A quiet, careful handling of your data.

Section 01About This Policy

This Privacy Policy describes how Ignicode ("Ignicode," "we," "our," or "us") collects, uses, retains, discloses, and protects personal information when you visit our website, apply for a membership, communicate with our team, participate in mentorship sessions, or use any of the instruments in our software suite (collectively, the "Services").

By accessing the Services or providing personal information to us, you acknowledge that you have read this Privacy Policy. If you do not agree with our practices, please do not use the Services.

Section 02Who We Are (Data Controller)

Ignicode is the data controller responsible for the personal information processed under this Privacy Policy. References to Ignicode include the entity operating the Services and any affiliates or subsidiaries acting on its behalf.

You can reach our privacy team at privacy@ignicode.com. For applicants and members in the European Economic Area or the United Kingdom, you may contact our representative or Data Protection Officer at the same address; mark your message "DPO — Privacy Request."

Section 03Scope & Definitions

This policy applies to all personal information processed by Ignicode in connection with the Services, including the website, the application form, the mentorship layer, and the instruments in the Suite.

Personal Information

Information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with a particular individual or household.

Processing

Any operation performed on personal information, including collection, storage, use, disclosure, transfer, and deletion.

Member

An individual who has been admitted to a cohort and holds an active Gold or Diamond membership.

Applicant

An individual who has submitted a membership application but has not yet been admitted.

Visitor

Any individual who interacts with the Ignicode website or public educational content without applying or enrolling.

Section 04Information We Collect

4.1 Information You Provide to Us

• Account & identity information. Name, email address, telephone number, country of residence, professional background, and any details you provide on the membership application or in your member profile.
• Application content. Free-text answers, goals, areas of focus, and prior experience submitted through the application form.
• Mentorship session content. Notes recorded by your mentor, calibration data, scheduling information, and audio or video recordings of mentorship calls — the latter only with your explicit, written consent at the start of the engagement, and only where lawful in your jurisdiction.
• Payment & billing information. Billing name, address, and the last four digits and brand of your payment card. Full payment card numbers are processed by our payment processor and are never stored on Ignicode systems.
• Communications. The content of emails, support tickets, surveys, and chat messages you send us.
• Voluntary content. Information you choose to submit through community channels, testimonials, research participation forms, or referral programs.

4.2 Information Collected Automatically

• Device & browser data. IP address (truncated where feasible), browser type and version, operating system, device identifiers, time zone, and language preferences.
• Usage data. Pages visited, sections engaged with, features used in the Suite, session timestamps, completion of protocols, and engagement with educational content.
• Performance data inside the instruments. Inputs you provide to a given instrument (e.g., recall accuracy, session length, focus metrics), used to operate, calibrate, and improve the Services.
• Cookies & similar technologies. See Section 14.

4.3 Information from Third Parties

• Payment processors share confirmation of payment and limited tokenized identifiers.
• Identity and fraud-prevention providers may verify the information you submit.
• Analytics and infrastructure providers share aggregated information about how the Services are used.
• Referrals. If a member refers you to Ignicode, we may receive your name and contact information from them.

Section 05Sensitive & Cognitive Performance Data

Some of the information processed by Ignicode relates to your cognitive performance, attention, recall, and behavioral patterns. We treat this information with elevated care.

Where applicable law (including the GDPR and certain U.S. state laws) treats cognitive, behavioral, or biometric performance data as sensitive personal information, we will:

• Process such data only for purposes that are necessary to provide the Services or to which you have explicitly consented;
• Apply additional access controls, encryption, and minimization;
• Honor your right, where granted by law, to limit the use and disclosure of sensitive personal information.

Section 06How We Use Information

We use personal information for the following purposes:

1. To provide the Services — to operate the Suite, authenticate accounts, deliver the membership, schedule and conduct mentorship sessions, calibrate protocols, and process payments.
2. To evaluate applications — to review fit for the current cohort and respond to applicants.
3. To support and communicate with you — to respond to questions, send service messages, share progress reports, and provide customer support.
4. To improve and develop — to analyze usage in aggregate, develop new instruments, refine existing protocols, and conduct internal research and quality assurance.
5. To safeguard the Services — to detect, investigate, and prevent fraudulent, unauthorized, or illegal activity, and to protect Ignicode, our members, and the public.
6. To comply with the law — to meet legal, regulatory, tax, and accounting obligations and to respond to lawful requests.
7. For limited marketing — to share infrequent updates about the lab, new instruments, or upcoming cohorts. You may unsubscribe at any time.

Section 07Legal Bases for Processing (EEA / UK)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR and UK GDPR:

• Performance of a contract. Processing necessary to deliver the membership, mentorship, and Suite to you under our Terms.
• Legitimate interests. Processing necessary for our legitimate interests in operating, securing, and improving the Services, where those interests are not overridden by your rights.
• Consent. Where required — for example, for optional cookies, certain marketing communications, recording of mentorship calls, and processing of sensitive personal information. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Compliance with legal obligations. Processing necessary to comply with applicable law.

Section 08How We Share Information

We share personal information only as described below. We do not sell personal information, and we do not share personal information with third parties for their own independent advertising purposes.

• Service providers and processors. Vendors who operate infrastructure, payments, communications, video conferencing, scheduling, analytics, customer support, and security on our behalf, under written agreements that limit their use of your information.
• Mentors and authorized lab personnel. Your assigned mentor and a small number of authorized Ignicode personnel access information on a need-to-know basis to deliver the Services.
• Professional advisors. Lawyers, accountants, auditors, and insurers, where reasonably necessary.
• Legal & safety. Authorities, courts, or other parties when we believe disclosure is required by law, court order, or to protect the rights, property, or safety of Ignicode, members, or the public.
• Corporate transactions. In connection with a merger, acquisition, financing, restructuring, sale of assets, or insolvency, subject to obligations of confidentiality and continuity of this policy.
• With your direction. When you explicitly ask us to share information with a third party.

Section 09International Data Transfers

Ignicode operates internationally, and personal information may be processed in, or transferred to, jurisdictions other than your own — including the United States. Where required, we put in place appropriate safeguards, such as the European Commission's Standard Contractual Clauses (or equivalent UK or Swiss mechanisms), to protect transfers of personal information outside the EEA, UK, or Switzerland.

Section 10Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to provide the Services, comply with legal and accounting obligations, resolve disputes, and enforce our agreements. Specific retention periods include, by default:

• Membership and mentorship records: for the duration of the membership and up to seven (7) years after termination, primarily for tax, accounting, and dispute-resolution purposes.
• Application records (declined or withdrawn): up to twenty-four (24) months from the date of decision, then deleted or anonymized.
• Performance data inside the instruments: for the duration of the membership; you may request deletion or anonymization of identifiable performance data after the membership ends.
• Mentorship call recordings (where consented): up to twelve (12) months, unless a longer period is required by law or you ask us to keep them longer.
• Marketing contacts: until you unsubscribe or two (2) years of inactivity, whichever comes first.
• Server & security logs: typically twelve (12) months.

Where deletion is not technically feasible (for example, in encrypted backups), we will isolate the information from further active processing until secure deletion is possible.

Section 11Security

Ignicode maintains administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit and at rest where feasible, access controls and the principle of least privilege, regular security reviews, vendor due diligence, and incident-response procedures.

No method of transmission over the internet or electronic storage is one-hundred-percent secure. We cannot guarantee absolute security, but we work to reduce risk continuously and to notify affected individuals and regulators where required by law in the event of a personal data breach.

Section 12Your Rights

Subject to applicable law, you may have the following rights with respect to your personal information:

• Access. The right to confirm whether we process your personal information and to request a copy.
• Rectification. The right to request correction of inaccurate or incomplete information.
• Erasure. The right to request deletion of personal information, subject to certain legal exceptions.
• Restriction. The right to ask us to restrict processing in defined circumstances.
• Portability. The right to receive certain personal information in a structured, machine-readable format and to ask us to transmit it to another controller.
• Objection. The right to object to processing based on our legitimate interests, including profiling, and to opt out of direct marketing at any time.
• Withdrawal of consent. Where we rely on consent, the right to withdraw it.
• Complaint. The right to lodge a complaint with your local data protection authority.

To exercise these rights, contact privacy@ignicode.com. We will respond within the timelines required by applicable law (generally within 30 days, extendable where permitted). We may need to verify your identity before fulfilling certain requests, and we will not discriminate against you for exercising any right.

Section 13California Privacy Notice

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA/CPRA"), provides you with additional rights:

• Right to Know. The categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes, and the categories of third parties to whom we disclose personal information.
• Right to Delete. Subject to legal exceptions, the right to request deletion of personal information.
• Right to Correct. The right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing. Ignicode does not "sell" personal information for monetary value, and does not "share" personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.
• Right to Limit the Use of Sensitive Personal Information. You may request that we limit our use of sensitive personal information to the purposes specified in the regulations.
• Right to Non-Discrimination. You will not receive discriminatory treatment for exercising any of these rights.

You may exercise these rights by emailing privacy@ignicode.com. You may designate an authorized agent to make a request on your behalf, and we will require reasonable proof of authorization.

Section 14Cookies & Similar Technologies

We use cookies and similar technologies to operate the Services, remember preferences, secure sessions, and understand how the Services are used. We use:

• Strictly necessary cookies — required for authentication, security, and core functionality. These cannot be disabled.
• Functional cookies — remember your preferences and improve usability.
• Analytics cookies — help us understand aggregate usage so we can improve the Services. Where required by law, we will request your consent.

You can control cookies through your browser settings and, where applicable, through our cookie banner. Disabling certain cookies may affect the operation of the Services. We do not currently use third-party advertising cookies.

Section 15Third-Party Links

The Services may contain links to third-party websites or services, including videos hosted on third-party platforms. Those third parties are not controlled by Ignicode and have their own privacy practices. We encourage you to read their privacy policies before providing them with personal information.

Section 16Children

The Services are intended for adults. We do not knowingly collect personal information from children under sixteen (16) years of age. If you believe a child has provided personal information to us, please contact privacy@ignicode.com and we will take steps to delete it.

Section 17Do Not Track

Some browsers transmit a "Do Not Track" signal. There is no industry consensus on how to interpret this signal, and Ignicode does not currently respond to it. We honor the privacy choices you make through cookie settings and through the rights described above.

Section 18Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or through a prominent notice on the Services. Your continued use of the Services after the updated policy takes effect constitutes acceptance of the updated terms.

Section 19Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how Ignicode handles your personal information, please contact us:

© 2026 Ignicode · All rights reserved · This document is informational and does not create any contractual rights beyond those granted by applicable law.