Privacy Policy

ForChiefs Leadership Academy

Last updated: March 13, 2026

Who we are

ForChiefs Leadership Academy (“ForChiefs”, “we”, “us”) is a leadership development platform operated by David Noel, based in Vienna, Austria. Our website is noeland.co.

This policy explains what personal data we collect, why we collect it, where we store it, and what rights you have.

What we collect and why

Account information

When you join the Academy through a cohort invitation link, we collect your email address and, optionally, your display name. We use this to authenticate you via magic link (a sign-in link sent to your email) and to associate your account with your cohort.

You may also add a personal email address for backup access. This is optional and stored only so you can continue to access the Academy if your primary email changes.

Legal basis: Contract performance. You are enrolled in a programme and we need your email to deliver it.

Learning progress

As you move through the Academy, we record which sections and tabs you have completed and when. This helps you see your own progress and helps us understand how the Academy is used at an aggregated level.

Legal basis: Contract performance and legitimate interest in improving the product.

Personal reflections and notes

The Academy includes several features where you can write your own thoughts:

• Reflect tab: Space to capture your thoughts below each coaching question.
• Content tab notes: A personal notes area on each content tab (What, Why, How, When).
• Prepare Yours: Text inputs where you plan your own leadership conversations, adapting key phrases and answering preparation prompts.

All of these are private to you. No facilitator, administrator, or other user can see your individual reflections or notes. This boundary is enforced technically through database-level security policies, not just as a policy. Your entries are stored so you can return to them, build on them, and export them.

Legal basis: Contract performance. These features are part of the Academy experience you enrolled in.

Contact form

If you submit an enquiry through the contact form on our For Teams page, we collect your name, company, email, message, and optionally your team size and how you found us. We use this information only to respond to your enquiry.

Legal basis: Legitimate interest in responding to business enquiries.

Technical data

We use essential cookies for authentication and session management only. We do not use analytics cookies, tracking pixels, or third-party advertising tools. We do not sell, share, or otherwise make your data available to advertisers or data brokers.

Where your data is stored

Your personal data is stored in a database hosted by Supabase in London, United Kingdom (eu-west-2 region). The UK has an EU adequacy decision (renewed December 2025, valid until December 2031), which means personal data can flow between the EU and UK without additional safeguards.

Our website is served through Netlify, which processes some requests through servers in the United States. Netlify acts as a data processor and is covered by standard contractual clauses for international data transfers. No personal data is stored by Netlify. Your data at rest is always in the UK.

Service providers

We use the following service providers to operate the Academy:

• Supabase (London, UK): Database hosting, authentication, and file storage.
• Netlify (United States): Website hosting and delivery. Covered by standard contractual clauses.
• Resend / Amazon SES (United States): Transactional email delivery (magic links, email change confirmations). Processes your email address to deliver messages. Covered by standard contractual clauses.
• Porkbun (United States): Domain registration and email forwarding.

None of these providers have access to your personal reflections or notes. They process only the minimum data required for their function (e.g. your email address for authentication and email delivery).

Who has access to your data

You can see and edit your own profile, progress, reflections, and notes at any time.

ForChiefs administrators can see your name, email, cohort membership, enrollment date, last login, and progress data (which sections you have completed). Administrators cannot see your personal reflections or notes through the Academy application. Access to the underlying database is restricted to the system administrator for maintenance purposes only.

Your employer or cohort client may receive aggregated progress reports (e.g. “12 of 16 participants have completed Section 5”). They do not receive individual progress data, reflections, or notes unless you share them yourself.

No other parties have access to your data. We do not share your data with third parties for marketing, analytics, or any other purpose.

How long we keep your data

Your account and data remain active for the duration of your access period (as defined by your cohort or individual subscription). When your access expires, your account enters an inactive state. Your data is preserved in case you rejoin.

If you request deletion, we will delete your account and all associated data (profile, progress, reflections, notes) within 30 days.

If your account has been inactive for 24 months and you have not renewed, we will delete your data automatically.

Your rights

Under the General Data Protection Regulation (GDPR), you have the right to:

Access your data. You can view your profile, progress, reflections, and notes at any time within the Academy. You can also request a full export of your data.

Correct your data. You can update your display name, login email, and personal email in your Settings page.

Delete your data. You can request that we delete your account and all associated data. Email us at hello@noeland.co and we will process your request within 30 days.

Export your data. You can request a copy of all data we hold about you in a machine-readable format.

Object to processing. If you believe we are processing your data unlawfully, you can contact us or lodge a complaint with a supervisory authority.

Lodge a complaint. You have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) or the supervisory authority in your country of residence.

Consent

When you join the Academy through a cohort invitation link, you are asked to confirm that you agree to this privacy policy and consent to ForChiefs Academy processing your data to provide access to the programme. You can withdraw your consent at any time by requesting account deletion.

Data security

All data is encrypted in transit (TLS/HTTPS) and at rest (AES-256 encryption provided by Supabase). Access to the database is restricted to authenticated application requests and administrative access by ForChiefs. We use row-level security policies to ensure users can only access their own data.

Changes to this policy

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top. For significant changes, we will notify you by email.

Contact

For questions about this policy or to exercise your data rights:

Email: hello@noeland.co
Address: David Noel, Vienna, Austria