Privacy Policy

This Privacy Policy explains how JohnB.io collects, uses, and protects your personal data. JohnB.io is operated by John Bowman, United Kingdom. We take your privacy seriously and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data controller

The data controller is John Bowman, trading as JohnB.io. Contact: hello@johnb.io

2. What data we collect

Account users (registered)

When you create an account, we collect:

• Your name and email address
• Authentication method (email/password or Google sign-in)
• Course progress data (which lessons you have completed)
• Exam results (score, grade, date)
• Account creation date

All visitors

We collect anonymised usage data via Google Analytics, including:

• Pages visited and time spent
• Device type, browser, and approximate location (country/city)
• Referral source

This data does not identify you personally.

AI tool inputs

When you use AI-powered tools on the Site, your input text is sent to third-party AI APIs (such as Anthropic) to generate a response. We do not store your input text beyond what is needed to process the request. Please do not submit personal, sensitive, or confidential information into AI tools.

3. How we use your data

We use your data to:

• Provide and operate your account
• Track and display your course progress
• Issue your course certificate upon completion
• Improve the Site based on aggregated analytics
• Respond to support enquiries

We do not use your data for advertising, and we do not sell your data to third parties.

4. Legal basis for processing

• Contract: Processing your name and email to provide account services
• Legitimate interests: Improving the Site using anonymised analytics
• Consent: Where you have opted in to any communications

5. Data storage and security

Account data is stored securely in Google Firebase (Firestore), hosted on Google Cloud infrastructure. Google Firebase is compliant with GDPR and ISO 27001. We implement appropriate technical measures to protect your data, including encrypted connections (HTTPS) and Firebase security rules that restrict access to your own data only.

No system is completely secure. We cannot guarantee the absolute security of your data but we take reasonable steps to protect it.

6. Third-party services

The Site uses the following third-party services that may process your data:

• Google Firebase — authentication and database (Google LLC, USA). Governed by Google's Privacy Policy and the Google Cloud Data Processing Addendum.
• Google Analytics — anonymised usage tracking (Google LLC, USA)
• Anthropic / OpenAI / other AI APIs — processing of text inputs submitted to AI tools
• Cloudflare — infrastructure and security (Cloudflare Inc., USA)
• Namecheap — web hosting (Namecheap Inc., USA)

International transfers to the USA are covered by Standard Contractual Clauses or equivalent safeguards.

7. How long we keep your data

• Account data: Retained for as long as your account is active. Deleted within 30 days of an account deletion request.
• Analytics data: Retained by Google Analytics per their standard retention settings (26 months).
• AI tool inputs: Not stored beyond immediate request processing.

8. Your rights under UK GDPR

You have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — request deletion of your account and personal data
• Restriction — ask us to limit how we process your data
• Portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interests

To exercise any of these rights, email hello@johnb.io. We will respond within 30 days.

You also have the right to lodge a complaint with the UK's supervisory authority: the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

The Site uses cookies for the following purposes:

• Authentication: Firebase uses session cookies to keep you logged in
• Analytics: Google Analytics uses cookies to track anonymised usage

You can disable cookies in your browser settings, though this may affect Site functionality including staying logged in.

10. Children's privacy

The Site is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has created an account, please contact us and we will delete the account promptly.

11. Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Significant changes will be notified via a notice on the Site.

12. Contact

For any privacy-related questions or requests: hello@johnb.io