Privacy Policy

1. Introduction

Thamera Ltd, trading as Thamera ("Thamera," "we," "us," or "our"), is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website, platform, and services (collectively, the "Service").

This Privacy Policy applies to all users of the Service, including those on our waitlist, subscribers, and website visitors.

Company Details:

• Legal Name: Thamera Ltd (trading as Thamera).
• Registered Address: Unit 4 Mackintosh Lane, London E9 6AB, United Kingdom.
• Contact Email: help@thamera.com.
• Website: www.Thamera.com.
• Data Protection Contact: help@thamera.com.

By using the Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal data as described herein.

2. Data Controller

Thamera is the data controller responsible for your personal data. This means we determine how and why your personal data is processed.

If you have any questions, concerns, or requests regarding your personal data, please contact us at help@thamera.com.

3. Information We Collect

We collect various types of information to provide, maintain, and improve our Service.

3.1 Information You Provide Directly

Waitlist and Registration Information:

• Full name.
• Email address.
• Phone number (for onboarding calls).
• Career background and objectives.
• Industry interests.
• Geographic location.

Onboarding Form Information:

• Current employment status.
• Self-reported salary information.
• Educational background.
• Professional experience and work history.
• Skills, competencies, and strengths.
• Career transition goals and aspirations.
• Preferred learning styles and pace.
• Any additional information you choose to provide.

Payment Information:

• Billing name and address.
• Payment method details (processed securely by Stripe; we do not store full card details).
• Transaction history.

Phone Call and Interview Information:

• Career objectives and detailed aspirations.
• Skills assessment and competency mapping.
• Industry knowledge and expertise levels.
• Learning preferences and needs.
• Career challenges and obstacles.
• Target companies and roles.
• Any additional information discussed during calls.

Note: Currently, we do not record phone calls or interviews, but we may implement recording in the future with your explicit consent and advance notice.

Platform Usage Information:

• Learning pathway progress and completion status.
• Time spent on learning modules.
• Quiz and assessment results.
• Topics and materials accessed.
• User-generated content (notes, feedback, reports).
• Support inquiries and communications with our team.

3.2 Information We Collect Automatically

Technical Information:

• IP address.
• Browser type and version.
• Device type and operating system.
• Referring website or source.
• Pages visited and time spent on pages.
• Click patterns and navigation paths.
• Date and time of access.
• Geolocation data (city/country level).

Cookies and Tracking Technologies:

We currently use analytics tools to understand how users interact with our Service. We may implement cookies and similar tracking technologies in the future, which may include:

• Strictly Necessary Cookies: Essential for the Service to function (e.g., authentication, security).
• Analytics Cookies: Help us understand user behavior and improve the Service (e.g., Google Analytics).
• Functional Cookies: Remember your preferences and settings.
• Marketing Cookies: May be used in the future to deliver relevant advertisements.

When we implement cookies, we will provide clear notice and obtain your consent where required by law. You can control cookies through your browser settings, though disabling certain cookies may affect Service functionality.

3.3 Information from Third Parties

Payment Processors:

We receive transaction confirmation and billing information from Stripe when you process payments.

Large Language Models (LLMs) and AI Services:

We use third-party AI services (including large language models) to analyze your information and create customized learning pathways. These services process your data on our behalf but do not retain it for their own purposes.

Publicly Available Sources:

To create your learning pathways and industry reports, we may reference publicly available information from:

• Google search results.
• Academic research papers and publications.
• Industry reports and news.
• YouTube and other public educational resources.
• Company websites and public filings.

We do not collect personal data about you from these sources; rather, we use them to build educational content tailored to your needs.

4. How We Use Your Information

We process your personal data for the following purposes:

4.1 Service Delivery (Legal Basis: Contract Performance)

• Creating Customized Learning Pathways: Analyzing your skills, experience, and career goals to build personalized learning content.
• Industry Mapping: Matching your profile to industry opportunities and identifying promising career niches.
• Platform Access: Providing access to your learning materials, AI tutor, and progress tracking.
• Skills Assessment: Conducting detailed skills mapping interviews to refine your pathways.
• Profile Creation: Building your professional profile for company visibility.

4.2 Communication (Legal Basis: Contract Performance and Legitimate Interest)

• Onboarding: Scheduling and conducting onboarding calls and skills interviews.
• Service Updates: Notifying you of platform changes, new features, or maintenance.
• Industry News: Sharing relevant industry information, trends, and opportunities in your target field.
• Support: Responding to your inquiries, questions, and support requests.
• Account Management: Sending subscription confirmations, payment receipts, and account notifications.

4.3 Company Outreach (Legal Basis: Contract Performance)

• Employer Connection: Sharing your profile with relevant companies in your target industry.
• Opportunity Matching: Identifying and reaching out to companies that may be interested in your skills.
• Profile Visibility: Making your professional profile accessible to companies via our platform and shareable links.

4.4 Service Improvement (Legal Basis: Legitimate Interest)

• AI System Training: Using your data to improve our AI models, algorithms, and personalization capabilities.
• Platform Enhancement: Analyzing usage patterns to identify areas for improvement.
• Quality Assurance: Monitoring Service performance and identifying technical issues.
• Feature Development: Understanding user needs to develop new features and functionality.
• Research and Analytics: Conducting internal research to enhance our methodologies.

4.5 Payment Processing (Legal Basis: Contract Performance and Legal Obligation)

• Subscription Management: Processing monthly subscription payments.
• Billing: Maintaining accurate billing records and transaction history.
• Fraud Prevention: Detecting and preventing fraudulent transactions.
• Financial Compliance: Meeting accounting, tax, and regulatory requirements.

4.6 Legal and Security (Legal Basis: Legal Obligation and Legitimate Interest)

• Legal Compliance: Complying with applicable laws, regulations, and legal processes.
• Terms Enforcement: Enforcing our Terms of Service and protecting our rights.
• Security: Protecting against security threats, abuse, and fraudulent activity.
• Dispute Resolution: Handling disputes, complaints, and legal claims.

4.7 Marketing (Legal Basis: Consent)

With your opt-in consent, we may:

• Send you information about new features, services, or offerings.
• Share updates about Thamera via email.
• Invite you to participate in surveys or provide feedback.

You can opt out of marketing communications at any time by clicking "unsubscribe" in any marketing email or contacting us at help@thamera.com. Opting out will not affect service-related communications.

Note: We do not use your personal data for third-party advertising. Any marketing we conduct is limited to our own social media platforms and direct communications with your consent.

5. Legal Basis for Processing (GDPR/UK GDPR)

Under the General Data Protection Regulation (GDPR) and UK GDPR, we must have a legal basis to process your personal data. Our legal bases include:

• Contract Performance: Processing necessary to fulfill our agreement with you (Service delivery, payment processing, profile creation).
• Legitimate Interest: Processing necessary for our legitimate business interests that do not override your rights (service improvement, analytics, fraud prevention).
• Consent: Processing based on your explicit, informed consent (marketing communications, future call recordings, optional features).
• Legal Obligation: Processing required to comply with legal or regulatory requirements (tax records, dispute resolution).

You have the right to object to processing based on legitimate interest. Contact us at help@thamera.com to exercise this right.

6. How We Share Your Information

We share your personal data only in the limited circumstances described below. We will never sell your personal data to third parties.

6.1 Professional Profile Sharing

As a core part of the Service, we share your professional profile with:

• Companies in your target industry.
• Companies we proactively reach out to on your behalf.
• Companies that access our platform to browse candidate profiles.
• Companies you share your profile link with directly.

Your profile includes: your professional summary, target industry, learning pathway details, and progress status. It is designed to showcase your expertise development to potential employers.

Public Visibility (Future): We may make profiles publicly accessible in the future (similar to LinkedIn profiles) to increase your exposure to employment opportunities. You will be notified before this change is implemented.

6.2 Service Providers and Third Parties

We share data with trusted third-party service providers who assist in operating the Service, including:

Infrastructure and Hosting:

• Amazon Web Services (AWS): Data storage and hosting (servers in UK and US regions).
• Neon Database: Database management and storage (UK/US).

Payment Processing:

• Stripe: Payment processing and subscription management (currently; may expand to other payment processors).

AI and Machine Learning:

• Large Language Models (LLMs): Third-party AI services used to analyze your information and generate customized learning content.

These providers process data on our behalf under strict confidentiality and do not use your data for their own purposes.

Analytics (Current and Planned):

• Analytics Tools: We use analytics services to understand platform usage and improve user experience.
• We may implement additional tracking technologies, marketing pixels, or analytics tools in the future.

Personalization Services (Future):

We reserve the right to engage additional third-party services for personalization, content delivery, or feature enhancement to improve the quality of the Service.

All third-party service providers are carefully selected and bound by confidentiality obligations. They may only use your data for the specific purposes we authorize and must comply with applicable data protection laws.

6.3 Legal Requirements and Protection

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (court orders, subpoenas, warrants).
• Government or regulatory requests.
• Law enforcement inquiries.
• Legal claims or disputes.
• Protection of our rights, property, or safety.
• Protection of users or the public from harm.

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and any choices you may have regarding your data.

6.5 With Your Consent

We may share your information with other parties when you provide explicit consent for such sharing.

7. Data Retention

We retain your personal data for different periods depending on the purpose and legal requirements.

7.1 During Active Subscription

While you maintain an active subscription, we retain all your data to provide the Service, including:

• Account and profile information.
• Learning pathway content and progress.
• Payment and billing records.
• Communication history.
• Platform usage data.

7.2 After Account Cancellation or Termination

Immediate Actions Upon Cancellation:

• Your professional profile is removed from company visibility and public access.
• Your account access is terminated.
• Active data processing for service delivery ceases.

Data Retention After Cancellation:

We continue to retain certain data for legitimate business purposes and legal compliance:

Financial and Billing Records:

• Retained for 7 years to comply with UK tax and accounting regulations.
• Includes payment history, invoices, and transaction records.

Learning Pathway and Progress Data:

• Retained indefinitely in anonymized or aggregated form for AI training and service improvement.
• May be retained in identifiable form for 3 years for quality assurance and dispute resolution.

Personal Information (Name, Email, Contact Details):

• Retained for 3 years for customer service, dispute resolution, and legal compliance.
• May be retained longer if required for ongoing legal matters.

Platform Usage and Analytics Data:

• Retained in anonymized or aggregated form indefinitely for research and improvement.
• Identifiable usage logs retained for 1 year for security and troubleshooting.

Communication Records:

• Support inquiries and correspondence retained for 3 years.
• May be retained longer if relevant to ongoing disputes or legal matters.

7.3 Data Deletion Requests

You may request deletion of your personal data at any time by contacting help@thamera.com. We will comply with your request to the extent legally permissible, subject to:

• Legal or regulatory retention requirements.
• Ongoing disputes, claims, or legal proceedings.
• Fraud prevention and security purposes.
• Contractual obligations requiring data retention.

When deletion is not possible, we will anonymize or restrict processing of your data as appropriate.

7.4 Anonymization

Where possible, we anonymize personal data so it can no longer identify you. Anonymized data is not subject to this Privacy Policy and may be retained and used indefinitely for research, analytics, and service improvement.

8. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect against unauthorized access, alteration, disclosure, or destruction.

8.1 Security Measures

Technical Safeguards:

• Encryption: Data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols.
• Access Controls: Strict access controls limit who can view or process your data.
• Secure Storage: Data stored on secure servers with industry-standard protections.
• Regular Security Updates: Systems and software regularly updated to address vulnerabilities.

Organizational Safeguards:

• Employee Training: Staff trained on data protection principles and confidentiality.
• Limited Access: Only authorized employees and systems access personal data on a need-to-know basis.
• Confidentiality Agreements: Employees and contractors bound by confidentiality obligations.
• Vendor Management: Third-party providers assessed for security and data protection compliance.

8.2 Your Responsibilities

You are responsible for:

• Keeping your account credentials secure and confidential.
• Using a strong, unique password.
• Not sharing your account with others.
• Logging out after using shared or public devices.
• Notifying us immediately of any unauthorized account access.

8.3 Limitations

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security of data transmitted over the internet or stored electronically. You transmit data to us at your own risk.

8.4 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours where required by law.
• Notify affected users without undue delay if the breach poses a high risk.
• Provide information about the nature of the breach and steps being taken.
• Offer guidance on protective measures you can take.

If you suspect unauthorized access to your account, contact us immediately at help@thamera.com.

9. International Data Transfers

9.1 Data Storage Locations

Your personal data may be stored and processed in:

• United Kingdom: Primary data storage on AWS UK servers.
• United States: Additional data storage and processing on AWS US servers and through US-based service providers.

9.2 Transfer Safeguards

When we transfer data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs): Approved by the European Commission and UK authorities.
• Adequacy Decisions: Relying on jurisdictions deemed to provide adequate data protection.
• Service Provider Commitments: Contractual obligations requiring data protection equivalent to UK/EU standards.

9.3 Your Rights

If your data is transferred internationally, you retain all rights under UK GDPR, including the right to complain to the UK Information Commissioner's Office (ICO).

10. Your Rights Under UK GDPR

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

10.1 Right of Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of your data. This is commonly known as a "subject access request."

10.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

10.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances, including:

• The data is no longer necessary for the purposes it was collected.
• You withdraw consent (where processing is based on consent).
• You object to processing based on legitimate interest and there are no overriding legitimate grounds.
• The data has been unlawfully processed.
• Legal obligations require erasure.

This right is not absolute and may be limited by our legal obligations, ongoing disputes, or legitimate business needs.

10.4 Right to Restriction of Processing

You have the right to request restriction of processing in certain circumstances, such as:

• You contest the accuracy of the data (while we verify accuracy).
• Processing is unlawful but you prefer restriction over deletion.
• We no longer need the data, but you need it for legal claims.
• You have objected to processing (while we verify legitimate grounds).

10.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller where:

• Processing is based on consent or contract performance.
• Processing is carried out by automated means.

10.6 Right to Object

You have the right to object to processing based on legitimate interest or for direct marketing purposes. If you object, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

10.7 Rights Related to Automated Decision-Making

If we make decisions about you based solely on automated processing (including profiling) that produce legal effects or similarly significant effects, you have the right to:

• Obtain human intervention.
• Express your point of view.
• Contest the decision.

Currently, while we use AI to create learning pathways, final decisions involve human oversight, and no purely automated decisions are made that would legally or significantly affect you.

10.8 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

10.9 Right to Complain

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data protection rights have been violated: Information Commissioner's Office (ICO) Website: https://ico.org.uk Phone: 0303 123 1113 Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

10.10 Exercising Your Rights

To exercise any of these rights, contact us at help@thamera.com with:

• Your full name and email address associated with your account.
• Description of the right you wish to exercise.
• Any relevant details or clarifications.

Response Timeline: We will respond to your request within 30 days (one month) as required by UK GDPR. In complex cases, we may extend this by an additional 60 days and will inform you of the extension and reasons.

Verification: We may request additional information to verify your identity before processing requests involving access to or deletion of personal data.

No Fee: We do not charge a fee for processing rights requests unless the request is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable administrative fee or refuse the request.

11. Children's Privacy

The Service is intended for individuals 18 years of age or older. We do not knowingly collect personal data from individuals under 18.

11.1 Age Verification

Currently, we verify age through:

• User representation during registration (age confirmation).
• Manual vetting during onboarding calls and interviews.
• Review of career history and professional experience.

In the future, as demand increases, we may rely primarily on user representations and the 18+ restriction without manual vetting for every user.

11.2 Parental Rights

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at help@thamera.com. We will promptly investigate and delete any such data from our systems.

12. Marketing and Communications

12.1 Service Communications

We will send you essential service-related communications, including:

• Account confirmations and welcome emails.
• Subscription and payment notifications.
• Platform updates and feature announcements.
• Scheduled maintenance and downtime notices.
• Important changes to Terms or policies.

You cannot opt out of essential service communications while maintaining an active account, as they are necessary for the Service.

12.2 Industry News and Updates

As part of the Service, we periodically send industry news, trends, and information relevant to your target career field. This is a supplementary feature to keep you informed. You may opt out of these updates while remaining subscribed to the core Service.

12.3 Marketing Communications

With your opt-in consent, we may send marketing communications about:

• New features or services.
• Special offers or promotions.
• Company news and updates.
• Surveys and feedback requests.

Opt-In: You must actively consent to receive marketing communications during registration or through account settings.

Opt-Out: You can opt out at any time by:

• Clicking "unsubscribe" in any marketing email.
• Adjusting preferences in your account settings.
• Contacting us at help@thamera.com.

Opting out will not affect service-related communications or industry news features.

12.4 Third-Party Marketing

We do not share your personal data with third parties for their marketing purposes. Any marketing you receive is directly from Thamera or through our owned social media channels where you have chosen to follow us.

12.5 Marketing Technologies (Future)

If we implement marketing pixels, tracking technologies, or remarketing campaigns in the future, we will:

• Provide clear notice of these technologies.
• Obtain your consent where required.
• Offer opt-out mechanisms.
• Update this Privacy Policy accordingly.

13. Cookies and Tracking Technologies

13.1 Current Use

Analytics: We currently use analytics tools to understand how users interact with our platform. This helps us improve user experience, identify issues, and develop new features. No Marketing Cookies: We do not currently use marketing or advertising cookies.

13.2 Future Use

We may implement additional cookies and tracking technologies in the future, including:

• Functional Cookies: To remember your preferences and settings.
• Marketing Cookies: To deliver relevant advertisements (with your consent).
• Third-Party Pixels: For analytics and remarketing purposes.

13.3 Your Cookie Choices

When we implement cookies, you will be able to:

• Accept or decline non-essential cookies through a cookie banner.
• Manage cookie preferences through your browser settings.
• Delete cookies already stored on your device.

Browser Controls: Most browsers allow you to:

• View and delete cookies.
• Block cookies from specific sites.
• Block all cookies (may affect functionality).
• Receive notifications when cookies are set.

Consult your browser's help section for specific instructions.

13.4 Do Not Track

Some browsers include "Do Not Track" (DNT) signals. We do not currently respond to DNT signals, as there is no industry standard for how to interpret them. If we implement DNT response mechanisms, we will update this policy.

14. Third-Party Links and Services

14.1 External Links

The Service may contain links to third-party websites, resources, or services (e.g., YouTube videos, research papers, company websites). We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to information collected by Thamera.

14.2 Embedded Content

We may embed third-party content (such as YouTube videos) within the Service. When you interact with embedded content, the third party may collect information about you according to their own privacy policies.

14.3 Social Media

We maintain social media profiles on various platforms. Information you share on social media is governed by the respective platform's privacy policy, not this Privacy Policy. We may use our social media channels for marketing purposes in accordance with platform terms.

15. Changes to This Privacy Policy

15.1 Updates

We may update this Privacy Policy from time to time to reflect:

• Changes in our data practices.
• New features or services.
• Legal or regulatory requirements.
• Feedback from users or regulators.

When we make changes, we will:

• Update the "Last Updated" date at the top of this policy.
• Post the revised policy on our website.
• Notify you via email for material changes.
• Provide reasonable notice before changes take effect (typically 30 days).

15.2 Material Changes

For material changes that significantly affect your rights or how we process your data, we will:

• Provide prominent notice via email and platform notification.
• In some cases, request your renewed consent.
• Allow you to object or cancel your subscription if you disagree.

15.3 Continued Use

Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree to changes, you must cancel your subscription and cease using the Service.

16. Entity Changes

In the event Thamera transitions from Thamera Ltd to a new legal entity (whether UK or US-based):

• This Privacy Policy and all data protection commitments will automatically transfer to the new entity.
• The new entity will become the data controller.
• All your rights under this Privacy Policy will continue unchanged.
• We will notify you of the entity change via email.
• Your data will remain subject to the same protections.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Data Protection Contact: Email: help@thamera.com.
• Company Address: Thamera (Thamera Ltd) Unit 4 Mackintosh Lane London E9 6AB United Kingdom.
• Website: www.Thamera.com.

Response Time: We aim to respond to all inquiries within 5 business days and will address data rights requests within the legally required 30-day timeframe.

Complaints: If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at https://ico.org.uk.

Acknowledgment

By using the Service, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal data as described in this Privacy Policy.