01Introduction

Next Level Academy ("we", "us", "our") is operated by [LEGAL ENTITY NAME], registered in Spain under company number [REGISTRATION NUMBER], with its registered office at [REGISTERED ADDRESS] and VAT number [VAT NUMBER].

This Privacy Policy describes how we collect, use, and protect personal information when you visit next-levelacademy.com, purchase one of our courses or coaching programs, or otherwise interact with our services.

If you have any questions about this policy or how we handle your data, email us at [email protected].

02Information we collect

Information you provide to us

When you interact with our services, you may provide:

Account and order information: full name, email address, phone number, billing and postal address.
Payment details: credit or debit card information, or PayPal account details. Card data is processed and stored by our PCI-DSS compliant payment partners (Stripe and PayPal). We do not store full card numbers on our servers.
Communication content: messages you send via email, support forms, or in the cohort community.
Content you create: notes, journal entries, posts, or contributions made through our programs and community spaces.
Survey and quiz responses: answers to diagnostic quizzes, intake forms, or feedback surveys you complete.

Information collected automatically

When you use our website or services, we automatically collect:

Device information: browser type, operating system, device type, screen resolution.
Usage information: pages visited, time spent on pages, click paths, referring URLs, video watch progress.
Approximate location: derived from your IP address (typically country and city level).
Cookies and similar technologies: see section 7 below for details.

Information from third parties

We may receive information about you from:

Payment processors (Stripe, PayPal): transaction confirmations and status.
Advertising platforms (Meta, Google Ads): aggregated data about ad performance.
Analytics providers (Google Analytics, Meta Pixel): aggregated traffic and conversion data.

03How we use your information

We use the personal information we collect for the following purposes:

Delivering our services: setting up your course or cohort access, scheduling live calls, providing customer support, granting community access.
Processing payments: charging your card, sending receipts, handling refunds and payment plan installments.
Communicating with you: sending welcome emails, course updates, important announcements, and (with your consent) marketing communications about new programs, cohort openings, and content.
Improving our services: analyzing how our courses and pages are used so we can improve them.
Running our business: bookkeeping, tax compliance, fraud prevention, security monitoring.
Meeting legal obligations: responding to legal requests and complying with applicable regulations.

04Legal bases for processing

If you are located in the European Union, European Economic Area, or United Kingdom, our legal bases for processing your personal data under the GDPR are:

Contract: processing necessary to provide the services you have purchased or requested.
Legitimate interests: improving our products, preventing fraud, conducting analytics, sending service-related communications. We balance these interests against your fundamental rights.
Consent: where you have opted in to receive marketing communications or non-essential cookies.
Legal obligation: where processing is required to comply with applicable law (for example, retaining payment records for tax purposes).

You may withdraw consent at any time by contacting us. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

05How we share your information

We do not sell your personal data. We share information only in the following circumstances:

Service providers: with companies that help us run our business, including payment processing (Stripe, PayPal), marketing automation and customer records (GoHighLevel), email delivery, web analytics (Google Analytics, Meta Pixel), and cloud hosting. These providers are contractually bound to protect your data and use it only for the purposes we authorize.
Legal requirements: where required by law, court order, or competent government authority.
Business transfers: if our business is sold, merged, or restructured, your information may be transferred to the new entity under continued protection equivalent to this policy.
With your consent: any other sharing requires your explicit, informed permission.

06International data transfers

Some of our service providers are located outside the European Economic Area, including in the United States. Where personal data is transferred internationally, we rely on appropriate safeguards including:

Standard Contractual Clauses approved by the European Commission.
Adequacy decisions for jurisdictions the European Commission has recognized as providing adequate protection.
Certified frameworks such as the EU-US Data Privacy Framework, where applicable.

You may request more information about the specific safeguards in place by contacting us.

07Cookies and tracking technologies

We and our partners use cookies and similar technologies to operate our site, understand how visitors use it, and (with your consent) deliver relevant advertising. The categories of cookies we use are:

Essential cookies: required for the website to function. These cannot be disabled. Examples: maintaining your login state, remembering items in your cart.
Analytics cookies: help us understand how visitors find and use our site. Examples: Google Analytics.
Marketing cookies: track ad performance and personalize advertising on third-party platforms. Examples: Meta Pixel, Google Ads conversion tracking.

You can manage your cookie preferences through our cookie banner or your browser settings. Blocking essential cookies may prevent some site features from working as intended.

08Your rights

If you are located in the EU, EEA, or UK, the GDPR gives you the following rights regarding your personal data:

Right of access: request a copy of the personal data we hold about you.
Right to rectification: ask us to correct inaccurate or incomplete data.
Right to erasure: request deletion of your personal data ("right to be forgotten"), subject to certain legal exceptions.
Right to restriction: ask us to limit how we use your data in certain circumstances.
Right to data portability: receive your data in a structured, machine-readable format and transmit it to another controller.
Right to object: object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
Right to lodge a complaint: with your local supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).

To exercise any of these rights, email [email protected] with your request. We will respond within one month, as required by GDPR.

09Data retention

We keep personal data only for as long as necessary for the purposes set out in this policy:

Account and course access data: retained for the duration of your access (lifetime, for courses with lifetime access) plus 12 months.
Payment and transaction records: retained for at least 6 years to meet Spanish tax and accounting obligations.
Marketing data: retained until you unsubscribe, or for 24 months after your last interaction with us, whichever is sooner.
Support correspondence: retained for 24 months after the matter is resolved.
Community content: retained for the duration of your community access plus 12 months.

After these periods, your data is securely deleted or anonymized.

10Security

We use industry-standard technical and organizational measures to protect your data, including 256-bit SSL/TLS encryption for data in transit, secure password hashing for accounts, PCI-DSS compliant payment processing handled by Stripe and PayPal, restricted internal access on a need-to-know basis, and regular reviews of our security practices.

No system is completely secure. If we become aware of a data breach affecting your personal information, we will notify you and the relevant supervisory authority within the timeframes required by GDPR.

11Children's privacy

Our services are not directed at, or intended for, anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us at [email protected] and we will delete it.

12Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Material changes will be notified to you by email or by a prominent notice on our website before they take effect. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

13Contact us

Questions about this policy or how we handle your data? Want to exercise your rights?

Email: [email protected]
Postal address: [LEGAL ENTITY NAME], [REGISTERED ADDRESS]

If you are not satisfied with our response, you have the right to lodge a complaint with the Agencia Española de Protección de Datos at aepd.es.