Plain English. Real consent. No data sale.

FutureMBA is an Australian company. This policy is Australian Privacy Act primary, with explicit compatibility for GDPR (EU and UK) and CCPA/CPRA (California). We do not sell your personal information. Every claim on this page is enforceable.

Last updated · 2026-05-14

Quick read

We collect what you give us (email, name, application answers) plus standard web analytics.
We use it to deliver the programs you bought, send the Journal if you subscribed, and run analytics and (with consent) targeted advertising.
We never sell your data. We do share with named processors (Stripe, Supabase, Resend, etc.) only for the service they provide.
You can access, correct, delete, or unsubscribe at any time — email admissions@futuremba.education.
EU/UK/California users have additional rights — see Section 8.

1. About this policy

This Privacy Policy explains how FutureMBA Pty Ltd (ACN to be confirmed) — “FutureMBA,” “we,” “us,” “our” — collects, uses, discloses, stores, and protects your personal information.

FutureMBA is bound by the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where you are in the European Union or United Kingdom, we also comply with the General Data Protection Regulation (GDPR) and UK GDPR. Where you are in California, we comply with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

By using FutureMBA you agree to the collection and use of information in accordance with this policy. If you do not agree, do not use the Site.

2. Information we collect

We collect personal information that you provide directly, that is generated by your use of the Site, and that is collected by third-party tools that we operate.

Information you provide directly. Email address, name, company, current role, and the answers you give in our Pathway Diagnostic, application forms, scholarship/sponsorship/reimbursement forms, or Quick Question widget. The notes field on the application form may include free-text information you choose to share.
Payment information. Processed exclusively by Stripe. We do not receive or store full card numbers; we receive a token plus the last four digits and an indicator of whether the charge succeeded. Billing addresses are collected by Stripe per their privacy policy.
Account information. After enrolment: a hashed password, your unlock passphrase, your learning progress (modules completed, capstone submissions), and credential issuance records.
Technical and usage data. IP address (truncated for analytics), browser type and version, device type, operating system, referrer URL, pages visited, time on page, scroll depth, clicks on CTAs, form submissions, and approximate location derived from IP (country and city level, not precise location).
Attribution data. Where you arrive via a marketing link, we capture the UTM parameters (source, medium, campaign, content, term) and click identifiers (gclid from Google, fbclid from Meta, li_fat_id from LinkedIn, msclkid from Microsoft, ttclid from TikTok). This is stored in a first-party cookie and attached to your application record so we can attribute purchases to channels.
Cookies and similar technologies. See Section 4.

We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from someone under 18, contact admissions@futuremba.education and we will delete it.

3. How we use your information

We use your personal information for the following purposes, each grounded in a lawful basis under GDPR (Article 6) where applicable:

To deliver the FutureMBA programs, materials, and services you have purchased or requested (performance of a contract, Article 6(1)(b)).
To process your application, capture or release payment authorizations, issue credentials, and respond to support requests (performance of a contract).
To send transactional emails — application confirmations, approval or decline notifications, password resets, receipts, renewal reminders (performance of a contract; legitimate interest).
To send the FutureMBA Journal and program updates if you have subscribed to them (consent; you can unsubscribe at any time via the link in every marketing email).
To improve our programs, the Pathway Diagnostic, and the Site based on aggregate patterns in how people use them (legitimate interest).
To run targeted advertising and measurement, including retargeting and look-alike audiences on Google Ads, Meta (Facebook/Instagram), LinkedIn, Microsoft, and TikTok (consent for EU/UK; legitimate interest with opt-out elsewhere).
To comply with legal obligations including tax, accounting, and consumer-protection laws (legal obligation).
To detect, prevent, or respond to fraud, abuse, or security issues (legitimate interest).

We do not use your personal information for any purpose materially different from those above without seeking fresh consent or providing notice.

4. Cookies and tracking

We use cookies and similar technologies to operate the Site, remember your preferences, run analytics, and (with consent where required) deliver targeted advertising.

Strictly necessary cookies. Required for the Site to function — session cookies, the cart provider, attribution cookies (fmba_attr), and consent state. These cannot be disabled without breaking core functionality.
Analytics cookies. Google Analytics 4 — tracks pages visited, sessions, and on-site events. IP truncation is enabled; data is retained for fourteen months.
Advertising cookies. Google Ads conversion tag, Meta Pixel and Conversions API, LinkedIn Insight Tag, Microsoft Ads UET, TikTok pixel. These fire only after consent in jurisdictions that require consent.
Operational cookies. GTM (tag manager), Stripe (payment session), Mux (video playback where applicable).

Consent management. Where required by law (EU, UK, and increasingly elsewhere), a consent banner appears on first visit. You may accept all, reject all, or configure category-by-category. You can change your consent at any time via the banner trigger in the footer.

Browser controls. You can also control cookies via your browser settings (Chrome, Firefox, Safari, Edge all support per-site cookie controls). The Do Not Track signal is respected where supported.

Per-platform opt-outs. Google: Google Ads Settings. Meta: facebook.com/off_facebook_activity. LinkedIn: linkedin.com/psettings/guest-controls. NAI / DAA opt-outs (US): optout.aboutads.info, networkadvertising.org/choices.

5. Who we share information with

We do not sell your personal information. We do not share it with third parties for their own marketing purposes.

We share personal information with the following categories of service providers (each contractually bound to use it only for the service they provide to us):

Stripe — payment processing, located in the United States and internationally. Stripe receives payment details, billing address, email, and transaction metadata.
Supabase — database and authentication, located in the United States. Supabase stores member records, application records, learning progress.
Resend — transactional and marketing email, located in the United States. Resend receives email address, name, and email body content.
Klaviyo (or equivalent ESP, if engaged) — marketing email and Journal newsletter delivery.
Sanity — content management system for the Site curriculum and Journal posts.
Mux — video hosting and signed playback, where video content is used.
Google (Analytics 4, Ads), Meta, LinkedIn, Microsoft, TikTok — analytics and advertising platforms; see Section 4.
Vercel — hosting provider, located internationally.
Slack — internal team notifications (Quick Question messages, internal alerts).
Australian and international tax authorities, regulators, courts, and law-enforcement agencies — where required by law or compelled by legal process.

We do not transfer personal information to any other party without your explicit consent unless required by law.

6. International transfers

FutureMBA is an Australian company. Personal information we collect is stored on infrastructure that may be located in Australia, the United States, the European Union, the United Kingdom, or other countries where our service providers operate.

For transfers of personal information out of the European Economic Area or the United Kingdom, we rely on the European Commission’s Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) as applicable, supplemented where required by additional technical and organisational measures.

For transfers out of Australia, we comply with APP 8 (cross-border disclosure). Where we disclose personal information to an overseas recipient, we take reasonable steps to ensure that recipient does not breach the APPs.

7. Data retention

We retain personal information for as long as we need it for the purposes set out in Section 3, or longer where required by law (for example, financial records under Australian tax law are retained for at least seven years).

Account records and learning progress: retained for the life of your account plus a reasonable archival period after account closure (typically twenty-four months).
Application records (approved, declined, or expired): retained for at least twenty-four months from decision date for fraud-prevention and analytics.
Transactional records (payments, refunds): retained for seven years under Australian tax law.
Marketing list and Journal subscriber records: retained until you unsubscribe, plus a short suppression period to prevent re-subscription errors.
Analytics data: typically fourteen months under GA4 defaults.

On request, we will delete personal information that we are not legally required to retain (see Section 8).

8. Your rights

You have a number of rights with respect to your personal information. The specific rights depend on your jurisdiction.

All users (under Australian Privacy Act and equivalent laws):

Access. Request a copy of the personal information we hold about you.
Correction. Request correction of inaccurate information.
Complaint. Lodge a complaint with us or with the Office of the Australian Information Commissioner (oaic.gov.au).

European Union and United Kingdom (under GDPR / UK GDPR):

Erasure (“right to be forgotten”) where one of the GDPR grounds applies.
Restriction of processing.
Portability — receive your data in a structured, machine-readable format.
Objection — to processing based on legitimate interest, including for direct marketing.
Withdraw consent at any time where processing is based on consent.
Lodge a complaint with your supervisory authority.

California (under CCPA / CPRA):

Know what personal information is collected, used, shared, or sold.
Delete personal information held about you (subject to exceptions).
Opt out of the sale or sharing of personal information. We do not sell personal information in the traditional sense; “sharing” for cross-context behavioural advertising is governed by your cookie consent.
Limit the use and disclosure of sensitive personal information.
Non-discrimination for exercising your rights.

To exercise any right, email admissions@futuremba.education. We will respond within thirty (30) days (sometimes sooner). We may need to verify your identity before acting on requests that affect specific records.

9. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. Measures include encryption in transit (TLS 1.2+), encryption at rest where supported by our providers, role-based access controls, periodic credential rotation, and least-privilege defaults for service accounts.

No system is perfectly secure. We cannot guarantee absolute security of any data transmitted to or from us. If you believe your account has been compromised, contact admissions@futuremba.education immediately.

10. Data breach notification

If we become aware of a data breach involving your personal information that is likely to result in serious harm, we will notify you and the Office of the Australian Information Commissioner without undue delay, in line with the Notifiable Data Breaches scheme (Australian Privacy Act).

For EU/UK users, we will notify the relevant supervisory authority within seventy-two hours and notify affected individuals without undue delay where the breach is likely to result in a high risk to rights and freedoms.

11. Marketing and unsubscribe

We send marketing email (the FutureMBA Journal and occasional program updates) only to people who have opted in or who are existing members.

Every marketing email includes a one-click unsubscribe link. Unsubscribing is processed immediately; you may receive one final transactional email confirming the change.

You can also email admissions@futuremba.education to be removed from all marketing communications.

12. Children

FutureMBA is built for adult professionals. We do not knowingly market to or collect personal information from anyone under 18. If you believe a minor has provided personal information to us, contact admissions@futuremba.education and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email to existing members at least thirty (30) days before they take effect and posted on this page with an updated “Last updated” date. Non-material clarifications and typographic corrections may be made without notice.

14. Contact us

Privacy questions and requests: admissions@futuremba.education.

General support: admissions@futuremba.education.

Australian regulator (OAIC): oaic.gov.au — 1300 363 992.

Postal: FutureMBA Pty Ltd, [registered office address — to be confirmed before launch].