Privacy Policy: protecting your information

The JADE App Privacy Policy

Last updated: October 2025

Introduction & Commitment


Your privacy matters to us. At The JADE App (“JADE”, “we”, “us”, or “our”), we are committed to protecting your personal data and being transparent about how we handle it. This Privacy Policy explains in clear terms what information we collect, how we use it, and the choices you have.

 

We follow strict data protection standards, including the UK GDPR, the EU GDPR, and the UK Data Protection Act 2018. We also take into account other international privacy laws where relevant, as JADE is used by institutions, agents, and counsellors around the world.

 

Our aim is simple: to keep your personal data safe, to use it only where necessary, and to make sure you have clear rights over how it is managed.

 

In this Privacy Policy, we explain:

  • the information we collect about you;
  • how and why we use it;
  • who we share it with;
  • how long we keep it; and
  • your rights to access, change, or delete it.

 

By using JADE, you are trusting us with your data, and this policy sets out how we protect that trust.

Scope of This Policy


This Privacy Policy applies to anyone who uses JADE’s services, including:

  • Institutions – universities, colleges, and schools that use JADE to manage and train their agent networks.
  • Agents – education agents and agencies who access training, resources, and compliance materials through JADE.
  • Counsellors – staff within institutions or agencies who use JADE to support their professional work.

 

JADE is not a student-facing platform. We do not provide accounts to students, process student applications, or collect student personal data. In some cases, agents may choose to download brochures, videos, or other marketing materials from JADE to share with students, but JADE itself does not process or manage student data.

 

This Privacy Policy covers the personal data we collect when you:

  • access and use the JADE platform and related services;
  • visit our website;
  • interact with our support team; or
  • take part in events, webinars, or surveys organised by JADE.

 

It does not apply to third-party services, websites, or applications that may be linked within JADE. We encourage you to review the privacy policies of those providers separately.

Who We Are & Contact


The JADE App (“JADE”) is a standalone company providing a digital platform that helps institutions, agents, and counsellors work together more effectively through training, resources, and compliance support.

 

For the purposes of data protection law, JADE acts as the data controller for the personal data we collect about you when you use our platform, website, or related services. This means we decide how and why your personal data is used.

 

If you have any questions about this Privacy Policy, your rights, or how we handle your data, you can contact us at:

 

Email: privacy@thejadeapp.com

Postal address: The JADE App, Commerce House, Carlton Boulevard, Lincoln LN2 4WJ, United Kingdom

 

You also have the right to raise a concern or make a complaint with your local data protection authority. In the UK, this is the Information Commissioner’s Office (ICO): www.ico.org.uk

Data We Collect


We collect different types of personal data depending on how you use JADE, whether you are logging into the platform, visiting our website, taking part in training, or contacting our support team. This helps us provide the services, keep them secure, and improve your experience.

 

The categories of data we may collect include:

 

  • Identity Data including first name, last name, job title, role, organisation, and professional identifiers (such as your institution or agency ID).

 

  • Contact Data including email address, telephone number, mailing or office address, and preferred communication channels.

 

  • Professional and Account Data including organisation or agency details (name, address, country of operation), user account details (username, password, account settings), training history, certifications, completion status, engagement with resources, webinars, and compliance modules.

 

  • Institution and Agency Data including subscription details, staff or agent seats assigned, and preferences set by your institution or agency.

 

  • Technical and Usage Data including Internet Protocol (IP) address, browser type and version, device information, operating system, system language, time zone settings, login activity, access times, pages viewed, clicks within the platform, referring website or link, interaction with emails (e.g. opens and link clicks), and analytics data collected via tools such as Google Analytics or similar technologies.

 

  • Communications Data including records of support requests, email correspondence, chat interactions, survey responses, event feedback, webinar participation, and notes from account management or training support.

 

  • Marketing and Preference Data including your choices about receiving updates, newsletters, promotional communications, and your responses to marketing campaigns.

 

  • Payment and Transaction Data including billing contact details, invoicing information, and payment records (where payments are made, such as institutional subscriptions). JADE does not store credit card or bank details directly; payments are securely processed by trusted third-party providers.

 

  • Event and Webinar Data including registration details, attendance records, participation in polls or Q&A, and feedback provided during JADE-hosted events or webinars.

 

  • Cookies and Tracking Data including browsing behaviour on our website, preferences, and interactions with content gathered through cookies, web beacons, pixels, or similar technologies.

 

  • Special Category Data may be collected only in limited cases, such as accessibility requests for events or webinars. This information will only be used with your consent and handled with additional safeguards.

How We Collect Data


We collect personal data in several ways, depending on how you interact with JADE:

 

  • Directly from you – when you create an account, update your profile, complete training, request support, register for an event or webinar, respond to a survey, or communicate with us by email, chat, or phone.

 

  • Automatically – when you use the JADE platform or visit our website, we collect technical and usage data through cookies, log files, and similar technologies. This may include your IP address, browser type, device details, pages viewed, time spent on the platform, and interactions with content or emails.

 

  • From your organisation – when your university, college, school, or agency sets up an account for you or assigns you a seat on the platform, we may receive your contact details and professional information from them.

 

  • From service providers – when trusted third-party providers support us in operating the platform, processing payments, providing analytics, or delivering webinars and events.

 

  • From publicly available sources – when professional details are published by institutions or agencies (for example, on official websites), which may be used to verify or update account information or to send invitations to training and events.

How We Use Your Data


We only use your personal data where we have a clear and lawful reason to do so. Most often this will be to provide you with access to JADE, to support your use of the platform, and to improve our Services. In some cases, we also use data to meet legal requirements or to keep our platform safe and secure.

 

The main purposes for which we use your data include:

 

  • To provide and manage our Services – allowing you to create and maintain an account, access training and resources, receive certifications, and participate in webinars or events.

 

  • To support you – responding to your questions, providing technical help, processing requests, and offering account management.

 

  • To improve and develop the platform – monitoring how the platform is used, analysing trends, and gathering feedback so we can enhance features, improve training, and develop new tools.

 

  • To personalise your experience – remembering your preferences, tailoring resources to your role, and ensuring the content you see is relevant.

 

  • To provide communications – sending you updates, newsletters, event invitations, or marketing information where you have opted in or where we have a legitimate interest.

 

  • To meet compliance and legal obligations – helping institutions manage compliance requirements, ensuring secure use of the platform, preventing misuse or fraud, and meeting our own legal duties.

 

  • To process payments and subscriptions – managing invoices, payments, and financial records for institutions and agents where applicable.

 

  • To run events and webinars – registering attendees, recording participation, gathering feedback, and issuing certificates of completion.

 

We may also use aggregated and anonymised data (which no longer identifies any individual) for reporting, research, or statistical purposes.

Legal Bases for Processing


Under data protection law, we must have a lawful basis each time we use your personal data. The bases we rely on will depend on the context, but in general we process your data on the following grounds:

 

  • Contract – when it is necessary to provide our Services to you or your organisation. For example, creating and managing your account, giving you access to training, or processing subscription payments.

 

  • Consent – when you have actively agreed that we may use your data for a specific purpose. For example, when you sign up to receive marketing emails, participate in optional surveys, or provide accessibility information for an event. You may withdraw your consent at any time.

 

  • Legitimate Interests – when we have a business reason to use your data that does not unfairly override your rights or freedoms. For example, monitoring platform usage to improve our services, preventing fraud, ensuring security, or sending limited updates about features we believe will be useful to you.

 

  • Legal Obligations – when we must use your data to comply with the law. For example, keeping financial records for tax purposes, or disclosing information if required by a regulator or legal authority.

 

Where we rely on legitimate interests, we balance our interests against your rights and will not use your data where the impact on you would be disproportionate.

Cookies & Tracking


Like most online services, JADE uses cookies and similar technologies to understand how our website and platform are used, to improve performance, and to make your experience more personalised.

 

Cookies are small files stored on your device when you visit our website. They help us recognise your browser or device, remember your preferences, and provide insights into how users navigate our Services.

 

The types of cookies and tracking technologies we may use include:

 

  • Strictly Necessary Cookies – required for the platform to function, such as enabling login and secure access.

 

  • Performance and Analytics Cookies – to help us understand how users interact with the platform, including which pages are visited, how long users stay, and how features are used. Tools such as Google Analytics may be used for this purpose.

 

  • Functionality Cookies – to remember your settings and preferences, such as language or regional options.

 

  • Targeting Cookies – in limited cases, to deliver content or communications that are more relevant to you based on your interactions.

 

You can control and manage cookies through your browser settings, and you may choose to disable non-essential cookies at any time. Please note that if you disable certain cookies, some features of the platform may not function properly.

 

For more detailed information about the cookies we use, the specific providers involved, and how to manage your choices, please see our Cookies Policy.

Data Sharing & Transfers


We treat your personal data with care and do not sell it to third parties. We only share it when necessary to deliver our Services, to meet legal obligations, or with your consent.

 

The main categories of recipients we may share your data with are:

 

  • Your organisation – when you are an agent, counsellor, or staff member, your institution or agency may receive reports about your training progress, certifications, or engagement within the platform.

 

  • Service providers – trusted third parties who help us operate our Services, such as providers of hosting, cloud storage, analytics (e.g. Google Analytics), payment processing, communication tools, webinar hosting, or customer support systems. These providers act under our instructions and are bound by strict contractual safeguards.

 

  • Professional advisers – such as legal, accounting, or auditing firms, where needed for business operations or compliance.

 

  • Regulatory authorities or law enforcement – when required to comply with legal or regulatory obligations, court orders, or enforce our rights.

 

  • Event and webinar partners – when you register for a JADE-hosted webinar or training, we may share your name, role, and organisation with co-hosts or speakers where necessary to deliver the event.

 

  • Potential business partners – in the event of a business restructure, merger, or acquisition, your data may be shared with prospective buyers or partners under confidentiality protections.


International Transfers


As JADE is used by institutions and agents worldwide, your data may be transferred to and stored outside the United Kingdom or European Economic Area (EEA). Where this happens, we take steps to ensure your data continues to be protected to the same high standard. These steps include:

 

  • transferring data only to countries recognised as providing an adequate level of protection by the UK Government or the European Commission;

 

  • entering into Standard Contractual Clauses (SCCs) approved under Article 46 of the UK GDPR/EU GDPR with our service providers and partners where adequacy decisions do not exist;

 

  • ensuring that all sub-processors we engage outside the UK/EEA are bound by equivalent safeguards;

 

  • applying additional technical and organisational measures such as encryption, strict access controls, and monitoring of international transfers; and

 

  • cooperating with institutions that request data to remain within specific jurisdictions, wherever feasible.

 

If we make any significant changes to how or where your personal data is transferred internationally, we will update this Privacy Policy and notify affected users.

 

You can contact us at privacy@thejadeapp.com if you would like more information about the safeguards we use for international data transfers.

Data Retention


We only keep your personal data for as long as it is needed to fulfil the purposes set out in this Privacy Policy, or as required by law. The length of time we retain data depends on the type of information and how it is used.

 

In general:

 

  • Account data – kept for as long as your organisation maintains an active subscription with JADE. If your account is closed or access is withdrawn, we will securely delete or anonymise your personal data within a reasonable period, unless we are required to keep it for legal or regulatory purposes.

 

  • Training and certification records – retained while your organisation remains active on the platform and, in some cases, for a limited period afterwards to provide compliance records for institutions.

 

  • Communications and support records – stored for as long as necessary to manage your request and for a short period afterwards for quality assurance and training.

 

  • Payment and transaction data – retained for as long as legally required for accounting, tax, or audit purposes.

 

  • Event and webinar data – kept for the duration of the event and a limited period afterwards for reporting and feedback purposes.

 

  • Marketing data – kept until you opt out or withdraw your consent, after which we will stop contacting you for marketing purposes.

 

When we no longer need your personal data, we will either securely delete it or anonymise it so it can no longer identify you.

Security


We take the security of your personal data seriously and have put in place technical and organisational measures to protect it against unauthorised access, loss, misuse, alteration, or disclosure.

 

Our safeguards include:


  • Encryption – protecting data in transit and at rest through secure encryption methods.


  • Access controls – restricting access to personal data only to authorised staff and service providers who need it to perform their duties.


  • Monitoring and testing – regularly reviewing and testing our systems to identify vulnerabilities and maintain security standards.


  • Secure hosting – storing data with trusted cloud providers that comply with recognised security certifications and standards.


  • Policies and training – ensuring staff handling personal data are trained in data protection and follow strict internal policies.


Although we take all reasonable steps to protect your personal data, no online service can guarantee absolute security. If we become aware of a personal data breach that may pose a risk to your rights and freedoms, we will notify you and, where required, the appropriate supervisory authority without undue delay.

Your Rights


You have a number of rights under data protection law in relation to the personal data we hold about you. These rights are designed to give you transparency and control.

 

Under the UK GDPR and EU GDPR, you have the right to:

 

  • Access your data – request a copy of the personal data we hold about you.

 

  • Correct your data – ask us to update or correct inaccurate or incomplete information.

 

  • Delete your data – request that we erase your personal data where there is no longer a valid reason for us to keep it.

 

  • Restrict processing – ask us to limit how we use your data in certain circumstances.

 

  • Object to processing – object to our use of your data where we are relying on legitimate interests or for direct marketing.

 

  • Data portability – request a copy of your personal data in a commonly used, machine-readable format and, where possible, have it transferred to another provider.

 

  • Withdraw consent – where we rely on your consent (for example, for marketing communications), you can withdraw it at any time.

 

To exercise any of these rights, please contact us at privacy@thejadeapp.com. We may need to verify your identity before fulfilling your request.


Other Jurisdictions


In addition to UK and EU data protection rights, you may also benefit from rights under other laws depending on where you are located. These include (but are not limited to):

 

  • California (CCPA/CPRA) – rights to access, delete, or correct your personal information, and to opt out of it being “sold” or “shared”. JADE does not sell personal data.

 

  • Brazil (LGPD) – rights to confirm whether we process your data, request access, correction, anonymisation, or deletion, and to withdraw consent.

 

  • Canada (PIPEDA) – rights to access your personal information, request corrections, and challenge how it is handled.

 

  • India (DPDP Act 2023, once in force) – rights to access, correct, delete, and restrict processing of your data.

 

  • Hong Kong (PDPO) – rights to access and correct your personal data, and to withdraw consent for its use.

 

  • Australia (Privacy Act 1988) – rights to access, correct, and request deletion of your data, and to complain to the Office of the Australian Information Commissioner.

 

  • Other regions – if you are based elsewhere, we will respect any additional rights you may have under local privacy laws.

 

If you are unhappy with how we handle your personal data, you also have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO): www.ico.org.uk

Third-party Links


Our website and platform may contain links to third-party websites, applications, or services. Please note that:


  • These third parties operate independently from JADE and have their own privacy policies. We are not responsible for how they collect, use, or share your personal data.
  • Following a link or interacting with a third-party service (for example, registering for a webinar co-hosted with a partner, or visiting a social media channel) may mean that your personal data is collected directly by that third party.
  • The presence of a link on our platform does not imply endorsement of the third party or their practices.

 

We encourage you to review the privacy policies of any third-party services before providing them with your personal data.

Changes to This Policy


We may update this Privacy Policy from time to time. Reasons for changes may include:

 

  • updates to our Services, features, or business practices;
  • new legal or regulatory requirements; or
  • feedback from users, institutions, or compliance authorities.

 

If we make material changes, we will take steps to notify you in advance, for example:

 

  • placing a notice on our website or login page;
  • updating the date at the top of this Privacy Policy; and
  • contacting you directly by email if we hold your contact details.

 

All changes take effect from the date they are published, unless otherwise stated. We will not make changes that reduce your rights under this Privacy Policy without first notifying you and giving you an opportunity to review the updates.

 

We encourage you to review this Privacy Policy periodically so you remain informed about how we protect your data.

Contact Information


If you have any questions about this Privacy Policy, your rights, or how we handle your personal data, you can contact us using the details below:

 

Email: privacy@thejadeapp.com

Postal address: The JADE App, Commerce House, Carlton Boulevard, Lincoln LN2 4WJ, United Kingdom

 

We take all privacy-related enquiries seriously and will respond as promptly as possible. Depending on the nature of your request, we may need to verify your identity before taking action.


Supervisory Authorities


You also have the right to raise a concern or make a complaint with your local data protection authority.


  • In the United Kingdom, this is the Information Commissioner’s Office (ICO): www.ico.org.uk.



  • If you are based outside the UK or EU, you may wish to contact the relevant authority in your jurisdiction.


We encourage you to contact us first so we have the opportunity to address your concerns directly.