Privacy Policy

Next Gen Learning (NGL)

July 2025

1. Introduction

Next Gen Learning ("NGL", "we", "us" or "our") is a South Africa–registered education technology company committed to protecting your privacy and handling your personal information responsibly. We primarily serve adult learners and working professionals globally through courses co-created with leading universities and institutes. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our educational products and services. We adhere to applicable data protection laws – including the EU General Data Protection Regulation (GDPR), UK GDPR, South Africa’s Protection of Personal Information Act (POPIA), the California Consumer Privacy Act (CCPA), and U.S. education privacy laws like FERPA – which regulate the use of educational data and grant you various rights. Our services are not intended for children under 13, and we do not knowingly collect data from them in compliance with COPPA. By engaging with our platform (e.g. enrolling in a course, participating in a session, or using our site), you acknowledge the practices described in this Privacy Policy.

2. Data Collection and Consent

We believe in transparency and user control regarding data collection. Before or during enrolment in our courses or use of our platform, we will inform you of the data we collect and the purposes for processing. In many cases, we will seek your explicit consent for certain data uses, especially those not strictly necessary for delivering the core service. This consent is voluntary, granular, and may be withdrawn at any time without penalty. For example, during signup you may be asked to agree to specific uses of your data (detailed below) such as personalising your learning or receiving marketing emails. Where consent is our legal basis (per GDPR Article 6(1)(a)), we will only process your data for those agreed purposes. In other cases, we rely on additional legal bases like contractual necessity or legitimate interests (with appropriate safeguards). If you decline or withdraw consent for optional uses, you will still have access to core educational features.

Purposes of Collection (Consent Scope): When we request consent, we clearly explain each purpose. These include:
‍

Personalised Learning Experience: Using your data to tailor content, feedback, and course pacing to your needs.
Teaching Team Insights: Providing instructors and academic staff with reports on class progress and learning trends.
Educational Research: Analysing anonymised or pseudonymised data to improve learning outcomes and our platform’s effectiveness.
Marketing Communications: Sending updates on new courses, services, or surveys (only with your opt-in).

Consent will be obtained separately for each of the above where required, and you may choose which aspects to opt into. We will not use your personal data for any purpose that is incompatible with these specified uses without asking for additional consent.

3. Data We Collect

We collect only the personal data that is relevant and necessary to provide you with our educational services and improve our platform. This includes:

Contact Information: e.g. your name, email address, phone number, and organisation/employer (used for account setup and communication).
Professional & Profile Information: e.g. your job title, industry, areas of expertise, or education history (to tailor course content and networking).
Learning Activity Data: e.g. your course enrolments, attendance records, assignment submissions, quiz results, progress metrics, and feedback responses (collected to track your learning progress and enhance your experience).
Technical Data: e.g. device and browser information, IP address, login times, and usage logs of our platform (collected automatically to ensure platform functionality, security, and to troubleshoot technical issues).
Recorded Content: If applicable, audio/video recordings of live sessions, AI-generated transcripts of classes, chat or forum contributions, and any projects or content you create on the platform. These are collected to enable learning review, AI tutoring features, or community interaction. We minimise capturing sensitive audio/video; recordings focus on instructors’ content, and we anonymise participant inputs where possible.
Payment and Transaction Data: If you make payments for courses or services, we (or our payment processor) collect information such as your payment card details (handled securely by our payment partner), billing address, and transaction history. Note: NGL uses trusted third-party payment processors (e.g. Stripe) and does not store your full financial account numbers on our systems.

Data Collection Methods: We collect data directly from you (through forms, surveys, course activities), automatically through your interactions with our platform (using cookies and analytics tools), and from third parties when you integrate external accounts or when we receive info from partner universities involved in delivering a co-created course. All data is collected in accordance with applicable law and with your knowledge. Where required, we will obtain your consent (for instance, before recording a live session or before using optional cookies).

4. How We Use Your Data

We use your personal data to deliver, support, and improve our educational services. Specifically, the key uses of your data are outlined below. For each category, we list the purpose, the legal basis for processing (under applicable laws), compliance measures, and your rights regarding that use.

4.1 Learning Personalisation
‍
Purpose: We use your personal data (such as your learning activity and performance data) to enhance and personalise your learning experience. This includes adjusting content recommendations, providing tailored feedback or hints, and adapting the pacing or difficulty of material based on your engagement and progress. Our AI-driven tutoring systems and recommendation engines analyse your interactions to offer a customised learning path just for you.

Legal Basis & Compliance: The primary legal basis for this personalised processing is your explicit consent under GDPR Article 6(1)(a) (where required). We adhere to the GDPR’s principles of purpose limitation and data minimisation – using your data only to accomplish the personalisation you have agreed to. In regions like Europe, this kind of adaptive learning analytics is only performed with appropriate transparency and user approval. In the United States, if our services are used in a school context, we ensure compliance with FERPA by treating Personalised learning data as part of the educational record that cannot be disclosed beyond the school/authorised provider without consent. All personalisation algorithms are designed with privacy-by-design safeguards: for example, any automated decisions affecting you (e.g. adjusting your course difficulty) are never made in a way that produces legal or significant effects without human oversight. We explain the logic of such features to you and always allow for human review or intervention upon request, in line with GDPR provisions on automated decision-making.

Your Rights: Participation in personalised learning is optional. You can access the personal data used for personalisation and request an explanation of any automated recommendations made to you. You have the right to opt out of personalised content or analytics at any time, in which case your learning experience will revert to a standard format without adaptive features (this will not affect your access to core course materials). If you opt out, we will cease using your data for personalisation promptly. Opting out will not incur any penalty or diminished service other than the loss of the personalisation benefits. You retain all other rights over your data, including the right to have any profiling data corrected or erased as applicable.
‍
4.2. Teaching Team and Faculty Insights

Purpose: We may provide aggregated and individual performance insights to your course instructors, teaching assistants, or academic faculty involved in your program. This helps them understand the class’s overall progress, identify common difficulties or frequently missed questions, and tailor their teaching strategies or offer targeted help. For example, an instructor might see a dashboard of which quiz questions most students struggled with, or be notified if an individual learner is falling behind on assignments so they can reach out with support. These insights enable better lesson planning, timely interventions, and more relevant content updates to improve the learning experience for everyone.

Legal Basis & Compliance: For users in jurisdictions under GDPR, this processing is based on NGL’s legitimate interest in improving educational outcomes (GDPR Article 6(1)(f)), balanced against your data protection rights. We implement safeguards to ensure this data sharing with faculty is minimally intrusive: wherever possible, data is pseudonymised or aggregated before being shared, so instructors see trends and analytics without unnecessary personal identifiers. Individually identifiable data is only provided to staff when necessary (for example, to alert an instructor that you specifically might need help, if such alerting is part of the learning support process) and always under strict confidentiality. In South Africa, we treat student performance data as sensitive and ensure compliance with POPIA’s requirements for handling special personal information, meaning we justify this use and apply extra security and privacy safeguards. In the US, if applicable, FERPA allows sharing of student information internally with school officials (including teachers or contracted online providers like NGL) for legitimate educational interests under the “school official” exception, as long as the data is used only for educational purposes and not disclosed further. NGL acts as an extension of the educational institution in such cases, maintaining direct control and not redisclosing personal data beyond the authorised education personnel.

Your Rights: Your personal information and learning records will never be visible to other students or any external parties without your consent. Insights shared with teaching staff are used solely to support your education. If you have concerns, you may request that your individual data be excluded from certain analytics or progress reports that are not essential to your course (for instance, you could ask that your participation data not be included in aggregated class statistics used for research or product improvement – and we will honor such requests where feasible). We will not deny you any service or academic benefit if you exercise this right; however, note that instructors may still receive necessary information about your coursework if it is relevant to grading or providing academic support (which is a core part of the service).
‍
4.3 Use of Data for Educational Research

Purpose: We are continuously striving to improve learning outcomes, refine our course design, enhance teaching methods, and measure the effectiveness of our platform. To these ends, we may use data generated on our platform for educational research and product development. Research uses might include analyses of how students learn with AI tutors, studies of which course components lead to better retention of knowledge, or academic research papers in collaboration with universities on learning science. Whenever possible, we use anonymised or pseudonymised data for research – meaning the data is stripped of direct personal identifiers and aggregated, so it cannot be readily linked back to any specific individual.

Legal Basis & Compliance: Under GDPR, research aimed at improving education can be considered a purpose compatible with initial data collection and may fall under the regime of scientific or historical research (as outlined in GDPR Article 89). If we use your data for genuine research purposes, we implement the requisite safeguards Article 89 requires, such as technical and organizational measures to ensure respect for data minimization and to prevent re-identification. Where research cannot be done with fully anonymous data, we will either seek your explicit consent to include your personal data in the study or ensure another valid legal basis (for instance, a research carried out in the public interest by an academic institution might rely on Article 6(1)(e) combined with Article 89 safeguards). We also subject formal research projects to ethical review or institutional oversight when appropriate (for example, if partnering with a university’s researchers, we follow academic ethics board guidelines). In all cases, any research findings published or shared will be in aggregate form or with identities removed. We also comply with other applicable privacy laws in this context: for example, South Africa’s POPIA and California’s CCPA both mandate transparency and strict purpose limitation for any secondary use of data. We do not use research data to make decisions about you individually unless you have explicitly consented to such use. This means, for instance, if our analysis reveals a certain learning pattern, we will not take action affecting your progress based on that analysis alone unless it is part of the service you signed up for. Research analyses remain separate from individualized services unless you opt in.

Your Rights: Participation in research uses of data is optional. You will have the opportunity to opt in or out of having your data included in research that goes beyond routine product improvement. Even if you initially consent, you retain the right to withdraw from ongoing research at any time. If you do opt out or withdraw, we will cease using your identifiable data for research promptly. If data has already been anonymised and aggregated in a research project, we may not be able to remove that data (because it can no longer be linked to you), but any non-anonymised research records would be deleted. You can also request that we delete any research-related data about you that is not fully anonymised, and we will honor such requests wherever feasible (unless it’s necessary to keep the data for legal/regulatory reasons, in which case we will inform you). Opting out of research will not affect your access to NGL’s learning services.
‍
4.4. Use of Data for Marketing Communications

Purpose: If you choose to, you can allow us to use your contact information (such as your email address or phone number) to send you marketing communications. These communications may include newsletters about new courses or programs, Personalised course recommendations, special offers, surveys about your learning interests, or updates and news about NGL. We strive to send content that is relevant and valuable to you, and we will not inundate you with marketing messages. Typically, you will receive such communications only if you have opted in to receive them.

Legal Basis & Compliance: We rely on your consent to send direct electronic marketing messages, in line with GDPR requirements and the EU Privacy Directive which generally requires prior opt-in for email/SMS marketing. (For example, by ticking a checkbox to subscribe to a newsletter or by not unchecking a default-off box during registration.) Even in jurisdictions where we might be allowed to use a different lawful basis, we choose to follow the strictest standard of consent for marketing to respect your privacy preferences. If you are a California resident, please note we do not “sell” your personal information as defined under CCPA. In any case, CCPA gives you the right to opt out of any sale or sharing of your info, and we honor that right (we actually never sell or rent user data to third parties). We also comply with all applicable anti-spam and marketing laws such as the U.S. CAN-SPAM Act, Canada’s CASL, the UK PECR, and other similar regulations – this means every marketing email will have a clear unsubscribe link and accurate sender information, and we will promptly honor opt-out requests. Additionally, GDPR Article 21 gives you the right to object to direct marketing at any time; we make it easy for you to exercise this by allowing instant unsubscribe or profile preference changes.

Your Rights: If you have given consent to marketing, you can withdraw that consent at any time. Every promotional email from us will include an “unsubscribe” link at the bottom – clicking that will stop further emails. You can also adjust your communication preferences in your NGL account settings or by contacting us directly. Once you opt out, we will cease using your contact info for marketing purposes immediately (except for communications related to service announcements or transactions, which are not promotional). Opting out of marketing will not affect your access to our core educational services or your enrolment in any courses. Even after you unsubscribe, you may still receive necessary service emails (for example, course reminders, receipts for payments, or policy updates). If you have any issues managing your communication preferences, you can reach out to us and we will assist.

5. Data Security and Storage

We take the security of your personal data very seriously. NGL implements robust technical and organisational security measures to protect your information from unauthorised access, loss, or misuse. These measures include, at a minimum: encryption of personal data in transit and at rest (to prevent eavesdropping or theft of data), access controls ensuring that only authorised NGL personnel or contractors can access the data they need for their job (for example, instructors only see data for their students, and support staff can only access your data when helping you with an issue), regular security audits and penetration testing of our systems, and continuous monitoring for potential vulnerabilities. We follow industry best practices for software development and cloud security, including keeping our systems updated and patched. All data is stored on secure servers using modern cloud infrastructure with high reliability and compliance standards. Specifically, our primary servers and databases are hosted in the London (UK) region of Google Cloud Platform (ensuring compliance with UK and EU data protection standards), and we use EU-based or compliant data centres whenever feasible. We also conduct training for our staff on data privacy and security. In the unlikely event of a security incident (data breach), we have a detailed response plan to contain and fix the issue, and we will notify affected users and relevant authorities as required by law. We want you to learn with confidence knowing that your data is safe with us.

6. Data Minimisation and Retention

We only collect the minimum amount of personal data needed to achieve the purposes described in this policy. We are committed to the principle of data minimisation, which means we do not ask for or retain data that isn’t relevant to your learning experience or our service’s operation. For example, if demographic information (like age or gender) is not needed, we won’t collect it; if we just need an email and name to enrol you, we won’t collect extra contact details, etc.We also limit how long we keep personal data. Retention periods are defined based on operational needs and legal requirements. In general, we retain your personal information only as long as necessary to fulfill the purposes it was collected for, or as required by law or legitimate business interests (such as accounting or fraud prevention). For instance, course participation records and any associated recordings are typically kept for up to one year after a course ends, to allow you to review content and for us to evaluate the course’s success. After that, such data may be deleted or irreversibly anonymised. Anonymised learning data (which no longer identifies you) may be retained for longer periods (potentially indefinitely) for research or product development purposes. Other data like account information may be kept as long as you have an active account with us, and for a reasonable period after if you decide to leave (to make it easier if you return, or for record-keeping required by law). When personal data is no longer needed, we either delete it or anonymise it in a secure manner. We also periodically review the data we hold and erase or anonymise information that is no longer necessary. If you request deletion of your data, we will securely erase your personal data (subject to any legal obligations to retain certain information, which we will communicate to you). Our data retention practices comply with GDPR and POPIA requirements for storage limitation and accuracy.

7. Data Sharing and Third-Party Processors

We do not sell or rent your personal data to anyone. We only share your information in the specific circumstances outlined below, and always under strict conditions designed to safeguard your privacy.

With Course Instructors and Partner Institutions

If your course is delivered by live instructors or co-created with a university or educational partner, we share only the information necessary to facilitate teaching, support, and assessment. For example, instructors may have access to your name, course profile, and relevant learning activity to help you succeed in the programme. These individuals and institutions are contractually bound by confidentiality obligations and, where applicable, data protection agreements. They are permitted to use your information solely for educational purposes in accordance with this Privacy Policy. We never share information that is not relevant to your specific course, and your data is not visible to other learners without your consent.
‍
With Service Providers (Third-Party Processors)

To operate our platform and provide a seamless learning experience, NGL works with carefully selected third-party service providers. These include:Cloud Infrastructure Providers for hosting servers, databases, and platform services in secure environments, with a strong focus on compliance and data residency (e.g., UK and EU-based storage).AI and Learning Technologies that enable interactive tutorials, adaptive feedback, and automated transcription or summarisation—used only when necessary to deliver educational value and governed by data minimisation and privacy-by-design principles.

Platform Engineering and Monitoring Services that support secure development, error tracking, and operational continuity.

Analytics and Optimisation Tools that help us understand how our website and platform are used, so we can improve performance and user experience. These services do not receive personally identifiable information unless essential, and we apply IP anonymisation and cookie controls where required.

Communications and Support Tools that power our helpdesk, live chat, and learner engagement activities. These systems may retain your messages, preferences, or support tickets in order to assist you more effectively.

Marketing Systems (used only with your explicit opt-in) that manage newsletters, updates, and course announcements, with tracking enabled solely to assess content performance and engagement.

Payment Processors that securely handle course enrolments and transactions. Financial data is transmitted directly to the payment provider and never stored on NGL’s servers.

These processors act strictly on our instructions and are contractually prohibited from using your personal data for any purpose beyond providing their services to us. Each provider is vetted for compliance with GDPR, POPIA, and other relevant data protection standards, and where required, we have Data Processing Agreements (DPAs) in place. For international transfers, we ensure appropriate safeguards such as Standard Contractual Clauses.

Note: We do not list the names of all third-party processors in this policy to protect NGL’s proprietary technology architecture. However, a detailed list is available to partners under confidentiality as part of our data protection agreements, or to individuals upon legitimate request.
‍
With Legal or Regulatory Authorities

We may disclose personal data if required by law, regulation, legal process, or government request. This includes compliance with subpoenas, court orders, or lawful requests by regulators. In all such cases, we will limit the disclosure to what is strictly necessary and lawful, and where possible, we will inform you before disclosing your data.
‍
In the Event of a Business Transfer

If NGL undergoes a merger, acquisition, or asset transfer, your data may be part of the assets transferred to the new entity. In such cases, the successor will be required to honour this Privacy Policy, and you will be notified of any change in data stewardship.

Except for the scenarios listed above, we do not disclose your personal data to any other parties, including other learners, customers, advertisers, or data brokers. All parties who process your data on our behalf are bound by strict confidentiality and data protection obligations.

8. Data Breach Response

Despite all our safeguards, no method of transmission or storage is 100% secure. In the unlikely event of a data breach (meaning personal data is accessed by unauthorised persons, lost, or stolen), NGL will act promptly to contain and remedy the situation. We have a detailed incident response plan in place that includes: immediate investigation and mitigation of the breach, measures to prevent further unauthorized access, and an assessment of the scope and impact. We will notify affected users as soon as possible if the breach poses a high risk to your rights and freedoms. We will also fulfill any regulatory notification requirements – for example, under GDPR we will notify the relevant Data Protection Authority within 72 hours of becoming aware of a significant breach. Our notification to you will include details of what happened, what data was involved (in general terms), what we are doing about it, and any steps you may consider taking to protect yourself (like changing passwords if relevant). We will provide updates as we learn more. NGL is committed to full transparency in such situations and to learning from incidents to further strengthen our security.

9. Updates to this Privacy Policy

NGL may update this Privacy Policy from time to time. Any changes will be communicated via email or posted on our website. Continued participation in NGL programs constitutes acceptance of updated terms.

10. Your Data Rights

You have significant rights regarding your personal data. NGL is committed to facilitating the exercise of these rights. Specifically, you have the right to:

‍Access Your Data: You can request a copy of the personal data we hold about you, as well as information about how we use it. This is commonly known as a Data Subject Access Request. We will provide this information, free of charge, within a reasonable timeframe (and within any timeframe required by law – e.g., 30 days under GDPR).

Rectification: If any of your personal data is inaccurate or incomplete, you have the right to request that we correct or update it. For example, if you change your email or notice an error in your profile info, you can update it in your account settings or ask us to fix it.

Deletion: You can ask us to delete your personal data in certain circumstances. For instance, if you no longer use our services and want your data removed, or if you initially consented to a use of your data but have now withdrawn consent and want related data erased. We will honor deletion requests to the extent possible – though please note we may retain some minimal information as required for legal compliance or internal record-keeping (we will inform you if so). When we delete data, we will do so securely. This is often called the “right to be forgotten” under GDPR.

Restriction of Processing: You have the right to request that we limit the processing of your data in certain scenarios. For example, if you contest the accuracy of your data, you can ask us to pause processing (aside from storing it) until we verify accuracy. Or if you object to a processing based on our legitimate interest, you can request restriction while the objection is resolved. During restriction, your data will just be held securely and not used except for the limited exceptions allowed by law.

Data Portability: For data you provided to us, you have the right to obtain it in a common machine-readable format so you can reuse it or transfer it to another service. Upon request, we will give you an electronic file of your basic account information and other data that you have provided to NGL, to the extent required by applicable law. If technically feasible, and if you request, we may also transfer that data directly to another service provider at your direction.

Withdraw Consent: If we are processing any personal data based on your consent, you have the right to withdraw that consent at any time. Once you withdraw consent, we will stop the processing that was based on it. For example, you can withdraw consent for marketing emails, research participation, or Personalised tutoring features, as described earlier. Withdrawal of consent does not affect the lawfulness of processing that occurred before you withdrew, and it won’t affect processing under other legal bases.

Object to Processing: In certain cases, you have the right to object to our processing of your data. The most straightforward case is objecting to processing for direct marketing, which we will always honor (as noted, you can opt out anytime). You may also object when we are processing your data under a legitimate interest basis – if you feel our interest is not overriding your rights. If you lodge such an objection, we will review it carefully. Unless we demonstrate compelling legitimate grounds for the processing that override your rights, or if the processing is needed for legal claims, we will likely cease the processing in question.

Not Be Subject to Automated Decisions: NGL does not make any legally significant decisions about you purely by algorithms without human involvement. However, if in future we were to use automated decision-making (as defined by law), you have the right to not be subject to a decision based solely on automated processing that significantly affects you, and to insist on human review. (As noted, our personalisation features always have a human-in-the-loop option.)

To exercise any of these rights, you can contact us at any time (see Contact Information below). We will respond to your request as required by law (typically within one month for GDPR, for example). We will not discriminate against you for exercising your privacy rights – e.g., you won’t be refused service or given lower quality service just because you made a data request or opted out of something (consistent with CCPA non-discrimination rules). Please note that some rights may be subject to certain exemptions or limitations by law: if we cannot fulfill a request in whole or in part, we will explain the reason to you. For example, if you request deletion of data that we are legally required to keep (such as financial transaction records for tax purposes), we might not be able to delete those until the retention period expires, but we would inform you of this. We encourage you to contact us with any questions or concerns about your rights – protecting your privacy and enabling you to control your information is a top priority for NGL.

11. Cross-Border Data Transfers

NGL’s users are global, so your data may be transferred or accessed by our team and service providers in countries other than your own. We primarily store data in South Africa, the European Union/UK (London data centre), and in some cases in the United States. Whenever we transfer personal information across national borders, we take steps to ensure the transfer complies with applicable data protection laws and that adequate protections are in place.

‍For EU/EEA or UK Individuals: If we transfer your personal data out of the UK or European Economic Area (for example, to the US or South Africa), we will ensure an appropriate transfer mechanism is in place. Typically, this means we rely on European Commission-approved Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement as part of our contracts with the receiving party, obligating them to protect your data according to GDPR standards. Some of our providers may rely on such clauses or have other compliance certifications. We also consider whether the receiving country has been deemed adequate by the EU. If none of these mechanisms are available, we would seek your consent for the transfer or not transfer the data.

For South African Individuals: POPIA restricts transfers of personal information outside of South Africa unless certain conditions are met (similar to GDPR). We will only transfer your data to a third party in another country if that country’s laws provide an adequate level of protection or if we have an agreement with the recipient ensuring they will protect the information to the standard required by POPIA (for example, many of our service providers are bound by contracts to uphold privacy and security standards). Alternatively, a transfer may occur if it is necessary for the performance of a contract with you, or if you have consented to the transfer after being informed of any risks. We will inform you upon request which countries your data may be in and under what safeguards.

Other Regions: We similarly comply with any local cross-border transfer requirements. For instance, if you are in a country with data residency rules, we will respect those to the extent applicable.In all cases, regardless of where your data is processed, NGL will ensure that your data is afforded a high level of protection consistent with this Privacy Policy. Our team members follow uniform security procedures and access policies whether they are in South Africa, Europe, or elsewhere. If you have questions about international data transfers or want more information about our transfer safeguards (such as a copy of the SCCs we use), please contact us.

12. Cookie Policy

Like most online platforms, NGL uses cookies and similar tracking technologies to ensure our website and learning platform function properly, to analyse usage, and to personalise your experience. This section explains how we use cookies, what choices you have, and how we comply with cookie-related regulations.

‍What Are Cookies? Cookies are small text files placed on your device (computer, tablet, smartphone) by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the site owners. Cookies can store user preferences and other information. Similar technologies include web beacons, pixels, local storage, and SDKs in mobile apps. For simplicity, we refer to all of these as “cookies.”

‍How We Use Cookies: NGL uses cookies for several reasons:

‍Necessary Cookies: These are essential for the operation of our site and platform. For example, when you log into your account, we use a session cookie to keep you logged in as you navigate between pages. Without these cookies, services you’ve asked for (like accessing course content or secure areas) cannot be provided. We also use cookies to remember certain preferences or settings you choose, so you don’t have to set them every time (for instance, remembering your language or that you have seen the cookie consent banner already).

Analytics and Performance Cookies: We want to understand how users use our site and platform so we can improve it. We therefore use analytics tools like Google Analytics which set cookies to collect general usage statistics (such as which pages are visited, for how long, and any errors encountered). These cookies and tools provide us with aggregated information – for example, total number of visitors, which content is most popular, etc. – and do not directly identify you. We have configured Google Analytics to anonymize IP addresses to further protect your privacy. Data from these cookies helps us enhance website functionality and user experience.

Functionality Cookies: These cookies allow our platform to provide enhanced features and personalisation. For example, if our platform has a chat widget, cookies might be used to keep track of your chat session or whether you are logged in, so that you can continue a support conversation as you move through the site. Similarly, if we offer video or voice, there might be tokens stored to maintain your connection. These cookies may be set by us or by third-party providers whose services we have added to our pages.

Marketing and Communication Cookies: We currently do not host third-party ads, but we do use certain tools to help with marketing communications. We also use cookies to remember if you opted out of marketing, so we don’t show you certain messaging. If in the future we run any advertising or referral programs, we will update this policy to reflect any cookies involved.

Some of the cookies we use are first-party cookies (set by NGL’s domain when you visit our site), and others are third-party cookies. For example, when you visit our homepage, you may receive a mix of NGL cookies and cookies from Google (for analytics). The third-party cookies are used only for the purposes we’ve described (e.g., analytics or functionality on our behalf); we don’t permit third parties to track you for their own advertising purposes on our site.

‍Cookie Consent: When you first visit our website, you will see a cookie notice or banner that informs you about the use of cookies. Where required by law (such as in the EU/UK and some other jurisdictions), we will obtain your consent before using or storing non-essential cookies on your device. You can choose to accept all cookies, or reject non-essential ones, or customise your preferences. If you opt out of certain cookies (like analytics), those will not be set in your browser. Note that essential cookies (e.g., for login or to remember your privacy choices) may be used without consent, as they are necessary for our service. We regularly scan and update our cookie usage to maintain compliance with evolving regulations.

‍Managing Cookies: You have the right to control and manage cookies as you wish. In addition to using our on-site cookie preferences tools, you can also manage cookies through your web browser settings. Most browsers allow you to view, delete, and block cookies. You can typically find these options under the “Settings” or “Privacy” section of your browser. Keep in mind that if you disable cookies entirely, some features of our site or platform may not function properly (for instance, you might not be able to log in or the site may forget your preferences). For analytics, Google provides an opt-out browser add-on you can install if you don’t want to be tracked by Google Analytics across all websites.

‍Do-Not-Track Signals: Some browsers offer a “Do Not Track” (DNT) signal that you can enable to indicate your preference regarding tracking. Currently, there is no standard interpretation of DNT signals across websites. However, we treat a DNT signal as an opt-out of tracking for marketing/analytics on our site to the extent feasible. We will not use tracking cookies if we detect such a signal, except for necessary functionality.

For more detailed information about the specific cookies we use and their purposes, please contact us with any questions. We want you to feel comfortable and in control when it comes to cookies and tracking.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us. We’re here to help. You can contact our privacy team at:

‍Email: legal@nxgl.ai
Postal Address: Please contact us via email to obtain our current mailing address.
Website: https://www.nxgl.ai

We will respond to inquiries or requests as soon as possible, and certainly within any timeframes required by law. If you need to exercise your data rights, it will be helpful if you can mention what right you wish to exercise and provide details to verify your identity (for your data protection, we need to ensure it’s really you).If you feel that we have not adequately addressed your privacy questions or concerns, you also have the right to lodge a complaint with a supervisory authority. For example, in South Africa you can contact the Information Regulator (South Africa), in the EU you can reach out to your country’s Data Protection Authority, and in the UK the ICO, or in the US, relevant educational privacy officials for FERPA issues. We would, however, appreciate the chance to address your concerns directly first, and we are committed to finding a resolution.

Thank you for trusting NGL with your learning journey. We are dedicated to safeguarding your personal information and continually improving our practices to better protect your privacy.

This Privacy Policy was last updated on July 29, 2025