Transparent policies that earn your trust
At The Way Policy Group, integrity is the foundation of every engagement. Our legal documents explain how we work, what we promise, and the rights you have at every step. Read together, they form the agreement that governs your relationship with us.
Whether you are a government agency, a development partner, a private institution, or an individual subscribing to our dashboards, you deserve clarity on how we handle your information, deliver our services, and resolve any concerns. Our four core policies below are written in plain language, reviewed regularly, and aligned with leading international standards including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and PCI-DSS Level 1 for payment security.
We believe trust is built on transparency. That is why each policy is structured with a clear table of contents, plain-language explanations of every clause, and direct contact channels for questions. Nothing on this page is hidden in fine print. If anything is unclear, our legal and privacy teams are available to walk you through any section.
Our four legal policies
Each document is purpose-built for a specific aspect of your relationship with us. Click any card to read the full policy in detail.
Privacy Policy
How we collect, use, store, and protect the personal information you share with us across every touchpoint.
- 19 detailed sections
- GDPR & CCPA aligned
- Your rights explained
Terms of Service
The agreement governing your use of our website, dashboards, advisory services, and member content.
- 22 detailed sections
- Subscription billing terms
- Acceptable use rules
Refund Policy
Clear, fair terms for refunds, cancellations, and account credits across subscriptions and one-time services.
- 14-day satisfaction window
- Pro-rated annual refunds
- Appeal process included
Cookie Policy
A detailed look at the cookies and technologies we use, how long they last, and the controls available to you.
- 18 cookies catalogued
- Granular consent options
- Browser opt-out guides
Our compliance commitments
We hold ourselves to the highest international standards in data protection, contractual fairness, financial transparency, and operational integrity. Here is what that means in practice for every person and organization that engages with us.
Data Protection
Aligned with GDPR, UK GDPR, CCPA, and global best practices. All data is encrypted in transit using TLS 1.2 and at rest using industry-standard algorithms.
Secure Payments
All transactions are processed by Stripe under PCI-DSS Level 1 certification, the highest standard available in the payments industry today.
Plain-Language Policies
No hidden traps or impenetrable legalese. Our documents are written to be understood by professionals, not to obscure what you are agreeing to.
Regular Reviews
Every policy is reviewed quarterly. Material changes are communicated at least 14 days before they take effect, by email and on this page.
Open Communication
Every refund, data, or policy inquiry receives an acknowledgement within 2 business days and a substantive response within 5 business days.
Vendor Diligence
Every third-party processor (Stripe, Memberstack, HubSpot) is contractually bound to confidentiality, security, and use-restriction obligations.
No Data Sales
We never sell your personal information. We never share it for cross-context behavioural advertising. Period.
Right to Be Forgotten
You may request deletion of your personal information at any time, subject only to legal retention obligations such as tax records.
The standards we follow
Our policies are designed to comply with, and where possible exceed, the requirements of these widely recognized international frameworks.
EU GDPR & UK GDPR
European and United Kingdom data protection regulations governing personal data, consent, and individual rights.
CCPA & CPRA
California Consumer Privacy Act and the California Privacy Rights Act, the leading United States consumer privacy standards.
PCI-DSS Level 1
The highest level of certification under the Payment Card Industry Data Security Standard, achieved through our processor Stripe.
EU ePrivacy Directive
The European regulation governing cookies, electronic communications, and online tracking technologies.
Standard Contractual Clauses
EU-approved contractual safeguards we rely on when personal data is transferred across borders to our service providers.
OECD Privacy Guidelines
The Organisation for Economic Co-operation and Development guidelines on the protection of privacy and transborder flows of personal data.
How to exercise your rights
Three dedicated channels staffed by specialists, each focused on a specific type of request.
Privacy Requests
For data access, correction, deletion, portability, and any GDPR or CCPA rights you wish to exercise.
- Request a copy of your data
- Correct or delete information
- Withdraw marketing consent
- File a privacy complaint
Legal & Contracts
For questions about our Terms of Service, engagement letters, or any clause you would like clarified.
- Interpret a contract clause
- Negotiate an engagement letter
- Resolve disputes informally
- Discuss compliance matters
Billing & Refunds
For invoices, billing questions, refund requests, and any payment-related inquiries.
- Request a refund
- Resolve a billing error
- Update payment method
- Cancel a subscription
Common questions
Quick answers to the questions we are asked most often about our policies and practices.
QDo you sell my personal data to third parties?
No. We do not sell, rent, or trade personal information. We share data only with vetted service providers under strict contracts, with legal authorities when required by law, or with your explicit consent. The full list of categories appears in Section 07 of our Privacy Policy.
QHow do I get a refund?
New subscribers are eligible for a full refund within 14 days of their first payment. After that, monthly plans run to the end of the paid cycle, and annual plans may qualify for a pro-rated refund minus a 15% administrative fee. Email [email protected] to initiate a request; we acknowledge within 2 business days.
QIs my payment information secure?
Yes. All payments are processed by Stripe, a PCI-DSS Level 1 certified payment processor. We never see, store, or transmit your full card number, CVC, or expiry date. Your card data travels directly from your browser to Stripe under strong encryption.
QCan I delete my account and all my data?
Yes. You may request full deletion at any time by emailing [email protected]. We will delete account data within 30 days, subject only to retention obligations under tax law (typically 7 years for billing records) and any active legal process.
QHow are policy changes communicated?
Material changes to any policy are communicated by email and by prominent notice on the relevant policy page at least 14 days before they take effect. The Effective Date at the top of each document shows when the latest version came into force.
QWhich law governs my agreement with you?
The Terms of Service are governed by the laws of the jurisdiction where The Way Policy Group is principally established. Disputes are first addressed through good-faith negotiation, then through arbitration or competent courts. Nothing limits any statutory consumer rights you may hold under local law.
QCan I manage which cookies you set?
Yes. Our consent banner lets you accept or reject each non-essential cookie category. You can change preferences at any time through the Cookie Settings link in our footer. Strictly necessary cookies cannot be disabled because the website depends on them.