Privacy Policy

Last updated: 20 February 2026

This Privacy Policy ("Policy") describes how 4minAI ("Company", "we", "us", or "our") collects, uses, stores, processes, discloses, and protects your personal information when you access or use our website at 4minai.com, our mobile applications, and any related services, features, or content (collectively, the "Service"). By accessing or using the Service, you expressly acknowledge that you have read, understood, and agree to be bound by this Policy in its entirety. If you do not agree with any provision of this Policy, you must immediately cease all use of the Service.

1. Information We Collect

1.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you register for an account, subscribe to our Service, complete a purchase, participate in interactive features, fill out forms, request customer support, or otherwise communicate with us. This information may include, without limitation:

• Full legal name, display name, and username
• Email address (primary and secondary)
• Billing address, postal address, and country of residence
• Telephone number and mobile device number
• Payment and billing information, including credit/debit card numbers, bank account details, and transaction histories (processed via third-party payment processors)
• Date of birth and age verification data
• Profile photographs, avatars, and biographical information
• Employment information, job title, and employer name
• Educational background and learning history
• Course progress, quiz scores, completion records, and certification data
• User-generated content, including forum posts, comments, reviews, and feedback
• Communication records, including support tickets and email correspondence
• Any other information you choose to provide

1.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain technical and usage information, including but not limited to:

• Internet Protocol (IP) address (IPv4 and IPv6)
• Browser type, version, language, and configuration
• Operating system, device type, model, manufacturer, and unique device identifiers
• Screen resolution, colour depth, and viewport dimensions
• Referring URL, exit pages, and full clickstream data
• Pages viewed, features used, links clicked, buttons pressed, and scroll depth
• Session duration, timestamps, frequency of visits, and time spent on each page
• Geolocation data (city, region, country, timezone) derived from IP address
• Network information, including Internet Service Provider (ISP) and connection type
• Error logs, crash reports, and diagnostic data
• Local storage data, session storage data, and IndexedDB entries

1.3 Cookies and Tracking Technologies

We and our authorised third-party partners employ cookies, pixel tags (web beacons), local shared objects (Flash cookies), ETags, JavaScript, and similar tracking technologies to collect information about your interactions with the Service. These technologies enable us to maintain session state, remember your preferences, authenticate your identity, analyse usage patterns, deliver targeted advertisements, and measure the effectiveness of our marketing campaigns. You may configure your browser to reject all cookies or to notify you when a cookie is being set; however, disabling cookies may impair the functionality of the Service, and certain features may become unavailable.

1.4 Information from Third Parties

We may receive personal information about you from third-party sources, including but not limited to: social media platforms (when you connect your account or use social login), payment processors, analytics providers, advertising networks, data brokers, identity verification services, public databases, and our business partners. We may combine this information with data we collect directly from you.

2. Legal Basis for Processing

We process your personal information on the following legal bases, as applicable under the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other applicable data protection legislation:

• Performance of a Contract: Processing necessary for the performance of our agreement with you, including account creation, service delivery, payment processing, and customer support.
• Legitimate Interests: Processing necessary for our legitimate business interests, including fraud prevention, security, service improvement, analytics, direct marketing (where permitted), and enforcement of our legal rights, provided such interests are not overridden by your fundamental rights and freedoms.
• Consent: Where you have provided explicit, informed, freely given, specific, and unambiguous consent, including for marketing communications, non-essential cookies, and certain data sharing activities. You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
• Legal Obligation: Processing necessary for compliance with a legal obligation to which we are subject, including tax reporting, anti-money laundering regulations, and responding to lawful government requests.

3. How We Use Your Information

We use the information we collect for the following purposes, which we consider necessary and lawful:

• To create, maintain, secure, and administer your account
• To provide, operate, maintain, improve, and personalise the Service
• To process transactions, send related information including purchase confirmations, invoices, and receipts
• To deliver course content, track learning progress, issue certificates, and provide personalised learning recommendations
• To send transactional communications, including account verification emails, password resets, security alerts, and service notifications
• To send promotional communications, including newsletters, product updates, special offers, and marketing materials (subject to your consent where required)
• To respond to your comments, questions, and support requests
• To monitor and analyse usage trends, patterns, and activities for research, development, and analytics purposes
• To detect, investigate, prevent, and respond to fraud, unauthorised access, illegal activities, and other security threats
• To enforce our Terms of Service, Subscription Terms, and other legal agreements
• To comply with applicable laws, regulations, legal processes, and governmental requests
• To carry out any other purpose described to you at the time the information was collected

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With third-party vendors, contractors, consultants, and agents who perform services on our behalf, including payment processing, data hosting, email delivery, analytics, customer support, and fraud detection. These providers are contractually obligated to protect your information and may only use it for the purposes specified by us.
• Affiliated Companies: With our parent company, subsidiaries, and affiliates, including ClawEasy, ClawEmail, and other entities within our corporate group, for purposes consistent with this Policy.
• Legal Requirements: When required by law, regulation, legal process, or enforceable governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.
• Business Transfers: In connection with, or during negotiations of, any merger, acquisition, sale of assets, financing, bankruptcy, reorganisation, dissolution, or similar transaction involving all or a portion of our business or assets.
• With Your Consent: With any third party where you have provided your explicit consent to such sharing.

5. International Data Transfers

Your personal information may be transferred to, stored in, and processed in countries other than the country in which you reside, including the United States, the United Kingdom, and countries within the European Economic Area. These countries may have data protection laws that are different from the laws of your country. When we transfer personal data internationally, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, UK International Data Transfer Agreements (IDTAs), adequacy decisions, or other legally recognised transfer mechanisms to ensure that your information receives an adequate level of protection.

6. Data Retention

We retain your personal information for as long as reasonably necessary to fulfil the purposes for which it was collected, comply with our legal obligations, resolve disputes, enforce our agreements, and as permitted by applicable law. Specifically:

• Account data is retained for the duration of your active account and for a period of five (5) years following account closure or termination
• Transaction and billing records are retained for a minimum of seven (7) years as required by applicable tax and financial regulations
• Usage and analytics data is retained for a period of three (3) years from the date of collection
• Marketing consent records are retained for as long as your consent remains valid and for two (2) years thereafter
• Communication records are retained for a period of three (3) years from the date of the communication

Upon expiry of the applicable retention period, we will securely delete or anonymise your personal information, unless further retention is required or permitted by law.

7. Data Security

We implement and maintain appropriate technical and organisational security measures designed to protect your personal information against unauthorised access, alteration, disclosure, destruction, loss, or misuse. These measures include, but are not limited to: encryption of data in transit (TLS 1.2+) and at rest (AES-256), access controls and authentication mechanisms, regular security assessments and penetration testing, intrusion detection and prevention systems, employee security awareness training, and incident response procedures. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security. You acknowledge and accept this inherent risk.

8. Your Rights

Subject to applicable data protection legislation, you may have the following rights regarding your personal information:

• Right of Access: The right to request confirmation of whether we process your personal data and to obtain a copy of such data.
• Right to Rectification: The right to request correction of inaccurate or incomplete personal data.
• Right to Erasure: The right to request deletion of your personal data, subject to certain legal exceptions.
• Right to Restriction: The right to request restriction of processing of your personal data in certain circumstances.
• Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
• Right to Object: The right to object to the processing of your personal data, including processing for direct marketing purposes.
• Right to Withdraw Consent: The right to withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: The right to file a complaint with a supervisory authority, including the UK Information Commissioner's Office (ICO).

To exercise any of these rights, please contact us at privacy@4minai.com. We will respond to your request within thirty (30) days, or within the timeframe required by applicable law. We may require verification of your identity before processing your request.

9. Children's Privacy

The Service is not intended for, and we do not knowingly collect personal information from, children under the age of sixteen (16). If we become aware that we have collected personal information from a child under 16 without verified parental consent, we will take immediate steps to delete such information. If you believe that we have inadvertently collected information from a child under 16, please contact us immediately at privacy@4minai.com.

10. Third-Party Links and Services

The Service may contain links to third-party websites, applications, and services that are not operated or controlled by us. This Policy does not apply to any third-party services, and we are not responsible for the privacy practices, content, or security of such services. We strongly encourage you to review the privacy policies of any third-party services you access.

11. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals to websites. Due to the lack of a common industry standard for interpreting DNT signals, we do not currently respond to DNT signals. We will continue to monitor developments regarding DNT technology and may update this Policy accordingly.

12. Changes to This Policy

We reserve the right to modify, amend, or update this Policy at any time, at our sole discretion. If we make material changes, we will notify you by posting the updated Policy on the Service with a revised "Last updated" date, and where required by law, we will provide additional notice (such as email notification). Your continued use of the Service following the posting of any changes constitutes your acceptance of such changes. It is your responsibility to review this Policy periodically.

13. Contact Us

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data processing practices, please contact us:

• Email: privacy@4minai.com
• General enquiries: hello@4minai.com