Privacy Policy

SystemShift is a company registered in London, United Kingdom, SW1Y 4BP. We run systemshift.com and the Leadership Development Platform — a learning tool built to help people grow professionally within their organisations.

Because we're a UK company, we handle your personal data under the UK GDPR and the Data Protection Act 2018. If you're based in the EU or EEA, the EU GDPR applies to your data too. If you're somewhere else in the world, we still treat your data with the same care and follow any applicable local laws.

This Privacy Policy explains what information we collect from you, why we collect it, how we use it, and what rights you have. We've tried to write it in plain language — if anything is unclear, feel free to get in touch at help@systemshift.com.

By using the Platform, you agree to the practices described in this Policy. If you don't agree, please stop using the Platform.

When we say “Personal Information” we mean anything that can identify you, either on its own or combined with other data — things like your name, email address, or account activity. We will never sell, rent, or pass your Personal Information to third parties except in the specific situations described below.

We also collect what we call “Usage Data” — anonymous, aggregated statistics about how people use the Platform as a whole. Usage Data never identifies you personally. We use it to understand how the Platform is performing and where we can improve it. We may share this kind of anonymised data with partners and service providers for things like analytics and platform development.

One important note: data we receive through Google (via Google Sign-In or the Calendar integration) is never treated as Usage Data and is never included in any third-party sharing. It's handled separately, as explained in the Google section below.

Information you give us

When you create an account, we ask for basic details like your name, email address, and the organisation you're affiliated with. You can also choose to add more to your profile — things like your job title, department, learning goals, or preferred learning style. None of this extra information is required; it's there to make your experience more relevant.

As you use the Platform, we automatically save your progress — courses completed, tasks performed, and when you last logged in. This is what allows you to pick up where you left off and lets your L&D Manager track your development.

If you contact us or send messages through the Platform, we may keep a record of those communications to help us provide support.

We use your information to run and improve the Platform, keep your account secure, communicate with you about your learning, and carry out internal research into how well the Platform works — always using anonymised data, never anything that identifies you individually. We will never share identifiable learner data with external researchers without your explicit consent.

If you pay for access, we process your payment details through our payment provider. We don't store your card information on our servers. All payment data is handled by our provider and protected by industry-standard encryption.

We will never email you asking for your account password or login details. If you ever receive an email like that claiming to be from us, please forward it to help@systemshift.com straight away.

Not everyone on the Platform sees the same information. Here's how access works:

• Your L&D Manager can see your full learning progress — courses completed, assessment scores, and engagement activity. This is specifically so they can support your professional development within your organisation.
• Platform Administrators can only see your name, organisation, and email address. They use this for account management and technical support, not for monitoring your learning.
• No other users can see your Personal Information.
• SystemShift staff only access your data when it's operationally necessary — for example, to resolve a support issue — and they're bound by strict confidentiality.

People from anywhere in the world can use the Platform, and your data is protected regardless of where you're based. Where required by law, we'll put a Data Processing Agreement in place with your organisation to make sure cross-border data transfers are handled correctly.

If you're based in the US and your organisation is an educational institution covered by FERPA (the Family Educational Rights and Privacy Act), some of your learner records may qualify as “education records” under that law. In those cases, SystemShift acts in the role of a “school official” as FERPA defines it, and handles your data accordingly. If you want to exercise your rights under FERPA, you'll need to contact your institution directly — they're the ones responsible for those records.

Sometimes we receive information about you from third-party services — for example, if you sign in through Google, they'll pass us your account details as part of that process. We only receive what you've authorised them to share.

We also work with third-party service providers who help us run the Platform — things like cloud hosting, email delivery, and analytics. We share only what they need to do their job, and they're not allowed to use your data for anything else, especially not marketing.

If you connect external apps to the Platform, we may need to store access credentials to enable that connection. These are encrypted and used only to perform the actions you've authorised. If you connect an external app, please be aware that we're not responsible for how that app handles your data — that's governed by its own privacy policy.

You can sign into the Platform using your Google account. When you do, we only ask for the minimum information we need: your name, email address, and profile picture. We use these solely to create and manage your account.

We also connect with Google Calendar, but only if you choose to enable it. With your permission, the Platform can:

• Add learning events (like class schedules and deadlines) directly to your calendar
• Read your existing events to avoid scheduling clashes when creating new ones
• Send you calendar reminders for upcoming learning activities

We don't access your calendar for any other reason, and we don't store calendar data beyond what's needed to deliver these specific features.

Data we get through Google is used only for the features above. We don't use it for ads, we don't build profiles with it, and we don't share it with anyone for marketing. Our use of Google data follows Google's API Services User Data Policy, including the Limited Use requirements.

You can disconnect SystemShift from your Google account at any time by going to myaccount.google.com/permissions and removing SystemShift from the list. This will turn off Google Sign-In and the Calendar features, but you'll still be able to use the Platform through other login methods if available.

Like most web platforms, we automatically collect basic technical information when you visit — things like your IP address, browser type, time zone, and screen resolution. We use this purely for monitoring the Platform's performance and fixing technical issues. It's not linked to your identity.

There are situations where we may be required by law to share information — for example, if we receive a court order, a legal request from law enforcement, or if we need to protect someone's safety. We'll only do this when we genuinely have to, and we'll always try to notify you where the law allows us to.

We use cookies and similar technologies to keep you logged in, remember your preferences, and understand how the Platform is being used. Here's what we use them for:

• Remembering your session so you don't have to log in again on every visit
• Saving your learning preferences and progress
• Keeping the Platform running smoothly and diagnosing technical problems
• Showing you relevant content and learning recommendations
• Measuring overall Platform usage through anonymous analytics

You can manage or disable cookies through your browser settings, but be aware that doing so may affect how some parts of the Platform work. For more detail, see our separate Cookie Policy.

We may also share your Personal Information with other entities within the SystemShift group where that's necessary to operate the Platform.

The Platform may include links to other websites. These are provided for your convenience and don't mean we endorse them. Once you leave our Platform, this Policy no longer applies — the other site's own privacy rules take over. We're not responsible for what happens on those sites.

If the Platform includes public discussion areas or community forums, anything you post there will be visible to other users. Think carefully before sharing Personal Information in these spaces. If you want something removed, contact us at help@systemshift.com and we'll do our best to help — though in some cases complete removal may not be possible.

If we ever publish a testimonial that includes your name, we'll always ask for your permission first.

We take security seriously. The Platform uses SSL/TLS encryption for all data in transit, and sensitive information is encrypted at rest. We have technical, administrative, and physical safeguards in place, and we regularly review our practices to make sure they're up to scratch.

For data we receive through Google specifically, we apply additional protections:

• Google OAuth tokens and Calendar data are encrypted both in transit and at rest
• Access to Google user data is restricted to the small number of staff who genuinely need it to operate the Platform
• We don't store Google Calendar content beyond what's needed to deliver the calendar features
• We carry out regular reviews to stay aligned with Google's API User Data Policy

That said, no system is completely immune to risk. Email and other online communications can never be fully secured, so please be thoughtful about sensitive information you send us through those channels.

SystemShift is based in the UK, but we use third-party infrastructure providers who may store or process data in other countries. We make sure any such transfers are covered by appropriate legal safeguards.

For users in the EU, EEA, UK, or Switzerland: we transfer data internationally using Standard Contractual Clauses approved by the European Commission. We also participate in the EU-US Data Privacy Framework, the UK Extension to it, and the Swiss-US Data Privacy Framework — the frameworks that replaced the old Privacy Shield arrangements after they were invalidated in 2020. If you're in one of these regions, please also read our EU & Swiss Privacy Policy for more detail.

You can choose not to provide certain Personal Information, though this may mean some features of the Platform aren't available to you. We only send transactional emails — things like account notifications, course updates, and calendar reminders. We don't send marketing or promotional emails.

You can manage cookies through your browser settings. Disabling them may affect parts of the Platform. Some third-party vendors also offer their own opt-out tools on their websites.

If you have a Platform account, you can update or delete your Personal Information by logging in and making changes directly. If you don't have an account but we hold data about you, contact us at help@systemshift.com and we'll sort it out within a reasonable timeframe.

If you're an end user who was given access through an organisation, that organisation controls your data. Any requests to access, correct, or delete your records should go to them first, since they're the data controller for your information.

We keep your Personal Information for as long as your account is active or as long as we need it to provide the Platform. When an organisation's subscription ends, we follow our internal process for deleting account data.

For Google data specifically, the rules are tighter. We only keep it for as long as the feature that uses it requires. OAuth tokens are encrypted and deleted when you disconnect your Google account. Calendar event data isn't stored permanently — it's fetched on demand and not cached beyond the current session, unless it's needed for a scheduled reminder. If you disconnect your Google account, we'll stop accessing your data immediately and delete any stored tokens within 30 days. You can also ask us to delete your Google data at any time by emailing help@systemshift.com.

The Platform is not designed for children under 13, and we don't knowingly collect data from them. If you're a parent or guardian and think your child has somehow created an account, please contact us and we'll delete it promptly.

We may update this Policy from time to time. If we make significant changes, we'll let you know by email or by posting a notice on the Platform before the changes kick in. The “Last Updated” date at the top of the page will always tell you when it was last revised. Continuing to use the Platform after an update means you accept the new version.

If SystemShift is ever acquired, merged with another company, or goes through a significant restructure, your account information may be transferred as part of that process. Any new owner would be required to honour this Policy, or give you proper notice if they plan to change how your data is handled.

If you have any questions about this Policy or how we handle your data, we'd love to hear from you:

• Email: help@systemshift.com
• Programmes team: programmes@systemshift.com
• Website: systemshift.com

If you're not happy with how we've handled your data, you also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.