.

10. Security

We implement appropriate technical and organizational security measures (e.g., access controls, least privilege, encryption in transit where supported, monitoring, and vendor security reviews). No system is perfectly secure; users should also protect their credentials.

11. Children

The Academy is intended for users 16+. We do not knowingly collect personal data from children under 16. If we learn we have collected such data, we will delete it where required.

12. Updates to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the platform and/or email where appropriate.