Privacy Policy

Introduction

Acorn Aspirations Ltd trading as Teens in AI (company number 09349572), registered in England and Wales, with its registered office at 50 Woodgate, Leicester, LE3 5GF, United Kingdom (“Teens in AI”, “we”, “us” or “our”), is the data controller for the purposes of the UK General Data Protection Regulation (UK-GDPR) and the Data Protection Act 2018.

This Privacy Policy applies specifically to our learning platform, AI Adventures, which is hosted on and delivered via the third-party learning management provider Thinkific (Thinkific Labs Inc.).

This policy explains how we process personal data relating to our online programmes designed to teach foundational and advanced skills in artificial intelligence, data science, and technology to young people.

This Privacy Policy should be read alongside our Terms of Use and our Cookie Notice (see Section 11 below).

1. Child Safeguarding and Core Privacy Principles

Because our platform is designed primarily for young people, we adhere to strict data protection, data minimisation, and safeguarding standards:

• No Peer-to-Peer Interaction: Our platform does not allow interactions between users, and users cannot create their own content. This design choice eliminates risks related to online bullying or unmonitored communication.

• AI-Assisted Educational Content: Some educational materials may be developed or enhanced using generative AI tools. All content is reviewed by subject-matter experts before publication and delivery to learners. 

• No Commercial Profiling or Targeted Advertising: We do not use personal data for automated profiling, targeted advertising, or any form of commercial monetisation. We do not show external advertisements in any of our courses.

• No Marketing Exploitation: We do not sell, rent, or otherwise provide personal data to third parties for their own marketing purposes.

2. Information We Collect

We collect and process the following information relative to your activities on the platform, which may include your personal data:

• Account Registration & Enrolment Data: Full name, email address, and login details required for setting up an account and enrolling on the platform.

• Participant Context Data: School or organisation affiliation, gender, date of birth, age, and country or region.

• Course Progress & Activity Data: Platform metrics including course progress, quiz results, feedback, and certificates achieved.

• Enquiries and Support Feedback: If you contact us directly with platform enquiries or technical support requests, we retain the content of your enquiry to assist you.

• Transaction Records: When you access paid-for content or a course, we keep information related to your purchases, such as billing address, order numbers, and payment method. Payments are handled securely by third-party processors (Stripe and PayPal); Teens in AI does not store payment card details.

3. Special Category Data

We do not intend to process Special Category Data (as defined under Article 9 of the UK-GDPR) in connection with the AI Adventures platform. In the exceptional circumstance where such data becomes relevant — for example, strictly for safeguarding or legal compliance purposes — it will only be processed where explicitly agreed in writing between Teens in AI and the relevant institutional partner, and where a lawful basis under Article 9 applies.

4. How We Use Your Information & Lawful Bases

Under the UK-GDPR, we are required to identify a lawful basis for every processing activity on the platform:

• Performance of a Contract: Where processing is necessary to perform a contract with you (or your institutional provider) or to take steps at your request before entering a contract, such as registering you as a platform user and delivering the programmes to you.

• Legitimate Interests: Where processing is necessary for our legitimate interests, provided they are not overridden by your rights. These include responding to your enquiries, communicating platform updates, analysing usage patterns to improve our programmes, and ensuring child safety, platform security, and the prevention of fraud or harassment.

• Legal Obligation: Where processing is necessary to comply with a legal obligation, such as adhering to safeguarding legislation or complying with HMRC requirements by retaining financial and transaction records.

• Consent: Where you (or your parent or guardian) have given us explicit consent for a specific purpose, such as subscribing to our newsletter. Consent can be withdrawn at any time by contacting [email protected].

5. Children and Parental or Legal Guardian Consent

Our platform is designed for young people. We fully appreciate that children and young people require particular protection when their personal data is collected and processed, as they may be less aware of the risks involved. Accordingly, we only use their data for the limited purposes of providing our programmes and have safeguarding policies in place for our personnel, programme partners, and speakers.

Where required by applicable law, we obtain parental or guardian consent before processing children's personal data. We may also rely on consent provided through a participating school, educational institution, or programme partner where appropriate. 

Parents and guardians may at any time request access to, correction of, or deletion of their child’s data by contacting us at [email protected]. We will respond to such requests within 30 days.

If a parent or guardian believes that their child has provided us with information without their consent, they should contact us immediately at [email protected]. We will delete such information from our records within a reasonable time.

6. Data Sharing and Authorised Recipients

We do not sell your personal information. We only share platform data with the following categories of recipients to successfully deliver our services:

• Thinkific Labs Inc.: Our third-party learning platform host. Thinkific collects, processes, and stores participant data (enrolment records, course progress, and quiz results) on our behalf as a data processor.

• Google Workspace: We utilise secure Google Cloud services for our internal administrative data storage and communication logistics.

• Payment Processors (Stripe and PayPal): To process course and programme payments under their own strict privacy policies.

• Mixpanel, Inc.: We use Mixpanel as an analytics and product insights platform to better understand how learners interact with our website and learning platform. Mixpanel may collect information such as page visits, clicks, navigation patterns, device information, browser type, session activity, course engagement metrics, and other usage data. This information is used to monitor platform performance, improve user experience, analyse course engagement, identify technical issues, and support the ongoing development of our educational services. Mixpanel processes this information on our behalf in accordance with applicable data protection laws and its own privacy and security commitments. 

• Meta Platforms Ireland Ltd.: We may use Meta Pixel technologies to measure the effectiveness of our outreach, understand website conversions, and improve awareness of our educational programmes. Meta may receive information relating to website visits, page interactions, referral sources, and other event-based activity in accordance with user cookie preferences. 

• Brevo (Sendinblue SAS): We use Brevo to manage communications, newsletters, registration workflows, and related engagement activities. Brevo may process contact details, email interaction metrics, subscription preferences, and related communication records on our behalf. 

• Google Analytics (Google Ireland Ltd.): We use Google Analytics to understand website usage, improve platform performance, measure engagement, and identify technical issues. Google may collect information such as device characteristics, browser information, approximate location data, page interactions, and usage metrics, subject to user cookie preferences. 

• Schools and Institutional Partners: If your access is facilitated by your school, an NGO, or an educational partner, we share course completion data, progression tracking, and certification milestones with them under our formal Data Processing Agreement.

• Other Service Providers: Trusted sub-processors bound by equivalent data protection obligations to support essential tools like platform reporting, collaboration systems, or technical support tools.

• Legal and Regulatory Authorities: Where required by law, or where necessary to protect the vital interests, rights, safety, or property of Teens in AI, our users, or others.

7. International Data Transfers

Teens in AI is a UK organisation. However, because our services leverage cloud-based architecture, your information may be processed internationally:

• Thinkific Labs Inc. is headquartered in Canada, a country formally recognised by the UK and the European Commission as providing an adequate level of data protection.

• Google Workspace stores data across multiple geographically dispersed, highly secure data centres, applying logical isolation to safeguard all data segments.

Where we transfer your data outside of the UK and/or EEA to countries without an adequacy regulation, we ensure that appropriate, approved safeguards are actively maintained, such as the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs).

8. Data Retention and Deletion Protocols

We retain platform personal data only for as long as is necessary to fulfil the purposes for which it was collected:

• Course Enrolment and Activity Data (via Thinkific): Retained for the duration of a participant’s active enrolment plus three (3) years, after which it is permanently deleted or anonymised.

• Institutional/School Controls: Sponsoring schools and institutional partners may request the complete deletion of their participants’ data at any time by contacting us at [email protected], which overrides our standard retention timelines.

• Financial and Transaction Records: Maintained for six (6) years in strict compliance with statutory HMRC requirements.

• Anonymised Analytics: Metrics related to completed courses may be fully anonymised for reporting and evaluation purposes and retained indefinitely in that anonymised form.

• Course Certificates: Certificates issued upon successful completion of a course may remain accessible to the learner for an appropriate period beyond the standard enrollment retention window, to allow continued access to evidence of achievement.

9. Technical Security and Platform Integrity

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, alteration, or disclosure:

• Encrypted Transmission: All sessions, logins, and interactions across our digital platforms utilise encrypted transmission protocols (TLS/SSL).

• Access Controls & Multi-Factor Authentication: Platform data access is strictly limited to authorised personnel under a framework of restricted permissions and multi-factor authentication checkpoints.

• Data Segregation & Audit Logging: Personal data is kept separate from other operational parameters where appropriate, backed by periodic review audits of system access permissions.

• Incident Management & Breach Notification: In the event of a personal data breach posing a risk to individuals, we will notify the Information Commissioner's Office (ICO) within 72 hours. Where a breach impacts data processed on behalf of a school or institutional partner, we will notify that partner within 48 hours. Notification will include, where available: the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address it.

10. Your Legal Rights

Under the UK-GDPR, you (and, where applicable, your parent or guardian) maintain complete control over your platform footprint, including the following rights:

• Right of Access: The right to request a complete copy of the personal data we hold about your platform activity.

• Right to Rectification: The right to correct or update inaccurate contact information or registration data.

• Right to Erasure (“The Right to be Forgotten”): The right to request that your learner profile and platform data be fully deleted.

• Right to Restrict or Object: The right to restrict the processing of your data or object to specific administrative activities.

• Right to Data Portability: The right to receive a digital copy of your provided data in a structured, automated format.

To exercise any of these rights, please contact us at [email protected]. We verify identity to protect user security and will respond within 30 days.

11. Third-Party Platform Policies

Because our programmes are delivered entirely within the Thinkific infrastructure, your usage is also subject to Thinkific’s underlying privacy protections and architectural sub-processing guidelines. We encourage institutional partners, parents, and users to review these frameworks directly:

• Thinkific Privacy Policy: View their comprehensive platform safety protocols at  https://www.thinkific.com/privacy-policy/.

• Thinkific Sub-Processors Policy: View their technical delivery infrastructure and sub-processors at https://www.thinkific.com/thinkificsubprocessors/.

12. Cookie Notice

What are cookies?

Cookies are small text files placed on your device when you visit or use a website or platform. They are widely used to make platforms function correctly, improve performance, and provide basic analytics information to platform operators.

How cookies are used on this platform

The AI Adventures platform is hosted by Thinkific, which places and manages cookies on our behalf. Cookies used on this platform fall into the following categories:

• Strictly Necessary Cookies: Essential for the platform to function. These include session management cookies that keep you logged in during your visit. The platform cannot operate without these.

• Functional Cookies: Used to remember your preferences and settings, such as your language and course progress, to provide a more personalised experience.

  • Campaign Attribution Cookies: We use a first-party campaign attribution cookie to remember how visitors arrived at the platform (for example, via newsletters, search engines, social media campaigns, or partner referrals). This information helps us understand which educational outreach activities are most effective and does not involve advertising profiling. 

• Analytics Cookies: Used to collect information about how users interact with the platform, such as pages visited, courses accessed, lesson completion activity, navigation patterns, session duration, device information, browser type, and other engagement metrics. We use this information to understand platform usage, improve learner experience, measure course effectiveness, troubleshoot technical issues, and enhance our educational services. Analytics information may be collected through Thinkific and authorised analytics providers, including Mixpanel. Where required by applicable law, analytics cookies will only be placed with your consent. 

We do not use behavioural advertising networks or sell personal information to advertisers. Where analytics, attribution, or campaign measurement technologies are used, they are deployed only in accordance with user consent preferences and are used to evaluate the effectiveness of our educational outreach and programme awareness activities. 

Third-party cookies

Because our platform is powered by Thinkific, some cookies are set directly by Thinkific and its authorised sub-processors.

We also use Mixpanel, an analytics platform that helps us understand how learners engage with our website and courses. Mixpanel may place cookies or use similar technologies to collect information about user interactions with the platform, including page views, clicks, navigation behaviour, session activity, and device-related information. This information is used solely for analytics, service improvement, and platform performance monitoring.

You can review Thinkific’s sub-processors and data practices at https://www.thinkific.com/thinkificsubprocessors/.
You can also review Mixpanel’s privacy practices at https://mixpanel.com/legal/privacy-policy/. 

Managing cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, or receive a warning before cookies are stored. Please be aware that disabling cookies may affect the functionality of the platform, including your ability to log in, track course progress, or access certain features.

For guidance on managing cookies in your browser, please refer to your browser’s support pages. For further information on cookies generally, visit https://www.aboutcookies.org.

13. Contact Us & Regulatory Oversight

If you have questions about this Privacy Policy, wish to execute an account erasure, or need to manage your learning data settings, please contact our Data Controller directly:

Attn: Elena Sinel, CEO and Data Controller

Organisation: Acorn Aspirations Ltd trading as Teens in AI

Dedicated Platform Privacy Email: [email protected]

Registered Postal Address: 50 Woodgate, Leicester, LE3 5GF, United Kingdom

You also have the right to lodge a formal complaint at any time with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters, by visiting https://ico.org.uk.

Updated: June 2026