Legal

Privacy Policy

Last updated: May 2025·Applies to: symbiostudio.ai and all associated services

SymbioStudio Ltd is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, and how we handle it — in plain English. We operate under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. By using SymbioStudio you confirm that you have read and understood it.

01

Who We Are

SymbioStudio Ltd is the data controller for all personal data collected through this platform. We are a UK-based company operating an AI-native professional community platform at symbiostudio.ai.

SymbioStudio is a platform where professionals, creators and curious minds connect around artificial intelligence — sharing knowledge, accessing certifications and regulatory resources, trading AI tools and services, and collaborating through expert-led communities.

For all privacy-related enquiries, contact us at privacy@symbiostudio.org.

02

What Data We Collect

We collect only what is necessary to provide and improve the platform. This includes:

Account & Profile Information

  • Email address — required to create and secure your account
  • Display name and username
  • Professional role, industry and bio (optional, set by you)
  • Profile photograph (optional, uploaded by you)

Usage Data

  • Pages and features you access, and how often
  • Session duration and navigation patterns
  • Device type, browser and operating system
  • IP address and approximate location derived from it

Points & Community Activity

  • Points earned and spent, including transaction history
  • Posts, comments, questions and replies you publish
  • Spaces you join and your level of participation
  • Courses, certifications and Store purchases you complete

Payment Information

Payments are processed by PayPal and Stripe. We do not store your card number, bank details or full payment credentials. We receive only a payment confirmation, your billing plan and a tokenised reference from the payment processor. PayPal and Stripe are independent data controllers for payment data they process.

03

Why We Collect It

We collect personal data for the following purposes, each with a lawful basis under UK GDPR:

To provide the platform and your account

Performance of a contract

Creating your account, displaying your profile, enabling you to post and participate in Spaces.

To process payments and manage subscriptions

Performance of a contract

Handling Premium and Elite membership billing via PayPal and Stripe.

To maintain security and prevent fraud

Legitimate interests / Legal obligation

Detecting abuse, protecting accounts, and complying with applicable laws.

To improve the platform

Legitimate interests

Understanding how features are used so we can fix problems and build better ones.

To personalise your experience

Legitimate interests

Surfacing relevant content, Spaces and recommendations based on your activity.

04

How Data Is Stored

We take the security of your data seriously. Personal data is handled as follows:

  • All data is transmitted over encrypted connections (HTTPS/TLS)
  • Data is stored on secure, access-controlled servers
  • Access to personal data is restricted to authorised personnel only, on a need-to-know basis
  • We conduct regular reviews of our security practices and those of our service providers
  • Databases holding personal data are encrypted at rest

We retain your personal data for as long as your account is active. If you delete your account, your profile and personal data will be removed within 30 days. Billing records may be retained for up to 7 years as required by UK tax law.

Our hosting infrastructure is provided by Vercel. Data may be processed in the UK, the EEA or the United States. Where transfers outside the UK occur, appropriate safeguards — including Standard Contractual Clauses — are in place.

05

How Data Is Shared

We do not sell your data. Ever.

Your personal data is never sold, rented or traded to third parties. It is never shared with advertisers or used for behavioural advertising.

We share data only in the following limited circumstances:

Payment processors (PayPal & Stripe)

To process membership payments and subscription billing. They receive only what is necessary to complete the transaction.

Hosting infrastructure (Vercel)

To serve the platform. Vercel processes data as our data processor under a signed data processing agreement.

Authentication provider (Clerk)

To manage secure sign-in and account sessions.

Legal or regulatory authorities

Where required by law, court order, or a legitimate request from a UK regulatory or law enforcement authority. We will notify you where legally possible before complying.

06

Your Rights Under UK GDPR

You have the following rights over your personal data. To exercise any of them, email privacy@symbiostudio.org. We will respond within 30 days.

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Ask us to correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ('right to be forgotten').

Right to Export

Receive your data in a portable, machine-readable format.

Right to Restrict Processing

Ask us to limit how we use your data in certain circumstances.

Right to Object

Object to processing based on legitimate interests or direct marketing.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) — the UK's independent data protection authority — at ico.org.uk or by calling 0303 123 1113.

07

Cookies

We use essential cookies only. These are the minimum required for the platform to function — they manage your login session and keep your account secure.

  • Session cookies — keep you logged in during your visit
  • Authentication tokens — issued by our auth provider (Clerk) to verify your identity
  • Security cookies — protect against cross-site request forgery (CSRF)

We do not use third-party advertising cookies, tracking pixels, or any cookies that follow you across other websites. We do not use cookies for behavioural advertising or to build advertising profiles.

You can manage or delete cookies through your browser settings. Disabling essential cookies will prevent you from signing in to the platform.

08

Age Restrictions

SymbioStudio is intended for users aged 16 and over. This is in line with the UK GDPR minimum age for digital consent.

Users under the age of 16 may only use SymbioStudio with the verifiable consent of a parent or legal guardian. If you are a parent or guardian and believe your child has registered without consent, please contact us at privacy@symbiostudio.org and we will delete the account promptly.

We do not knowingly collect personal data from children under 13. If we become aware that we have done so without appropriate consent, we will delete that data immediately.

09

Contact Us

For any questions, concerns or requests relating to your privacy or this policy, please contact our data protection team:

Email: privacy@symbiostudio.org

Subject line: Privacy Enquiry

Response time: Within 5 business days for general enquiries; within 30 days for formal rights requests

We take all privacy communications seriously and will acknowledge your message promptly.

© 2025 SymbioStudio Ltd. Registered in England and Wales.

HomePricingStore