Legal
Privacy Policy
Last updated: July 5, 2026
This Privacy Policy explains how Robin & Jesper LTD ("we," "us") processes personal data when you use robinandjesper.com and purchase or take our courses. The data controller is Robin & Jesper LTD, HE 396002, Evagora Pallikaridi 38, 8010 Paphos, Cyprus, VAT CY 10396002I.
1. Data we collect
- Account and purchase data: your email address, purchase details, and invoices. Purchases are processed by Paddle as merchant of record. Paddle is an independent controller of payment data, and we never see your full card details.
- Course data: which lessons you access and complete, so we can show your progress and let you resume where you left off.
- Data you send us: support emails and their contents.
- Data collected automatically (with consent where required): IP address, device and browser information, pages viewed, referral source, and analytics or advertising identifiers.
2. How we use data
- To deliver course access, magic-link sign-in, receipts, and support (contract performance).
- To send transactional email such as receipts, sign-in links, and essential course communications (contract performance).
- To analyze site usage and marketing performance, and to measure conversions (consent, where required).
- For advertising measurement and retargeting via Google and Meta (consent).
- To attribute affiliate referrals, for example Bluehost, when you follow a marked affiliate link (legitimate interest).
- To comply with law, prevent fraud, and defend legal claims.
3. Legal bases (EEA and UK)
We rely on several legal bases. Contract performance covers course delivery, authentication, and receipts. Consent covers analytics and advertising cookies, which we collect through our cookie banner and which you can withdraw at any time. Legitimate interests cover security, affiliate attribution, and service improvement. We also process data to meet legal obligations.
4. Processors and recipients
- Paddle.com Market Ltd and Paddle.com Inc.: merchant of record for purchases (an independent controller).
- Vercel Inc. (USA): hosting.
- GitHub, Inc. (USA): source code and build logs.
- Resend (Rebel Sky Inc., USA): transactional email, such as magic links and receipts.
- Vimeo.com, Inc. (USA): course video hosting and playback.
- Google LLC (USA): Analytics, Ads, and Tag Manager (consent-based).
- Meta Platforms, Inc. (USA): Meta Pixel and Conversions API (consent-based).
- Bluehost, LLC (USA): affiliate partner that receives click and conversion attribution when you use our affiliate links.
Transfers outside the EEA rely on adequacy decisions or Standard Contractual Clauses.
5. Retention
We keep account and purchase records for as long as your account is active, plus any periods required by tax and accounting law. We keep support correspondence for up to 24 months. Analytics data follows each provider's defaults, typically 14 to 26 months.
6. Your rights
Depending on where you live, you may have rights to access, correction, deletion, portability, restriction, objection, and withdrawal of consent. EEA and UK residents may also lodge a complaint with their supervisory authority. Our lead authority is the Office of the Commissioner for Personal Data Protection, Cyprus. To exercise your rights, email support@robinandjesper.com with the subject "Privacy Request."
7. US state privacy rights
Residents of California and other US states with comprehensive privacy laws may request access, deletion, and correction, and may opt out of the "sale" or "sharing" of personal data for cross-context behavioral advertising (our use of Google and Meta advertising tools may qualify). Email support@robinandjesper.com with the subject "Do Not Sell or Share." We honor Global Privacy Control signals.
8. Cookies
We use a consent banner. Necessary cookies for your session and authentication always run. Analytics and marketing cookies run only after you consent, and you can decline or withdraw them at any time in Cookie Preferences.
9. Children
The Service is for adults aged 18 and over. We do not knowingly collect data from children.
10. Security
We use HTTPS everywhere, HttpOnly secure session cookies, access controls, and reputable processors. No method is 100% secure.
11. Changes and contact
We post updates here with a revised date. To reach us, contact Robin & Jesper LTD, Evagora Pallikaridi 38, 8010 Paphos, Cyprus, or email support@robinandjesper.com.
