Summary of Key Points
- We collect personal information you provide (account details, payment info) and some data automatically (device info, usage data, IP address).
- We process your information to provide and improve our services, process payments, communicate with you, and ensure security.
- We share data with select third-party service providers (such as our payment processor and cloud-hosting provider) only as needed to operate our platform.
- We implement industry-standard security measures to protect your data, though no system is 100% secure.
- You have rights under GDPR including access, correction, deletion, portability, and the right to lodge a complaint with your supervisory authority.
- You can contact us at [email protected] with any privacy questions or to exercise your rights.
1. What Information Do We Collect?
Personal Information You Provide
We collect personal information that you voluntarily provide when you register on the platform, make a purchase, or contact us. This includes:
- Account data: username, email address, password (hashed)
- Profile data: display name, country, university (optional)
- Payment data: processed securely by our payment processor - we do not store your full card number
- Communications: messages you send us via email or support chat
Information Automatically Collected
When you access our platform, we automatically collect certain information, including:
- Device and browser information (browser type, operating system)
- IP address and approximate geolocation, also used to detect and prevent abuse (via a local geolocation database - no data sent to third parties)
- Usage data (pages visited, labs completed, time spent)
- Referral source (how you found our platform)
- Interaction data: to understand how the platform is used and improve it, we collect information about how you interact with our pages, such as pages viewed, clicks, and scrolling. You can manage this in your account settings.
2. How Do We Process Your Information?
We process your personal information for the following purposes:
- To create and manage your account
- To process payments and manage subscriptions
- To provide our cybersecurity learning services (labs, courses, rankings)
- To send you service-related communications (email notifications, security alerts)
- To analyze platform usage and improve our services
- To detect and prevent fraud, abuse, and security incidents
- To comply with legal obligations
3. What Legal Bases Do We Rely On?
Under the General Data Protection Regulation (GDPR), we rely on the following legal bases to process your personal data:
Consent (Art. 6(1)(a))
For non-essential cookies (analytics), marketing emails, and push notifications. You can withdraw consent at any time.
Contract Performance (Art. 6(1)(b))
To provide our services - including account creation, lab access, course delivery, payment processing, and subscription management.
Legal Obligation (Art. 6(1)(c))
To comply with applicable laws, such as tax record-keeping for transactions.
Legitimate Interest (Art. 6(1)(f))
For platform security, fraud prevention, service improvement, and analytics. We balance our interests against your rights and only rely on this basis when the processing is proportionate and expected.
4. Quando e Com Quem Partilhamos as Suas Informações Pessoais?
Partilhamos as suas informações apenas com as seguintes categorias de prestadores de serviços terceiros, estritamente na medida necessária para operar a nossa plataforma:
- Processador de pagamentos - processa os seus dados de pagamento e faturação para gerir assinaturas e transações.
- Fornecedor de alojamento e e-mail - opera os servidores, o armazenamento e o envio de e-mails que fazem a plataforma funcionar.
- Fornecedor de processamento por IA - alimenta as nossas funcionalidades de IA integradas (o assistente, o coach dentro dos labs e a geração assistida por IA de perfil e conteúdo). Recebe o conteúdo que você submete a essas funcionalidades, juntamente com atributos de perfil limitados, como o seu nome de utilizador e estatísticas públicas. Este fornecedor está estabelecido fora da UE, com as transferências protegidas por garantias adequadas.
- Serviço de avatar - para exibir as fotos de perfil, uma versão criptografada (irreversível) do seu endereço de e-mail pode ser enviada a um fornecedor de avatar externo estabelecido fora da UE, com garantias adequadas.
- Fornecedor de medição de audiência - uma ferramenta respeitadora da privacidade e sem cookies que mede o tráfego e a utilização globais sem o rastrear em outros sites.
- Fornecedor de afiliação - quando você se regista através de um link de parceiro, credita o parceiro que o recomendou.
5. Utilizamos Cookies e Outras Tecnologias de Rastreamento?
Sim. Utilizamos cookies essenciais de primeira parte para operar a nossa plataforma, juntamente com um pequeno número de tecnologias de terceiros que fazem parte do serviço - uma ferramenta de medição de audiência sem cookies e atribuição de afiliação. Para informações detalhadas sobre estas tecnologias e como geri-las, consulte a nossa Política de Cookies.
6. How Long Do We Keep Your Information?
We retain your personal information for as long as necessary to fulfill the purposes described in this policy:
- Account data: retained while your account is active. After account deletion, we delete or anonymize your personal data without undue delay, except where retention is required by law.
- Payment records: retained for the period required by applicable French tax and accounting law (Code general des impots).
- Server logs: retained for a limited period as necessary for security and debugging purposes.
- Analytics data: anonymized and aggregated data may be retained indefinitely.
- Interaction data: retained only for a limited period, then automatically deleted.
- Security data (such as the IP address used to detect and prevent abuse): retained only as long as necessary for security, then deleted.
7. How Do We Keep Your Information Safe?
We implement industry-standard technical and organizational security measures, including encrypted connections (TLS/HTTPS), hashed passwords, secure cloud infrastructure, and access controls. However, no electronic transmission or storage method is 100% secure, and we cannot guarantee absolute security.
8. What Are Your Privacy Rights?
Under the GDPR (and French data protection law, Loi Informatique et Libertes), you have the following rights regarding your personal data:
- Right of access - you can request a copy of the personal data we hold about you.
- Right to rectification - you can ask us to correct inaccurate or incomplete data.
- Right to erasure - you can request deletion of your personal data (subject to legal retention requirements).
- Right to restriction - you can ask us to limit how we process your data.
- Right to data portability - you can request your data in a structured, machine-readable format.
- Right to object - you can object to processing based on legitimate interest, including profiling.
- Right to withdraw consent - where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
- Right to define post-mortem directives - under French law (Art. 85, Loi Informatique et Libertes), you have the right to define directives regarding the storage, erasure, and communication of your personal data after your death.
- Right to lodge a complaint - you may file a complaint with the Commission Nationale de l'Informatique et des Libertes (CNIL), the French data protection authority: www.cnil.fr.
To exercise any of these rights, contact us at [email protected]. We will respond within one month as required by GDPR.
Account Information
You can review and update your account information at any time from your account settings. You may also request account deletion from the settings page.
9. Transferências Internacionais de Dados
Os seus dados pessoais podem ser transferidos e processados em países fora do Espaço Económico Europeu (EEE), incluindo os Estados Unidos, onde alguns dos nossos prestadores de serviços estão estabelecidos (incluindo os nossos fornecedores de alojamento, pagamento, processamento por IA, medição de audiência, afiliação e avatar).
Estas transferências são protegidas por garantias adequadas:
- EU-US Data Privacy Framework: vários dos nossos fornecedores estabelecidos nos Estados Unidos estão certificados ao abrigo do EU-US Data Privacy Framework.
- Cláusulas Contratuais-Tipo (CCT): quando o Data Privacy Framework não se aplica, os nossos fornecedores utilizam CCT aprovadas pela UE para garantir uma proteção de dados adequada.
- Infraestrutura na cloud: a nossa infraestrutura principal é executada na região UE do nosso fornecedor de cloud. Alguns serviços podem processar dados noutras regiões, com garantias adequadas em vigor.
10. Age Restrictions
Os nossos serviços não se destinam a pessoas com menos de 15 anos, em conformidade com o artigo 45.º da lei francesa de proteção de dados (Loi Informatique et Libertés). Não recolhemos intencionalmente informações pessoais de menores de 15 anos. Se tomarmos conhecimento de que recolhemos dados de alguém com menos de 15 anos, tomaremos medidas para eliminar essas informações rapidamente. Se acredita que recolhemos informações de um menor, contacte-nos em [email protected].
11. Do We Make Updates to This Notice?
We may update this privacy notice from time to time. The updated version will be indicated by an updated "last updated" date at the top of this page. We encourage you to review this notice periodically. If we make material changes, we may notify you via email or a notice on our platform.
13. How Can You Review, Update, or Delete Your Data?
You can review and update your personal information through your account settings. To request a complete copy of your data or to request deletion of your account and associated data, please contact us at [email protected].