Privacy Policy

This Privacy Policy explains how Bleepy ("we," "us," or "our") collects, uses, and protects your personal information when you use our platform, website, or related services.

This policy complies with the General Data Protection Regulation (GDPR), UK GDPR, and other applicable privacy laws. By using our service, you consent to the data practices described in this policy.

Bleepy acts as the Data Controller for individual user data and as a Data Processor for data uploaded by organisations.

We use your information to:

• Provide and improve the Bleepy platform
• Facilitate events, resources, and learning activities
• Manage subscriptions and payments
• Communicate important updates via email and push notifications
• Send event reminders, booking updates, certificate notifications, and feedback requests via push notifications
• Maintain platform security and integrity
• Comply with legal obligations
• Track progress, performance metrics, and gamification achievements
• Generate personalized feedback, reports, and certificates
• Process voice interactions in real-time for emotion recognition and training assessment

We process your data under the following legal bases:

We may send communications about Bleepy and relevant professional opportunities or products.

You can opt out at any time via email footer links or by contacting support@bleepy.co.uk.

Bleepy offers push notifications to keep you informed about important events, bookings, certificates, and feedback requests. Push notifications are optional and require your explicit consent.

Data Collection: To deliver push notifications, we store your browser's push subscription endpoint, encryption keys (p256dh and auth), and your notification preferences. This data is stored securely and is only used to send notifications you've requested.

Service Workers: Push notifications use browser service workers to deliver messages even when the Bleepy website is not open. The service worker code is stored locally in your browser and does not track your browsing activity.

To manage your push notification preferences, visit your profile settings page or contact support@bleepy.co.uk.

You may request a copy of your data by contacting support@bleepy.co.uk.

We will verify your identity and provide exports in commonly used, machine-readable formats (CSV or JSON) within 14 days of verification.

• Active accounts: Retained for as long as your account remains active.
• Deleted accounts: Profile, settings, and content deleted within 7 days.
• System and billing records: Retained for up to 7 years to comply with UK tax and accounting laws (HMRC requirements).
• Session data: Retained for 1 year for educational analysis.
• Event bookings: Retained for 2 years after event date for attendance records.
• Certificate data: Retained for 5 years for verification and compliance purposes.
• Chat transcripts (Hume EVI): Stored in our database for 1 year, then automatically deleted. Zero retention on Hume's platform.
• Organisation data: Retained up to 90 days after subscription cancellation for export or reactivation, unless deletion is requested earlier.

Data is primarily stored in the UK and EEA.

Some sub-processors may process data in other jurisdictions with adequate safeguards, such as Standard Contractual Clauses (SCCs).

For a complete list of our sub-processors and their data processing locations, see our Sub-Processors page.

We use trusted third-party providers to operate our Services securely and reliably. These sub-processors process personal data on our behalf.

We only use sub-processors that meet security, privacy, and compliance standards consistent with UK GDPR and EU GDPR, operate under written data-processing terms, and provide appropriate technical and organisational safeguards.

A maintained list of sub-processors is available on our Sub-Processors page.

We implement appropriate technical and organisational measures to protect your data.

If a data breach occurs that poses a risk to individuals, Bleepy will:

• Notify the ICO within 72 hours (where legally required)
• Notify affected users without undue delay
• Provide details of the breach and mitigation steps

Bleepy is intended for users aged 16 and above.

We do not knowingly collect data from children under 13.

We comply with:

• UK GDPR and Data Protection Act 2018
• EU GDPR (where applicable)
• California Consumer Privacy Act (CCPA) and CPRA
• Canada's PIPEDA (where applicable)
• Australia's Privacy Act 1988 (where applicable)

You have the right to:

• Access your data
• Request correction or deletion
• Withdraw marketing consent
• Request data portability
• Object to processing
• Restrict processing (e.g., pending verification of accuracy)
• Lodge a complaint with the ICO or your supervisory authority

California residents have the right to:

• Access, correct, or delete personal information
• Know categories of data collected, disclosed, or sold
• Opt out of sale or sharing of personal data
• Limit use of sensitive personal information
• Be free from discrimination for exercising these rights

We verify identity before processing such requests. We verify your identity by confirming your registered email address and account details. For security, we may request additional information to prevent fraudulent requests.

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

If Bleepy or its assets are acquired, data may be transferred under equivalent privacy obligations.

Users will be notified as required by law.

Our services may include links to external websites.

We are not responsible for their content or privacy practices.

Please review their privacy policies before sharing personal information.

We may update this policy periodically.

Material changes will be notified via the platform or email.