Learning Portal

Privacy Policy

Effective date: May 28, 2026

This Privacy Policy explains how the operator of this online learning portal (the “Operator,” identified in the footer of the page you are viewing) collects, uses, shares, and protects information when you use the learning portal (the “Service”).

By using the Service you consent to the collection and use of information as described here. If you do not agree, do not use the Service.

1. Information we collect

1.1 Information you provide

  • Account information: name, email address, and (if you choose to set one) a password.
  • Profile information you choose to add: avatar, biography, role-related fields.
  • Communications: messages, forum posts, and support requests you send through the Service.
  • Submissions: assignment responses, exam answers, quiz responses, file uploads, and other course-work artifacts.
  • Payment information (where applicable): handled by our payment processor or upstream invoicing partner; we do not store full card numbers.

1.2 Information collected automatically

  • Device and connection information: IP address, browser user-agent, language, time zone, screen size class.
  • Usage information: pages viewed, lessons started or completed, time spent on a lesson or exam, click and scroll telemetry on instrumented surfaces.
  • Authentication metadata: session identifiers, sign-in times, sign-out times, password-reset requests.
  • Cookies and similar technologies (see Section 5).

1.3 Information from third parties

  • If you sign in via Google, we receive your name, email address, and Google account ID (no Google password).
  • If your enrollment is sourced from an upstream registration system (e.g. Edgar), we receive your contact details and the courses you are entitled to.
  • If your employer or program manager enrolls you, we receive the contact details and cohort assignment they provide.

2. How we use information

  • To create and manage your account, authenticate sign-ins, and verify your email.
  • To deliver the courses, lessons, exams, and certificates you are enrolled in, and to track your progress.
  • To grade and return assignments and exams.
  • To provide messaging, forums, announcements, and notifications.
  • To send transactional email, verification, password reset, enrollment confirmation, grade notification, instructor messages, cohort announcements.
  • To respond to your support requests.
  • To detect, prevent, and respond to security incidents, fraud, and abuse.
  • To improve the Service through aggregated, deidentified usage analytics.
  • To comply with legal obligations and to enforce our Terms.

3. Legal bases (for users in the EU/UK)

Where applicable law (e.g. GDPR / UK GDPR) requires a legal basis for processing, we rely on:

  • Performance of a contract, to provide the Service you signed up for.
  • Legitimate interests, to operate, secure, and improve the Service, where those interests are not overridden by your rights.
  • Consent, for optional features (e.g. marketing email, where applicable) which you can withdraw at any time.
  • Legal obligation, to comply with applicable laws.

4. Sharing

We share your information only with parties who help us operate the Service or where required by law.

4.1 Service providers (sub-processors)

We use the following categories of providers, each bound by a written agreement to use your information only as instructed and to protect it appropriately:

  • Hosting and edge delivery (Vercel), runs the application and serves pages.
  • Database (Neon / managed Postgres), stores account, course, and progress data.
  • Object storage (Google Cloud Storage), stores file uploads (avatars, course materials, message attachments, assignment submissions).
  • Identity (Better Auth, Google OAuth where you opt in), authentication and session management.
  • Outbound email (Mandrill / Mailchimp Transactional), sends transactional email.
  • Inbound email (Microsoft 365), receives mail at our staff addresses.
  • Error and performance monitoring, captures stack traces and basic request metadata to keep the Service reliable.
  • Upstream registration / invoicing partner (e.g. Edgar), exchanges enrollment-eligibility information.

4.2 Other sharing

  • Instructors and program staff: see your account details and the work you submit in their course.
  • Other learners in your cohort: see your forum posts and any content you post in shared spaces (for example, your name and avatar next to a forum reply).
  • Your employer or program manager (where applicable): receives progress and completion information for cohorts they manage.
  • Legal and safety: we may disclose information to comply with a lawful subpoena or order, to protect the rights, property, or safety of the Operator or others, or in connection with a corporate transaction (with notice where required).

We do not sell your personal information, and we do not share it for cross–context behavioral advertising.

5. Cookies and similar technologies

The Service uses a small set of cookies and similar storage:

  • A signed session cookie that keeps you logged in (httpOnly, Secure, SameSite=Lax).
  • Cookies used by your identity provider when you sign in via Google.
  • Local storage for short-lived UI preferences (e.g. last-viewed lesson, sidebar collapsed state).

We do not use third–party advertising cookies on the Service. Browser controls let you block or delete cookies, but doing so may break sign-in.

6. Retention

We retain account data for as long as your account is active and for a reasonable period afterward to comply with legal, accounting, or reporting obligations and to support program- completion records (transcripts, certificates).

  • Coursework (submissions, grades, exam attempts) is retained for the operating institution's stated retention period (defaults to seven years).
  • Authentication telemetry (sign-in events, password resets) is retained for at least 12 months for security and audit purposes.
  • Backups are retained on a rolling basis and are encrypted at rest.

Specific retention periods may vary by institution and jurisdiction; contact the Operator using the footer's contact details for details about a specific record class.

7. Security

We protect your information with technical and organizational measures appropriate to the sensitivity of the data, including TLS in transit, encryption at rest for backups, role-based access controls, audit logging of administrative actions, and principle-of-least-privilege access for staff. No system is perfectly secure; if we discover a breach, we will notify affected users in accordance with applicable law.

8. Your rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Access, request a copy of the information we hold about you.
  • Correction, ask us to correct inaccurate or incomplete information.
  • Deletion, ask us to delete your information (subject to retention obligations).
  • Portability, receive your information in a portable, machine-readable format.
  • Restriction or objection, ask us to restrict or stop certain processing.
  • Withdraw consent, for any processing based on consent.
  • Lodge a complaint with a supervisory authority (EU/UK).

To exercise any of these rights, contact the Operator using the footer's contact details. We will respond within the timeframe required by applicable law (typically 30 days).

9. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information, contact the Operator and we will delete it.

10. International transfers

The Service is operated from the United States and uses providers located in the United States and other countries. By using the Service you consent to the transfer of your information to those jurisdictions. Where required, we use appropriate transfer mechanisms (such as Standard Contractual Clauses) for transfers from the EEA, UK, or Switzerland.

11. Do Not Track

The Service does not respond to Do–Not–Track signals, because we do not engage in cross–context behavioral advertising. We do honor the Global Privacy Control (GPC) signal where applicable to opt-out requests under the CCPA/CPRA.

12. Artificial intelligence features

The Service includes artificial-intelligence features, “AI Coach” (automated feedback on open-ended responses) and “AI Chat” (an in-course assistant). When you use these features, we process the text you submit together with relevant course content and limited account and progress context.

That information is transmitted to a third–party AI provider solely to generate a response for you. Please do not submit sensitive personal information to the AI features.

Your AI interactions (your questions and the AI's responses) are stored and may be reviewed by staff for quality, safety, content improvement, and academic–integrity purposes; AI Coach feedback is additionally reviewed by your instructor.

You can opt out of AI Chat for your account at any time in your profile settings or by messaging staff. Opting out does not delete conversations that have already been stored.

13. Changes to this Policy

We may update this Policy from time to time. Material changes will be posted on this page with the updated effective date above; where required by law, we will provide additional notice. Your continued use of the Service after the effective date of a change constitutes acceptance of the revised Policy.

14. Contact

For privacy questions, requests, or complaints, contact the Operator using the contact details displayed in the footer of the page you are currently viewing.