Privacy Policy
1. Who we are
Leverage Lab is the service operated by Tinker Electric Pty Ltd (ABN 83 660 188 278), an Australian proprietary company. Director and authorised signatory: John Missikos. Registered contact: privacy@ascendalliance.com.au.
Tinker Electric Pty Ltd is the data controller for Lane A and Lane C below and the data processor in respect of group/member-level metrics owners share with us under our Data Processing Agreement (Lane B). All DPAs, contracts, and regulator-facing communications sit with this entity.
2. Three ways we touch data
This policy covers three distinct data flows. They have different scopes, different lawful bases, and different mechanisms. Find the one that applies to you.
LANE AYou're using Leverage Lab as a customer
You signed up for the extension / Skool MRR Leverage Sprint / paid Lab. We hold your owner-level signup data (name, email, Skool handle, billing).
Lawful basis: contract (Article 6(1)(b) GDPR).
Scope: this section + Sections 3–6 + 9.
LANE BYou're a member of a group whose owner uses Leverage Lab
Your group owner (the "Customer") signed a DPA with us. We process YOUR Skool handle + display name + level + engagement counts on their behalf, only for the features they enabled. We never process your post content, DM content, email, phone, IP, or payment data.
Lawful basis: contract via your group owner (Article 6(1)(b)) through the DPA.
Scope: covered by the DPA-lite, not this policy directly. The DPA is the Customer's contract with us; you're a Data Subject. See Section 7.
LANE CYou're a prospect or lead of Tinker Electric Pty Ltd (trading as Leverage Lab) (separate from the tool)
You filled out a Leverage Lab quiz, contact form, or signed up for a Leverage Lab Skool group / mailing list. This is Tinker Electric Pty Ltd acting as Controller for its own business marketing — NOT the Leverage Lab tool collecting member data.
Data held: name, email, quiz responses, marketing-engagement metadata.
Lawful basis: consent (Article 6(1)(a)) at point of collection, plus legitimate interest for ongoing communications you don't object to.
Scope: this section + Section 8 + the in-product collection notice you saw when you handed over the data.
LANE DYour Skool community is listed in our public directory
We publish a public directory of Skool communities at directory.ascendalliance.com.au. Each per-group page names the community, its public owner handle + display name, member count, listed pricing model, and an estimated MRR derived from public price × member count. All sourced from each community's own public /about page on skool.com.
Lawful basis: legitimate interest (Article 6(1)(f) GDPR; APP 3 + APP 6 in Australia). The data is already self-published commercially by the owner on skool.com; we aggregate it for owner-mirror discovery + benchmarking.
No member-level data ever. Member counts only — never member names, handles, post content, or any individual member identifier.
Estimated MRR is a public-data estimate, visibly stamped "est." and accompanied by a methodology link. It is not derived from any private revenue source.
Scope: this section + Section 3 row D + Section 11.
Object to your community being listed: use the "Remove this listing" link in any per-group page footer, or email privacy@ascendalliance.com.au. We will suppress your listing from the public directory and from our benchmarking aggregates without undue delay (Art 21 + Art 17). Historical aggregates retain identity-stripped rollups only.
3. What we collect, per lane
| Lane | Data | Storage | Retention | Your rights |
|---|---|---|---|---|
| A | owner email, name, Skool handle, billing | GHL (US), Stripe (US) | up to 4 years after last engagement (GHL) | Articles 15–22 GDPR |
| B | member handle, display name, level, engagement counts (DPA only — never content) | Supabase (EU) | term of the DPA | via your group owner |
| C | email, name, quiz answers, marketing metadata | GHL (US) | up to 4 years after last engagement | Articles 15–22 GDPR |
| D | public group name, owner public handle + display name, member count, listed price, model, estimated MRR (all from public skool.com /about) | Cloudflare Pages (static) + Supabase (AU, append-only) | indefinite for trend continuity; suppressed on owner objection | Articles 17, 21 GDPR + APP 12, 13 |
4. Sub-processors
- Supabase (database, AU primary) — see provider DPA
- Cloudflare (worker compute, CDN, edge network — AU/EU/US) — see provider DPA
- Skool (US, source platform — owner-authorised data extraction) — see provider DPA
- GoHighLevel (US, CRM for owner + prospect contacts) — see provider DPA
- Anthropic (US, LLM API for diagnostic generation — aggregate, non-identified inputs) — see provider DPA
- OpenAI (US, LLM API for diagnostic generation — aggregate, non-identified inputs) — see provider DPA
- Google (US, Google AI / Workspace — AI-assisted features, no-train policy) — see provider DPA
- Stripe (US, billing for paid plans — Lane A only) — see provider DPA
- No third parties for marketing, ever.
5. Retention
- Lane A + Lane C GHL contact records: active billing cycles + 6 months grace post-cancellation + 7 years for invoice/tax records.
- Lane B member-level (DPA in force): retained for the term of the DPA. Termination triggers deletion.
- Lane B without a DPA: not collected. Nothing to retain.
- Group-level aggregates: indefinite for trend continuity. Identity-stripped at aggregation.
- Erasure response: we action requests without undue delay as required by Article 12 GDPR.
6. Your rights + how to exercise them
You hold the full set of GDPR rights — access (Art 15), rectification (Art 16), erasure (Art 17), portability (Art 20), objection (Art 21), restriction (Art 18). To exercise any of them, use any one of these alternates (none is exclusive):
- (a) the HMAC-signed one-click erasure link in any report we publish for you
- (b) the opt-out form at leverage-lab.com/about-our-data
- (c) the extension's per-group Revoke control (Settings → Manage DPA)
- (d) email privacy@ascendalliance.com.au
7. Lane B — DPA reference
Lane B is governed by the Data Processing Agreement (DPA-lite v2.5) the group owner signs with Tinker Electric Pty Ltd. Owners signing for member-data processing receive the full DPA-lite separately. A public reference copy is available at /dpa-lite (machine-readable endpoint at /privacy/spec.json; see also leverage-lab.com/about-our-data).
If you are a member of a group whose owner has signed a DPA and you want your data scrubbed, you can either (i) ask your group owner to action it, or (ii) email privacy@ascendalliance.com.au directly and we will process the request.
8. Lane C — Specific notice for prospects
If you filled out a Leverage Lab quiz or contact form, the point-of-collection notice you saw is the canonical record of what you consented to. This policy describes what happens AFTER collection: data goes into the GHL CRM, used by Tinker Electric Pty Ltd to follow up with you about its Skool group, products, or services. You can unsubscribe via any email footer, or by emailing privacy@ascendalliance.com.au.
We don't sell your data. We don't transfer it outside the sub-processor chain listed in Section 4. We don't share it with the Leverage Lab tool or any Customer's group.
11. Lane D — Public Skool community directory
We publish directory.ascendalliance.com.au, a public directory of Skool communities sourced entirely from public Skool data: each community's own /about page on skool.com, the public Skool Games leaderboard, and the public discovery feed. Listings include group name, public owner handle + display name, member count, listed pricing, model, and an estimated MRR (visibly stamped "est.", derived from public price × member count). No member-level data is processed for this lane.
Lawful basis (GDPR): Article 6(1)(f) legitimate interest. Recital 47 contemplates commercial purposes as a valid legitimate interest where the balancing test holds. The data is already self-published commercially by the owner on skool.com (a platform whose function is public discovery), so the reasonable-expectations test (Recital 47) supports aggregation of that already-public marketing surface.
Lawful basis (Australian Privacy Principles): APP 3 (collection from a source other than the individual is permitted where reasonably necessary for our function), APP 5 (notification of collection — satisfied via this policy + per-page footer notice), APP 6 (use directly related to primary purpose). APP 10 accuracy is honoured by visibly stamping MRR as estimate.
Owner objection (Art 21 + Art 17 GDPR; APP 12 + APP 13): any group owner may object to inclusion at any time. Use the "Remove this listing" link on any per-group page, or email privacy@ascendalliance.com.au. We honour objections without contesting (auto-honour posture). Suppression takes effect on the next nightly build; historical aggregates retain only identity-stripped rollups.
What's NOT here: no comparative "Top 50" leaderboards or named teardown surfaces. The directory is neutral aggregation — users sort/filter; we do not editorially rank owners against each other. No member-level data ever enters this lane (structurally enforced by database CHECK constraint).
Crawler posture: robots.txt blocks training crawlers (GPTBot, ClaudeBot, CCBot, anthropic-ai, PerplexityBot, Bytespider) and allows public search engines (Googlebot, Bingbot, DuckDuckBot). Same posture as comparable public Skool directories.
9. Identity, contact, governing law
Tinker Electric Pty Ltd (operator of the Leverage Lab service), ABN 83 660 188 278, Australia.
Email: privacy@ascendalliance.com.au
This policy and any Data Processing Agreement entered with Tinker Electric Pty Ltd are governed by the laws of Australia, with Queensland as seat of proceedings. Where you hold a non-waivable right under your local data protection law, that law applies to that right.
Children: not for under-16s. The Skool platform is for adults.
Security: all transmission via HTTPS, storage encrypted at rest in Supabase, service keys never bundled in the extension, consent tokens are 32-character random hex, strict RLS policies on database writes.
10. Versioning + history
Current version: 2.0 · 2026-06-19 · 3-lane canonical rewrite. Machine-readable spec at /privacy/spec.json · changelog at /privacy/changelog.json · schema at /privacy/spec.schema.json. We'll update this page if anything material changes; material changes trigger an in-extension notice.