Back to Wisdomwave Hub

    Privacy Policy

    Last updated: April 5, 2026

    Wisdomwave Hub ("Wisdomwave Hub," "we," "us," or "our") operates the mentorship marketplace and related services available through our websites and applications (the "Platform"). We are established in Scotland, United Kingdom. This Privacy Policy explains what personal data we process, why, who we share it with, and the rights you have under applicable law — including the UK GDPR, the EU General Data Protection Regulation ("GDPR"), and, where relevant, the California Consumer Privacy Act as amended ("CCPA/CPRA").

    1. Who is responsible for your data?

    For personal data collected through the Platform, the data controller is Wisdomwave Hub Ltd (trading as Wisdomwave Hub), with its main establishment in Scotland, United Kingdom. For day-to-day privacy requests, contact us at info@wisdomwavehub.com. We have not appointed a Data Protection Officer; for complex requests we may involve qualified advisors.

    2. Scope

    This policy covers processing in connection with accounts, mentor profiles, bookings, messaging, digital product purchases, AI-powered features you choose to use, and our website (including cookies and similar technologies). It does not govern third-party sites linked from the Platform (e.g. Stripe Checkout, Google sign-in), which have their own policies.

    3. Categories of personal data we collect

    3.1 You provide

    • Account and identity: email address, name, password (stored by our authentication provider in hashed form), roles (learner, mentor, admin), and profile fields such as goals, skill level, language, timezone.
    • Mentor profiles: professional bio, expertise tags, pricing, availability, photos, links, and similar listing content.
    • Transactions and support: booking details, questions to mentors, messages, uploaded files, contact form submissions, and correspondence with support.
    • Payment-related metadata: we do not store full payment card numbers. Payments are processed by Stripe; we receive identifiers, amounts, status, and related records needed to operate the Platform and meet legal obligations.

    3.2 Automatically collected

    • Technical and usage data: IP address, device and browser type, approximate location derived from IP, timestamps, pages or screens viewed, and diagnostic logs — limited to what is needed for security, debugging, and service improvement.
    • Storage on your device: we and our subprocessors may use browser local storage, session storage, and cookies for session continuity, preferences, and (only with your consent where required) analytics. See our Cookie Policy.

    3.3 From others

    • Authentication providers: if you sign in with Google or similar, we receive profile information allowed by that provider and your consent settings.
    • Payment and fraud providers: Stripe may share risk and compliance signals with us as permitted by its terms and law.

    4. How and why we use personal data (purposes)

    • Provide the Platform: accounts, mentor discovery, bookings, messaging, digital products, AI Helper sessions when you use them, notifications, and customer support.
    • Payments and payouts: collecting fees, remitting payouts to mentors via Stripe Connect, invoicing, tax, accounting, and dispute handling.
    • Security and integrity: detecting abuse, fraud, and unauthorised access; enforcing our Terms of Service.
    • Improvement and analytics: understanding aggregate usage and reliability. Where analytics are not strictly necessary, we only activate them in line with your cookie choices.
    • Legal compliance: responding to lawful requests, retaining records as required (e.g. financial and tax law), and establishing or defending legal claims.
    • Marketing: we do not sell your personal data. Promotional emails, if any, will be sent only with your consent or another lawful basis, with a clear unsubscribe option.

    5. Legal bases (EEA, UK, and similar jurisdictions)

    Depending on the activity, we rely on one or more of:

    • Contract — processing necessary to provide the services you request (e.g. running your account, completing a booking you paid for).
    • Legitimate interests — e.g. securing the Platform, preventing fraud, improving the product in ways that do not override your rights, and internal reporting — balanced and documented where required.
    • Consent — where required for non-essential cookies, certain marketing, or optional features; you may withdraw consent at any time without affecting the lawfulness of earlier processing.
    • Legal obligation — e.g. tax, regulatory, or court-mandated retention and disclosure.

    6. Automated processing and AI

    We may use automated systems (including machine-learning models via providers such as OpenAI or Google) to power features you actively use — for example mentor recommendations or AI Helper conversations. These processes do not produce legal or similarly significant effects about you without human oversight appropriate to the feature. Inputs and outputs are handled under agreements that require appropriate security and confidentiality. Do not submit special-category data (e.g. health, political opinions) unless a feature explicitly requires it and law permits.

    7. Recipients and subprocessors

    We share personal data with a limited set of service providers ("processors") under written terms:

    • Supabase — authentication, database, storage, and realtime infrastructure (data may be processed in the EU, US, or other regions according to your project configuration and their documentation).
    • Stripe — payment processing, Connect payouts, fraud tooling. See Stripe's Privacy Policy and Stripe Legal.
    • Email providers (e.g. Resend) — transactional and operational email.
    • AI providers — when you use AI features, content you submit may be transmitted to the configured model provider under their terms.
    • Google — if you connect Google Sign-In or Google Calendar, Google processes data under your Google account settings and their policies.
    • Hosting, logging, and tooling — infrastructure and diagnostics vendors that support our Flask API and operations.

    Mentors who receive your contact or session details act as independent businesses; they process learner data for their own delivery of services and should provide their own privacy information where required.

    8. International transfers

    Your data may be processed in the United Kingdom (including Scotland), the European Economic Area, the United States, and other countries. Where GDPR/UK GDPR applies, we use appropriate safeguards for transfers (e.g. Standard Contractual Clauses, UK IDTA, or adequacy decisions) through our providers' frameworks. You may request a summary of safeguards by contacting us.

    9. Retention

    • Account and profile: while your account is active; deleted or anonymised within a reasonable period after closure, subject to legal holds.
    • Messages, bookings, and purchases: retained as needed for service delivery, disputes, and legal obligations (often several years for financial records).
    • Logs and security: typically rotated within months unless needed for an investigation.
    • Marketing consents and cookie records: as long as needed to prove compliance, then deleted or anonymised.

    10. Security

    We implement technical and organisational measures appropriate to the risk, including encryption in transit (TLS), access controls, separation of environments, and least-privilege credentials for production systems. No method of transmission or storage is 100% secure; please use a strong, unique password and report suspected incidents to info@wisdomwavehub.com.

    11. Your rights

    Subject to local law, you may have the right to access, rectify, erase, restrict, object, port data you provided, and where processing is consent-based, to withdraw consent. You may also lodge a complaint with a supervisory authority (in the EEA, your local authority; in the UK — including Scotland — the Information Commissioner's Office (ICO) at ico.org.uk).

    California residents: we do not "sell" or "share" personal information as defined by the CPRA for cross-context behavioural advertising. You may still have rights to know, delete, and correct certain information and to limit use of sensitive personal information where applicable.

    To exercise rights, email info@wisdomwavehub.com. We may need to verify your identity before responding.

    12. Children

    The Platform is not directed at individuals under 16. We do not knowingly collect personal data from children. If you believe we have done so, contact us and we will take appropriate steps to delete the information.

    13. Changes

    We may update this Privacy Policy to reflect product, legal, or regulatory changes. We will post the revised version with an updated "Last updated" date and, where changes are material, provide additional notice (e.g. email or banner). Continued use after the effective date constitutes acceptance where permitted by law.

    14. Contact

    Privacy questions and data rights: info@wisdomwavehub.com
    General platform support (including contact form): support@wisdomwavehub.com