Back to main site
Legal

Privacy Policy

Last updated: March 2026  ·  Applies to ai.husnainsultan.com

This policy explains what personal data is collected when you visit or purchase from AI Mastery, how it is used, and your rights under UK GDPR. The data controller is Hus Sultan, an individual trading as Highland Code, based in Scotland, UK. If you have any questions, email hello@husnainsultan.com.

1 What data we collect

We only collect the data that is genuinely needed to run this course and communicate with you. Here is what we may hold:

  • Name and email address — when you sign up to the mailing list via the lead capture form on the sales page.
  • Payment information — your card details, billing address, and transaction records are processed by Stripe. We never see or store your raw card number.
  • Skool account data — when you purchase a course, you are directed to create an account on Skool. Skool holds your profile information, course progress, and community activity under their own privacy policy.
  • Usage analytics — anonymised data about page visits (pages viewed, approximate location, device type) collected through Cloudflare Web Analytics. No cookies are used for this; it is privacy-friendly by design.
  • IP address and request logs — Cloudflare retains server-level logs as part of its infrastructure. These are not used for marketing.

2 How we use your data

Your data is used only for the following purposes:

  • Fulfilling your purchase — processing payment through Stripe and granting you access to the course on Skool.
  • Email communications — sending course updates, announcements, and (if you opted in) marketing emails. You can unsubscribe at any time from any email we send.
  • Customer support — responding to questions or requests you send to hello@husnainsultan.com.
  • Improving the site — reviewing anonymised analytics to understand how people navigate the sales page and course content.

We do not sell your data to third parties, and we do not use it for automated decision-making or profiling.

3 Legal basis for processing

Under UK GDPR, we rely on the following legal bases:

  • Contract — processing your payment and granting course access is necessary to fulfil our agreement with you.
  • Legitimate interests — running the website, maintaining security, and analysing anonymised traffic data.
  • Consent — sending marketing emails to people who have signed up to the mailing list. You may withdraw consent at any time.

4 Third-party services

We use a small number of trusted third-party services to run this course. Each handles data under their own privacy policies:

Stripe
Handles all payment processing. Your card details go directly to Stripe — we never see them. stripe.com/gb/privacy
Skool
Delivers the course content, hosts the community, and manages your student account. skool.com/privacy
Cloudflare
Hosts the sales page (Cloudflare Pages) and processes web traffic. Provides privacy-first analytics with no cookies. cloudflare.com/privacypolicy
Resend
Used to send transactional and marketing emails. Your email address is stored here to send you messages. resend.com/privacy

We only work with services that take data protection seriously. We do not share your data with any other third parties.

5 Cookies

This website uses minimal cookies:

  • Stripe — Stripe.js sets a cookie used for fraud prevention when you initiate checkout. This is strictly necessary.
  • Cloudflare — Cloudflare may set a technical cookie (cf_clearance) for bot protection. No tracking or advertising cookies are used.

We do not use Google Analytics, Facebook Pixel, or any other third-party tracking cookies. Cloudflare Web Analytics is cookieless.

6 Data retention

We keep your data only as long as necessary:

  • Purchase records — retained for 7 years to comply with UK tax and accounting obligations.
  • Email list — your email address is held until you unsubscribe or ask us to delete it.
  • Support emails — kept for as long as reasonably needed to handle any follow-up queries, then deleted.
  • Analytics data — anonymised and aggregated; no personal identifiers are retained.

7 Your rights under UK GDPR

If you are based in the UK or EEA, you have the following rights regarding your personal data:

Access Request a copy of the personal data we hold about you.
Rectification Ask us to correct any inaccurate data we hold.
Erasure Ask us to delete your data ("right to be forgotten").
Portability Request your data in a structured, machine-readable format.
Objection Object to processing based on legitimate interests.
Withdraw consent Unsubscribe from marketing emails at any time, instantly.

To exercise any of these rights, email hello@husnainsultan.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been mishandled.

8 International transfers

Some of the third-party services listed above (Stripe, Skool, Resend) are US-based. Where data is transferred outside the UK, we rely on Standard Contractual Clauses or equivalent safeguards recognised under UK GDPR to ensure your data remains protected to UK standards.

9 Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "last updated" date at the top of this page. For significant changes, we will notify active students by email. Continued use of the site after changes are posted constitutes acceptance of the updated policy.

10 Contact

For any privacy-related questions, requests, or concerns, please get in touch directly:

Hus Sultan — Data Controller

Highland Code  ·  Scotland, UK