Skip to content

Privacy Policy

Effective date: 2026‑01‑01

Quick navigation
1. Information we collect

Account data (name, email), transactional data (purchases), and technical data (device, approximate location via IP). We do not collect sensitive categories.

  • Usage events: page views, feature interactions in aggregate form when analytics is enabled.
  • Support attachments: screenshots you voluntarily provide to our help desk.
2. How we use information

Provide courses, process payments, prevent fraud, and improve content. We never sell personal data.

  • Service delivery: account creation, course progress, certifications.
  • Legal compliance: tax, accounting, and regulatory reporting.
  • Personalization: remembering preferences like theme and language.
3. Cookies & choices

Essential cookies keep the site working. Optional analytics and marketing cookies are by consent.

Essential

Authentication, security, and shopping cart. Always on.

Analytics

Helps us measure what content is helpful.

Marketing

Emails and on-site recommendations tailored to you.

4. Data retention
  • Account data: retained while your account is active and up to 12 months after closure.
  • Transactional records: retained for legal obligations for up to 7 years.
  • Support messages: retained for 24 months.
5. Your rights

Access, correction, deletion, portability, and opt‑out of marketing. Contact us to exercise rights.

  • GDPR: Art. 15–22 rights for EEA/UK users.
  • CCPA/CPRA: Right to know, delete, correct, and opt‑out of sharing.
  • Appeal: If we deny a request, you can appeal by replying to our decision email.
6. Contact

Email: [email protected]

Phone: +1 (415) 625‑0934

We respond within 30 days for rights requests.

7. Submit a data request

8. Data lifecycle timeline

Plain‑text overview of how your data moves through our systems.

T0  (Sign‑up)          -> You create an account; essential cookies set; verification email sent.
T1  (First purchase)   -> Transaction recorded; receipt emailed; fraud checks run; tax record opened.
T7  (One week)         -> Usage analytics (if consented) aggregated; support history linked to account.
T30 (One month)        -> Marketing preferences respected; unsubscribes enforced within 24 hours.
T365 (One year)        -> Inactive accounts nudged; optional data minimization pass removes stale logs.
T+Close (Account close)-> Access locked; content licenses revoked; we start deletion workflow below:
  D0   Queue deletion request; generate confirmation receipt to user.
  D7   Personal identifiers removed from analytics; order records pseudonymized.
  D30  Backups age out of rotation; cached content purged; S3 object lifecycle transitions to delete.
  D365 Statutory records retained only where law requires; everything else deleted.
9. Security & transfers
  • Encryption in transit via TLS 1.2+; encryption at rest for payment tokens via our PCI‑DSS processor.
  • Access controls: least‑privilege, MFA for admins, audited logs.
  • International transfers: when applicable, we rely on SCCs or other lawful mechanisms.
10. Updates

We may update this policy to reflect changes to our practices or legal requirements. We will post any changes on this page.

Next scheduled review in:
privacy, transparency, consent, cookie settings, analytics opt-in, marketing opt-out, access request, deletion, correction, portability, security, encryption, data lifecycle, retention, backups, logs, preferences, theme, accessibility, user rights