Privacy Policy

1. Who We Are

Thinkclub is a digital infrastructure and knowledge design studio that partners with educational institutions — colleges, universities, school groups, and education boards — to build sustainable digital ecosystems. We are a consulting and design practice, not a software-as-a-service platform.

This policy explains how we handle information that we may receive in the course of our consulting engagements, through this website, and via direct communication.

2. Information We Collect

We collect only the information necessary to understand your institution's needs and deliver our services effectively.

2.1 Through This Website

• Contact form submissions — name, email, institution name, and your message
• Basic analytics — pages visited, referral source, and browser type (no personal identifiers)

2.2 During Engagements

• Institutional documents shared for audits — organisational charts, system inventories, brand assets, process documents
• Stakeholder interview notes and workshop recordings (with explicit consent)
• System access credentials provided for audit purposes (stored securely, returned or destroyed upon engagement completion)
• Communication records — emails, meeting notes, and project correspondence

3. How We Use Information

• To respond to your enquiries and prepare engagement proposals
• To conduct institutional audits, digital maturity assessments, and strategy development
• To design, build, and deploy digital infrastructure (branding systems, platforms, toolkits) as agreed in the engagement scope
• To generate anonymised, aggregated insights that improve our frameworks (no institution is identifiable without consent)
• To communicate project updates, deliverables, and follow-up recommendations

4. Data Ownership & Institutional Confidentiality

This is fundamental to how we operate:

• We do not share institutional information with third parties without explicit written consent
• We do not use your institution's name, logo, or case details in marketing without prior approval
• System credentials shared during audits are stored in encrypted environments and destroyed within 30 days of engagement completion
• Workshop recordings and interview transcripts are deleted upon project delivery unless the institution requests otherwise

5. Third-Party Tools & Services

In the course of our work, we may recommend or configure third-party tools (ERPs, LMS platforms, analytics services, communication tools). Each of these tools has its own privacy policy and data handling practices. We always:

• Recommend tools that align with our open, frugal, and privacy-respecting principles
• Provide clear documentation on what data each tool collects and how it is stored
• Advise institutions on data governance and access control for any deployed system
• Prefer self-hosted or institution-controlled solutions wherever feasible

6. Cookies & Website Analytics

This website uses minimal, privacy-respecting analytics to understand general traffic patterns. We do not use advertising trackers, retargeting pixels, or third-party cookies that track your browsing activity across other websites.

7. Data Retention

• Website contact form data — retained for up to 12 months, then archived or deleted
• Engagement materials — retained for the duration of the engagement plus 90 days for handover and follow-up, then securely deleted unless a retention agreement is in place
• Anonymised frameworks and methodologies — retained indefinitely as part of our evolving practice

8. Your Rights

You may request access to, correction of, or deletion of any personal or institutional information we hold. To exercise these rights, contact us at [email protected].

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated to active engagement partners directly. The “Last updated” date at the top of this page reflects the most recent revision.

10. Contact

For questions about this policy or our data practices, reach out to us at [email protected] or visit our contact page.