top of page

Privacy Policy

Effective date: 09 October 2025


Applies to: Decision Point (website at thedecisionpoint.org), email/support, and related services (the “Services”).

Who’s responsible? The Director or sole proprietor trading as Decision Point (“I,” “me,” or “we” for branding).
Contact: jason@thedecisionpoint.orgPrivacy web form • 

​

SUMMARY OF KEY POINTS
​

What personal information do I process? Info you provide (account, purchases, learning activity) and info collected automatically (device/usage data, cookies).
Sensitive data? No, not intentionally.


Third-party sources? Payments, analytics, and social logins if you choose those.
Your rights? Depending on where you live, you can access, correct, delete, or opt out of certain uses (see Your Privacy Rights).


More detail? Keep reading.

​

1) WHAT PERSONAL INFORMATION DO I COLLECT?

You provide

  • Account & identity: name/alias, email, password (hashed), country/region, language, time zone.

  • Profile (optional): photo, bio, interests, goals.

  • Learning activity (Decision Point): enrollments, progress, quiz/assessment attempts and scores, certificates/badges, notes, reviews/feedback.

  • Purchases & billing: order history, subscription status, VAT/GST info. I do not store full card numbers; payments are handled by [payment processor(s)].

  • Support & communications: emails/chats, survey responses, marketing preferences.

  • Community (if enabled): forum posts, comments, messages, uploaded media.

  • Live sessions/recordings (if applicable): on-screen notice will be shown.

Collected automatically

  • Device/usage: IP, device/OS/app version, crash logs, performance metrics, session events in Decision Point (e.g., video plays, lessons completed).

  • Cookies/SDKs: analytics, preferences, and—if you consent—advertising identifiers. See Cookies.

From third parties (if you opt in)

  • Payments: transaction status/fraud signals from payment processors.

  • Analytics/ads: usage and campaign data from analytics/ads partners.

  • Social login: identifiers and email from Google/Apple/etc. (as authorized by you).

Please don’t include sensitive categories (health, biometric, etc.) in free-text fields.

​

2) HOW DO I USE YOUR INFORMATION?

  • Provide the Services: create/manage accounts, deliver Decision Point courses, track progress, issue certificates, provide support.

  • Payments & subscriptions: fulfill purchases, tax/receipts, fraud prevention.

  • Improve & secure: debug, measure performance/engagement, test features, prevent spam/abuse (often using de-identified or aggregated data).

  • Communicate: transactional emails (receipts, reminders, policy updates); tips/marketing where permitted (you can opt out).

  • Legal/compliance: fulfill legal obligations and enforce terms.

​

3) WHAT LEGAL BASES DO I RELY ON? (EU/UK where applicable)

  • Contract: to provide what you purchased or requested.

  • Legitimate interests: operate, secure, and improve the Services; communicate about your account or similar offerings.

  • Consent: for marketing, cookies/ads, or optional features where required.

  • Legal obligation: tax, accounting, regulatory requirements.
    You can withdraw consent anytime via [preferences link] or by contacting me at jason@thedecisionpoint.org.

​

4) WHEN AND WITH WHOM DO I SHARE PERSONAL INFORMATION?

I don’t sell your personal information. I share only as needed with:

  • Service providers (processors): hosting/CDN, databases, email/SMS/push, analytics, crash reporting, payments, customer support, A/B testing. Current list (purposes/locations): [https://thedecisionpoint.org/legal/subprocessors].

  • Business transfers: if I sell or reorganize the business, your info may transfer with equivalent protections.

  • Legal: when required by law or to protect rights, safety, and service integrity.

​

5) COOKIES & OTHER TRACKING TECHNOLOGIES

I use:

  • Strictly necessary cookies (login, security, checkout),

  • Functional/analytics (preferences, performance),

  • Advertising (only with consent where required).
    Manage choices anytime via Manage Cookies and see the Cookie Policy.

​

6) HOW LONG DO I KEEP YOUR INFORMATION?

Only as long as needed for the purposes above or as required by law. Typical defaults:

  • Account & learning records: for the life of your account + 24 months

  • Purchases/billing: 7 Years

  • Analytics logs: 24 months

  • Support records: 12 months

  • Live-class recordings (if any): 60 days
    If you delete your account, I delete or de-identify your personal data within 30 days, then remove it from backups on their normal cycle of 90 days.

​

7) HOW DO I KEEP YOUR INFORMATION SAFE?

I apply administrative, technical, and physical safeguards: encryption in transit/at rest, role-based access and least privilege, audit logging, vulnerability management, and security controls appropriate to a sole proprietor. No system is perfectly secure; if a breach is likely to affect you, I’ll notify you as the law requires.

​

8) DO I COLLECT INFORMATION FROM MINORS?

The Services are for adults and older teens.

  • Under 13 (or local minimum age): do not use the Services; I don’t knowingly collect children’s data.

  • 13–15: parental consent may be required in some regions.
    I don’t use children’s data for targeted ads. If you think a child’s data was submitted, contact jason@thedecisionpoint.org.

​

9) YOUR PRIVACY RIGHTS

Depending on your location, you may have rights to:

  • Access, correct, delete, or port your data;

  • Object to or restrict certain processing;

  • Withdraw consent where applicable;

  • Opt out of marketing anytime (unsubscribe link).
    Control cookies/ads via Manage Cookies and device settings. I’ll verify identity and respond within legal timelines (e.g., 1 month under GDPR; 45 days under CPRA). If I decline, you may appeal where provided by law and contact your regulator.

​

10) “DO NOT TRACK” & AD CONTROLS

Browsers may send Do Not Track (DNT) signals; there’s no common standard. I honor legally required signals where applicable (e.g., Global Privacy Control for California sharing/“sales”). You can also adjust ad preferences with platform providers and in your device settings.

​

11) INTERNATIONAL TRANSFERS

Data may be processed in international data centres. Where cross-border transfers require safeguards, I use EU/UK Standard Contractual Clauses or other approved mechanisms and assess local laws. Details: [https://thedecisionpoint.org/legal/transfers].

​

12) THIRD-PARTY WEBSITES & SERVICES

Links to third-party sites or content are governed by their privacy policies.

​

13) AUTOMATED DECISIONS & AI

Some features in Decision Point may use AI (e.g., personalized recommendations or automated quiz grading). These do not produce legal or similarly significant effects. You can request human review of material outcomes via Support.

​

14) REGIONAL DISCLOSURES
EU/UK (GDPR/UK GDPR)

  • Controller: The Director, sole proprietor trading as Decision Point, jason@thedecisionpoint.org.

  • Legal bases: contract, legitimate interests, consent, legal obligation (see §§2–3).

  • Transfers: SCCs or other mechanisms (see §11).

  • Rights: access, rectification, erasure, restriction, portability, objection, and the right to complain to your supervisory authority.

  • Representative (if not established in the EU/UK but targeting residents): [EU/UK representative details or “not applicable”].

​

California (CCPA/CPRA)

  • Categories collected: identifiers; commercial info (purchases); internet activity; coarse geolocation (IP); audio/visual (if live sessions recorded); inferences (product analytics).

  • Purposes & sharing: see §§2, 4–5. I do not sell personal information. I may “share” for cross-context behavioral advertising only with your consent—opt out here: [https://thedecisionpoint.org/privacy/do-not-sell] or via Global Privacy Control signals.

  • Rights: know/access, delete, correct, portability, opt-out of sale/sharing, limit use of sensitive information (not routinely collected), and non-discrimination.

​

Japan (APPI)

  • Purposes of use: as listed in §2 and disclosed at collection.

  • Third-party transfers to foreign countries: I adopt appropriate measures and disclose receiving countries/safeguards at [https://thedecisionpoint.org/legal/transfers].

  • Requests for disclosure/correction/suspension: contact jason@thedecisionpoint.org for procedures.

  • Person responsible for retained personal data: Jason Underwood (sole proprietor).

​

15) HOW TO CONTACT ME

Point of contact: The Director
Email: jason@thedecisionpoint.org
Web form: https://thedecisionpoint.org/contact
 

16) UPDATES TO THIS POLICY

I’ll update this page as needed and notify you of material changes in-app or by email at least [e.g., 15–30 days] before they take effect. Archive of prior versions: [https://thedecisionpoint.org/legal/archive].

​

​

bottom of page