This policy explains how Dr. Joshua Sopuru ("we", "us", "our"), operating at joshuasopuru.com, collects and uses your personal data. We are based in Kyrenia, Cyprus and serve clients worldwide, including visitors from the EU and UK who are protected by the GDPR and UK GDPR.
1. Who We Are
The data controller is Dr. Joshua Sopuru, contactable at info@joshuasopuru.com. We offer one-on-one cybersecurity mentorship programs and related educational services via this website.
2. What Data We Collect
| Category | Examples | Source |
|---|---|---|
| Identity data | Full name | You provide it via application forms |
| Contact data | Email address, WhatsApp number | You provide it via application forms |
| Professional data | Job title, background, program interest, project description | You provide it via application forms |
| Usage data | Pages visited, time on site, browser type, approximate location (country) | Automatically via server logs and Google Analytics |
| Communications | Emails and messages you send us | Direct contact |
| Payment data | Billing name, payment confirmation | Payment processor (we do not store card details) |
3. How We Use Your Data
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Reviewing your mentorship application and scheduling an interview | Pre-contractual steps at your request (Art. 6(1)(b)) |
| Delivering the mentorship program you enrolled in | Performance of contract (Art. 6(1)(b)) |
| Sending program updates, newsletters (if you subscribed) | Consent (Art. 6(1)(a)) — withdrawable at any time |
| Improving the website and understanding visitor behaviour | Legitimate interests (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. Cookies & Tracking
We use the following cookies and tracking tools:
- Session cookies — essential for the site to function (security, login state). Cannot be disabled.
- Google Analytics (GA4) & Google Ads — measures traffic and ad performance. Uses anonymised IP addresses. You can opt out via Google's opt-out tool.
- Geo-detection — we look up your country from your IP address (via ip-api.com) once per session to show region-relevant content. This IP is not stored beyond the session.
Where required by law (e.g. EU/UK visitors), we will seek your consent before setting non-essential cookies.
5. Third Parties We Share Data With
- Email delivery — your application details are sent to Dr. Sopuru's inbox via the site's mail server. No third-party CRM stores your data without your knowledge.
- Google Analytics / Google Ads — usage data is shared with Google LLC under Google's data processing terms.
- Calendly / Cal.com — if you book a call, their privacy policies apply to data collected on their platform.
- Payment processors — if you pay online, your payment is processed by our payment provider (e.g. Stripe). We receive only a payment confirmation; we never see your card number.
- Hosting provider — your data is processed on servers managed by our hosting provider. The server infrastructure is located within the EU/EEA.
We do not sell your personal data to any third party.
6. International Transfers
Some third-party tools (e.g. Google) may transfer data outside the EEA. Where this occurs, the transfer is covered by Standard Contractual Clauses approved by the European Commission or an equivalent mechanism.
7. How Long We Keep Your Data
- Application data — retained for up to 2 years after your last contact, or for the duration of your mentorship plus 3 years for record-keeping.
- Newsletter subscriptions — until you unsubscribe.
- Server logs — automatically deleted after 90 days.
8. Your Rights
Under GDPR / UK GDPR you have the right to:
- Access — request a copy of the data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure ("right to be forgotten") — ask us to delete your data where there is no overriding reason to keep it.
- Restriction — ask us to pause processing your data in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interests or for direct marketing.
- Withdraw consent — where processing is based on consent (e.g. newsletter), withdraw it at any time without affecting prior processing.
To exercise any right, email info@joshuasopuru.com. We will respond within 30 days. You also have the right to lodge a complaint with a supervisory authority — in Cyprus that is the Commissioner for Personal Data Protection; in the UK, the ICO.
9. Data Security
We use HTTPS encryption for all data in transit, restrict database access to authorised processes only, and apply security headers on every page. No system is 100% secure — if you suspect a breach, contact us immediately at info@joshuasopuru.com.
10. Children's Privacy
Our services are intended for adults (18+). We do not knowingly collect personal data from anyone under 18. If you believe a child has submitted data to us, please contact us so we can delete it.
11. Changes to This Policy
We may update this policy periodically. The "Last updated" date at the top will reflect any changes. For material changes we will notify active students by email.
12. Contact Us
For any privacy-related questions or requests:
- Email: info@joshuasopuru.com
- Website: joshuasopuru.com
- Location: Kyrenia, Cyprus