Skip to content

Legal

Privacy Policy

Last updated: 31 May 2026

This policy explains how MarketImpact Digital Solutions Ltd processes personal data through AidGPT, including aidgpt.org, learner accounts, training applications, course participation, payments, certificates, and related communications.

Controller

MarketImpact Digital Solutions Ltd

Company Registration No. HE 473081 | VAT No. CY60156299P | Registered in Cyprus

Registered Office: 1 Stasinou Street, Offices 13-14, Mitsi Building 1, 1060 Nicosia, Cyprus

Privacy enquiries: mariejosee@marketimpact.org or contact us .

Personal data we process

  • Contact and enquiry data: name, email, organisation, role, training interest, cohort preferences, messages, and communication history.
  • Account and learner data: login identifiers, session records, course enrolment, module progress, activity submissions, discussion or homework content, certificates, and support requests.
  • AI learning data: learner prompts, assistant responses, safety warnings, usage metadata, and related context needed to deliver the learner assistant and course exercises.
  • Payment and administration data: invoice, VAT, payment status, payment provider references, refunds, and financial records. AidGPT does not store full card numbers.
  • Technical data: IP address, browser or device data, pages visited, server logs, security events, essential cookies, local storage such as theme preference, and privacy-focused analytics.

Purposes and legal bases

PurposeLegal basis
Responding to enquiries, training applications, quotes, and onboarding.Pre-contract steps, contract performance, and legitimate interests.
Providing learner accounts, course materials, AI-assisted exercises, cohort communications, certificates, and support.Contract performance and legitimate interests in delivering safe training.
Sending newsletters, updates, or optional marketing communications.Consent, or legitimate interests where permitted by applicable law.
Processing payments, VAT, accounting, tax, security, and legal compliance.Contract performance, legal obligations, and legitimate interests.
Keeping the site secure, improving reliability, investigating abuse, and measuring aggregate usage.Legitimate interests and, where required, consent for non-essential analytics.

AI-assisted training data

AidGPT is designed for responsible AI learning. Learners must not submit beneficiary details, safeguarding material, HR records, confidential donor information, procurement decisions, medical or legal material, secrets, or other sensitive content unless a separate written agreement expressly permits it and appropriate safeguards are in place.

AI-assisted features may process prompts, responses, and activity context through service providers acting under contract. We use this data to provide the training experience, monitor safety, prevent abuse, support learners, and improve course quality. We do not use the public site or learner assistant to make solely automated decisions that produce legal or similarly significant effects about learners.

Who receives personal data

We share personal data only where needed for the purposes above, including with hosting, database, email, analytics, payment, security, and AI infrastructure providers; course facilitators and support staff; professional advisers; auditors; public authorities; or a successor organisation if there is a restructuring. Current operational providers may include Vercel, Resend, Revolut, Umami analytics, and contracted AI service providers.

Some providers may process data outside Cyprus or the European Economic Area. Where that happens, we use appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, processor agreements, and risk-based security measures.

Retention

  • Training enquiries and contact records are normally kept for up to 3 years after the last meaningful interaction, unless a longer period is needed for an active relationship or dispute.
  • Learner account, progress, certificate, and course records are kept while the account is active and then for as long as needed to provide access, verify completion, support audit needs, or meet legal obligations.
  • Payment, invoice, VAT, and accounting records may be kept for up to 7 years or longer if required by Cyprus or EU law.
  • Security logs and technical records are kept for the shortest practical period, normally up to 12 months, unless they are needed to investigate abuse, fraud, or security incidents.

Data subject rights

Subject to the conditions and limits in data protection law, you may request access, rectification, erasure, restriction, portability, or objection to processing. Where processing is based on consent, you may withdraw that consent at any time without affecting earlier processing.

You can contact us at mariejosee@marketimpact.org to exercise these rights. You also have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection or another competent supervisory authority.

Cookies and local storage

We use essential cookies and similar technologies to provide login sessions, security, and site functionality. We may use local storage for preferences such as theme selection. We use privacy-focused analytics to understand aggregate site use and improve the service. If we add non-essential tracking that requires consent, we will request consent before using it.

Children, security, and updates

AidGPT is intended for adult professionals and is not directed at children under 18. We use technical and organisational measures to protect personal data, including access controls, secure hosting, monitoring, and staff confidentiality. No online service can be guaranteed fully secure.

We may update this policy as our services, providers, or legal obligations change. Material changes will be posted on this page and, where appropriate, notified to affected users.