Skip to content
Jupiter

Legal

Introduction

JUPITER EDTECH LIMITED (‘we’, ‘us’, ‘Jupiter’) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect personal data. It applies to:

  • Visitors to our website at m42k.com.
  • Prospects and customers who provide their details via email, contact form, or sales enquiry.
  • Customers using the Jupiter Service.

We act as a data controller for personal data collected from the website and prospects. When you use Jupiter to manage learner data, we act as a data processor under the Data Processing Addendum at /legal/dpa.

What personal data we collect

From website visitors and prospects

When you visit m42k.com or contact us, we may collect:

  • Your name, email address, company, and job title.
  • Your message content if you submit a contact form.
  • Your IP address, browser type, and pages visited (via web server logs and analytics).
  • Cookies and similar technologies (see /legal/cookies for detail).

From customers using the Service

When you sign up for Jupiter, we collect:

  • Account details: email, name, password hash, company name, and account tier.
  • Billing details: VAT number, billing address, payment method (processed securely by Stripe).
  • Usage data: features you use, data you upload, and how often you access the platform.
  • Communications: support tickets, feedback, and messages sent via in-app chat.

Learner data

When you (the customer) upload learner data to Jupiter, we process it only as your data processor. See the DPA at /legal/dpa for how we handle learner personal data.

How we use personal data

Website visitors and prospects

  • Responding to enquiries: We use your email and message to respond to your contact form or sales enquiry. Lawful basis: legitimate interest and, for marketing, your consent.
  • Product improvement: We anonymise and aggregate usage data to understand user behaviour and improve the website. Lawful basis: legitimate interest.
  • Marketing communications: If you opt in, we send emails about Jupiter updates, features, and compliance insights. Lawful basis: consent. You can unsubscribe at any time.

Customers

  • Providing the Service: We use account and usage data to deliver Jupiter, manage your subscription, and support you. Lawful basis: contract performance.
  • Billing: We process billing details to invoice you and handle payments. Lawful basis: contract performance.
  • Security and fraud prevention: We monitor account activity for unauthorised access and fraud. Lawful basis: legitimate interest.
  • Product improvement: We analyse usage patterns (anonymised) to identify feature requests and usability issues. Lawful basis: legitimate interest.

Cookies and analytics

Our website uses minimal cookies. See /legal/cookies for the full cookie policy. In brief:

  • We use one cookie for strictly necessary functionality (contact form CSRF protection).
  • We do not use third-party analytics or marketing cookies.
  • We honour Do Not Track signals from your browser.

Sharing and disclosure

We do not sell personal data. We do share data with:

  • Subprocessors: When you use Jupiter, your data may be processed by:
    • AWS (cloud hosting, Europe — Frankfurt region by default).
    • Cloudflare (CDN and DDoS protection).
    • Resend (email delivery).
    • Anthropic (AI-based content processing).
    • Stripe (payment processing).
  • Legal obligations: We may disclose data if required by court order, law enforcement request, or regulatory authority (ICO, etc.). We will attempt to notify you unless prohibited by law.
  • Professional advisors: Your data may be shared with our solicitors, accountants, or auditors as needed (under confidentiality obligations).

Data residency

Your data is stored in the EU (AWS Frankfurt region) by default. For Enterprise customers, UK-only storage is available on request.

When we use subprocessors, data may transit through the US (e.g., for AI processing). We rely on UK IDTA and EU Standard Contractual Clauses to ensure lawful international transfers.

Data retention

  • Marketing enquiries: If you contact us but do not become a customer, we retain your details for 24 months. If you reply to a message within that period, the clock resets.
  • Customer data: We retain account, usage, and billing data for the term of your subscription plus 60 days. During that period, you can request deletion.
  • Learner data: We retain only as instructed by you (the customer). You can request deletion of learner data at any time; we will delete it within 30 days.
  • Billing records: We retain invoices and payment records for 6 years (UK tax and company law requirement).
  • Support tickets: We retain support conversations for 12 months from resolution, then delete unless you request retention.

Your rights under UK GDPR

You have the following rights:

  • Access: You can ask for a copy of your personal data we hold. We will provide it within 30 days (or 60 days in complex cases).
  • Rectification: You can ask us to correct inaccurate data.
  • Erasure: You can request deletion of your data, subject to legal obligations (e.g., billing records).
  • Restriction: You can ask us to restrict processing (e.g., during a dispute).
  • Portability: You can ask for your data in a portable format (e.g., CSV).
  • Objection: You can object to certain types of processing (e.g., marketing emails).
  • Withdraw consent: If you consented to processing (e.g., marketing emails), you can withdraw that consent at any time.

To exercise any of these rights, email contact@m42k.com with your request. We will respond within 30 days.

Security

We implement industry-standard security measures to protect personal data, including:

  • Encryption in transit (TLS) and at rest (AES-256).
  • Access controls and role-based permissions.
  • Regular security audits and penetration testing.
  • Incident response procedures.

See our security page at /security for more detail.

International transfers

Personal data is stored primarily in the EU. When data is transferred to other jurisdictions (e.g., for AI processing), we use:

  • UK IDTA (International Data Transfer Addendum) for transfers to countries with UK Adequacy Decisions.
  • EU Standard Contractual Clauses for transfers under EU law.

These mechanisms provide appropriate safeguards equivalent to UK GDPR protection.

Children

Jupiter is not intended for children under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a child, please contact contact@m42k.com immediately.

Changes to this policy

We may update this Privacy Policy at any time. Material changes will be announced via email. Your continued use of the website or Service after a change constitutes acceptance of the updated policy.

Contact and complaints

If you have questions about this Privacy Policy, contact us at contact@m42k.com.

If you believe we have mishandled your personal data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk. You can also contact us first to try to resolve the issue.

Questions about this document? Email contact@m42k.com.

JUPITER EDTECH LIMITED · 12 Orchard Way, Kings Sutton, Banbury, England, OX17 3PZ · Registered in England & Wales.