Privacy Policy

Last updated: March 2026

1. Who we are

The MustardTree Group ("we", "us", "our") is a company registered in England and Wales. We operate the LifeSpark360 platform at lifespark360.com and associated subdomains. We are the data controller for the personal data processed through this platform.

2. What data we collect

We collect the following categories of personal data:

  • Account information: name, email address, and password (stored as a cryptographic hash)
  • Profile data: phone number, location, profile type, and LinkedIn URL (if provided)
  • Assessment data: your responses to the LifeSpark360 Readiness Assessment and the resulting scores
  • CV data: uploaded CV files and the AI-generated review results
  • Programme data: session records, pre-session questionnaire responses, workbook submissions, and micro-action progress
  • Technical data: IP address (for rate limiting only, not logged), browser type, and request timestamps

3. How we use your data

We use your personal data for the following purposes:

  • To provide and operate the LifeSpark360 and Seedbed coaching programmes
  • To score your readiness assessment and recommend the appropriate programme
  • To analyse your CV using AI and provide structured feedback
  • To enable your assigned trainer to deliver coaching sessions effectively
  • To send transactional emails (session reminders, document releases, programme updates)
  • To process payments via our payment provider (Stripe)
  • To maintain platform security and prevent abuse

4. Legal basis for processing

We process your data under the following legal bases:

  • Contract: processing necessary to deliver the coaching programme you have enrolled in
  • Consent: for the readiness assessment and CV review (submitted voluntarily)
  • Legitimate interest: platform security, fraud prevention, and service improvement

5. Data sharing

We share your data only with:

  • Your assigned trainer: session notes, PSQ responses, micro-action status, and assessment results
  • Cloudflare: our infrastructure provider (data processing agreement in place, EU data residency)
  • Stripe: for payment processing (they act as an independent controller for payment data)
  • Resend: for transactional email delivery

We do not sell your personal data. We do not share it with advertisers or marketing platforms.

6. Data storage and security

All data is stored on Cloudflare infrastructure within the European Union (EU). Sensitive fields (email, phone, personal notes) are encrypted at the application layer using AES-256. All traffic is encrypted in transit using TLS 1.3. CV files are stored in private object storage accessible only via time-limited signed URLs.

7. Data retention

  • Account data: retained until you request deletion
  • Assessment data: retained for 2 years after completion
  • Programme data: retained for 2 years after programme completion
  • CV files: retained for 1 year after review, then automatically deleted
  • Audit logs: retained for 1 year for security purposes

8. Your rights

Under UK GDPR, you have the right to:

  • Access: request a copy of all personal data we hold about you
  • Rectification: correct any inaccurate personal data
  • Erasure: request deletion of your personal data ("right to be forgotten")
  • Portability: receive your data in a machine-readable format
  • Objection: object to processing based on legitimate interest
  • Restriction: request restriction of processing while a complaint is resolved

To exercise any of these rights, contact us at hello@mustardtreegroup.com. We will respond within 30 days.

9. Cookies

This platform uses only essential cookies required for authentication and security. We do not use tracking cookies, analytics cookies, or advertising cookies.

10. Contact

For any questions about this privacy policy or your personal data, contact:

The MustardTree Group
Email: hello@mustardtreegroup.com