Privacy Policy – Mane Mentis Ltd

Last updated: 8 January 2026

Contact: Contact us here

Address: 71–75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom

Company Number: 16732668

ICO Number: ZC026746

In brief: We collect only your name and email to deliver your product and optional newsletter. We don’t use analytics or ads, and we never sell your data.

  1. Who We Are

We are Mane Mentis Ltd, a UK-registered company that creates and sells self-authored educational content delivered as text documents.

We provide educational content based on personal experience and research. It is not therapy, coaching, or medical advice. Results, if any, are not guaranteed and will vary based on individual implementation and circumstances. We operate globally and process fewer than 250 customer records.

Data Protection Officer: We have not appointed a Data Protection Officer as we are not required to do so under Article 37 UK GDPR. (We are not a public authority, do not conduct large-scale systematic monitoring, and do not process special category data on a large scale). For data protection queries, contact us here.

We are the data controller for personal data we collect directly (such as names, emails, and support messages).

We are registered with the Information Commissioner’s Office (ICO) as a data controller.

Accountability: We are responsible for demonstrating compliance with the UK GDPR principles under Article 5(2). We maintain records of our processing activities to evidence accountability.

  1. What Data We Collect

We collect data directly from you when you create an account, make a purchase, sign up to our waitlist, or contact us for support. We collect only the minimum information needed to deliver your purchase and communicate with you (if you opt in).

We collect:

  • Your first name and email address when you sign up to our waitlist via Substack or create an account on Kajabi
  • Account login credentials (email and password - stored securely by Kajabi)
  • Purchase history (order ID, date, product name, amount paid) via Kajabi
  • Course progress data (which lessons you’ve accessed, when you accessed them, completion status)
  • IP address and device information (collected automatically by Kajabi for security and platform functionality)
  • Support messages you send us by email

We do not collect:

  • Billing or postal addresses
  • Phone numbers (unless you voluntarily provide one in support messages)
  • Sensitive data such as health information, race, religion, or similar categories
  • Data from minors under 18

Cookies and tracking: We use only essential functional cookies required for the Kajabi platform to work (account login, course delivery). We do not use analytics, advertising, or tracking cookies beyond what Kajabi requires for basic platform operation. For details on cookies used by the Kajabi platform, see Kajabi's Cookie Notice at kajabi.com/cookie-notice. We do not set any cookies ourselves beyond those required by Kajabi for course delivery.

Why we need this data: Provision of your name, email address, and account credentials is a contractual requirement under Article 6(1)(b) UK GDPR. If you do not provide this information, we cannot fulfill our contract, process your order, deliver your course access, or respond to support queries. You are not under any statutory obligation to provide this data, but without it we cannot complete your transaction or provide you access to the course.

We apply the principle of data minimization under Article 5(1)(c) UK GDPR by collecting only what is necessary for each purpose.

  1. How We Use Your Data

We use your data to:

  • Process purchases and deliver course access under the lawful basis of performance of contract (Article 6(1)(b) UK GDPR)
  • Send order confirmations, receipts, and course access instructions under performance of contract
  • Manage your course account and track your progress under performance of contract, as providing access to completed lessons and maintaining your progress is part of our service delivery
  • Respond to support queries under performance of contract
  • Send newsletters and product updates under the lawful basis of consent (Article 6(1)(a) UK GDPR) - if you opt in only
  • Maintain tax and accounting records for 7 years under legal obligation (Article 6(1)(c) UK GDPR) to comply with HMRC requirements

Where we rely on consent, you may withdraw it at any time by unsubscribing without affecting the lawfulness of processing before withdrawal.

  1. Who We Share Your Data With

We share your data only with essential service providers needed to deliver our services. We do not sell, rent, or share your data with third parties for their own marketing purposes.

We have Data Processing Agreements with Kajabi and Substack that set out their obligations as processors under UK GDPR Article 28.

Categories of recipients: We share data with course platforms (for course delivery, account management, and course-related emails), payment processors (for completing transactions), and promotional content providers (for waitlist management and marketing communications).

Our processors:

Mane Mentis Ltd is the data controller. The processors listed below act on our instructions to provide services:

Kajabi handles course delivery, account management, and payment processing. When you purchase from us, Kajabi processes your payment and provides you with course access. Their privacy policy: kajabi.com/privacy

Kajabi collects and processes:

  • Your account credentials (email and password)
  • Purchase information (order ID, date, amount, payment method)
  • Course progress data (lessons accessed, completion status, timestamps)
  • IP address and device information for security
  • VAT/tax compliance

Stripe and PayPal process payments through Kajabi's platform as sub-processors. Stripe privacy policy: stripe.com/privacy | PayPal privacy policy: paypal.com/privacy

Substack manages our waitlist form and promotional content. Their privacy policy: substack.com/privacy

Payment card data never touches our systems. Kajabi and its payment processors (Stripe/PayPal) handle all payment information securely.

  1. International Data Transfers

When we transfer personal data outside the UK, we use approved safeguards such as UK Standard Contractual Clauses or the UK Extension to the EU–US Data Privacy Framework.

Some of our processors operate in the United States. The UK has not issued an adequacy decision for the United States, so we rely on appropriate safeguards for these transfers:

  • Kajabi (US): UK Extension to EU-US Data Privacy Framework (approved framework providing adequate protection - see kajabi.com/privacy)
  • Stripe (US): UK Extension to EU-US Data Privacy Framework (approved framework providing adequate protection - see stripe.com/privacy)
  • PayPal (US): Standard Contractual Clauses (pre-approved data transfer agreements - see paypal.com/privacy)
  • Substack (US): Standard Contractual Clauses (pre-approved data transfer agreements - see substack.com/privacy)

Standard Contractual Clauses (SCCs) are pre-approved contract terms that ensure data transferred outside the UK receives adequate protection. For US providers that participate in the UK Extension to the EU–US Data Privacy Framework, data transfers rely on that adequacy decision.

Your data may be stored and processed in the United Kingdom and the United States, depending on which service provider is handling it. Transfers to the United States occur only where providers participate in the EU–US Data Privacy Framework or have signed the UK-approved Standard Contractual Clauses.

  1. How Long We Keep Your Data

We keep purchase records for 7 years from the date of purchase to comply with UK tax law (HMRC requirement is 6 years).

We keep course account data (including login credentials and course progress) for as long as your account remains active. If you request account deletion or do not access your course for 3 years, we will delete your account data.

We keep email list data until you unsubscribe, based on your consent.

We keep support emails for 3 years from the last contact to provide ongoing support.

After these retention periods, data is securely deleted.

Retention periods are determined by legal requirements (such as HMRC rules), operational needs (such as ongoing support and course access), and your consent preferences (for email lists). We review retention annually to ensure data is not kept longer than necessary.

  1. How We Keep Your Data Safe

We use TLS encryption on all email transmission (standard for modern email providers) and password-protected access to internal systems.

Kajabi’s security measures include encryption in transit and at rest, role-based access controls, strong authentication requirements (including optional Multi-Factor Authentication for your account), and active monitoring. Kajabi takes commercially reasonable steps to protect your personal information from loss, misuse, and unauthorized access.

We have a Data Processing Agreement with Kajabi that sets out their obligations as our processor under UK GDPR Article 28.

We do not store any payment data. Kajabi and its payment processors (Stripe/PayPal) handle all payment information securely.

If there is a data breach, we will notify the ICO within 72 hours and affected users if there is high risk, in accordance with UK GDPR requirements.

No system is 100% secure. Please use secure networks when accessing our services and protect your Kajabi account password. You are responsible for protecting against unauthorized access to your account by selecting a strong password and signing out after accessing your course.

  1. Your Privacy Rights

Under UK GDPR, you have the right to:

  • Access your data
  • Correct inaccuracies
  • Delete your data (subject to tax retention requirements)
  • Restrict or object to processing
  • Port your data (we can provide it in PDF or CSV format)
  • Withdraw consent (for example, to unsubscribe from newsletters)
  • Not be subject to automated decisions (we don’t use any automated decision-making)

We do not use your data for profiling or automated decision-making that produces legal or similarly significant effects, including for marketing purposes.

We will respond to requests within one month, extendable by up to two months if necessary due to the complexity or number of requests.

Right to complain to the ICO:

If you believe we have not handled your data properly, you have the right to lodge a complaint with the UK’s data protection regulator:

  • Online: https://ico.org.uk/make-a-complaint/
  • Phone: 0303 123 1113
  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  1. Refunds & UK Consumer Rights

Our refund policy varies by product and customer group. See our Refund Policy for details.

All customers retain their statutory rights under the Consumer Rights Act 2015. Digital content must be of satisfactory quality, fit for purpose, and as described. Your statutory rights are not affected by our refund policies.”

  1. Age Restriction

Our services are for adults 18+ only.

We do not knowingly collect data from minors.

By using our site, you confirm you are 18 or older.

  1. Updates to This Notice

We may update this notice from time to time. If there are material changes, we’ll email you or post a banner. Please check back regularly.

  1. Contact Us

For any questions about this privacy notice or to exercise your data protection rights, contact us:

  • Email: Contact us here
  • Post: Mane Mentis Ltd, 71–75 Shelton Street, London WC2H 9JQ

We will respond to data subject requests within one month as required under Article 12(3) UK GDPR, and aim to respond to general queries within 48 hours.

You can contact us about any privacy-related matter using the details above.

ICO Registration number: ZC026746

Version 1.1 - Published 8 January 2026

Next review: January 2027

Â