Featured Courses
Transform your career with AI-powered skills
AI, GDPR & Data Governance MasteryHot
Master AI compliance and data governance frameworks
Master AI for Product Owners: Build smarter products, faster.Hot
Master product ownership in the AI era
AI Skills for Business AnalystsHot
Master AI integration for experienced Business Analysts
5 AI Tools Every Business Analyst Must MasterHot
Essential AI tools for modern business analysis
Business Analysis Fundamentals
Master the core principles of business analysis
Privacy Policy
Last updated: December 19, 2024
GDPR Compliant | CCPA Compliant | UK DPA 2018 Compliant
Introduction
InsightBridge Academy ("we," "us," or "our") is committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), UK Data Protection Act 2018, California Consumer Privacy Act (CCPA), and other relevant privacy regulations.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our educational platform and services. We act as the data controller for the personal information we process.
1. Legal Basis for Processing (GDPR)
Under GDPR, we process your personal data based on the following legal grounds:
- Contractual Necessity: To provide educational services you have enrolled in
- Legitimate Interests: To improve our services, prevent fraud, and ensure platform security
- Legal Obligation: To comply with applicable laws, regulations, and legal processes
- Consent: For marketing communications and optional data processing activities (you may withdraw consent at any time)
2. Information We Collect
2.1 Personal Information You Provide
- Account Information: Name, email address, username, password
- Profile Information: Professional background, educational history, profile photo
- Payment Information: Billing address, payment card details (processed securely by third-party payment processors)
- Course Data: Enrollment records, progress tracking, completion certificates, assessment results
- Communications: Support inquiries, feedback, survey responses, forum posts
- Identity Verification: Government-issued ID (when required for certification)
2.2 Automatically Collected Information
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages viewed, time spent, click patterns, course interactions
- Location Data: General geographic location based on IP address
- Cookies and Tracking: Session data, preferences, analytics information
2.3 Information from Third Parties
- Social media profile information (if you choose to connect accounts)
- Payment verification data from payment processors
- Analytics and advertising partners (anonymized data)
3. How We Use Your Information
We process your personal data for the following purposes:
- Service Delivery: Provide access to courses, track progress, issue certificates
- Account Management: Create and maintain your account, authenticate users
- Payment Processing: Process transactions, prevent fraud, issue invoices
- Communication: Send course updates, respond to inquiries, provide customer support
- Platform Improvement: Analyze usage patterns, conduct research, develop new features
- Marketing: Send promotional content (with your consent, which can be withdrawn)
- Legal Compliance: Meet regulatory requirements, enforce terms, protect rights
- Security: Detect and prevent fraud, abuse, and security incidents
4. Data Sharing and Disclosure
We do not sell your personal information. We may share your data with:
4.1 Service Providers
- Cloud hosting and infrastructure providers
- Payment processors and financial institutions
- Email and communication service providers
- Analytics and performance monitoring tools
- Customer support platforms
All service providers are bound by data processing agreements and must comply with GDPR requirements.
4.2 Legal Requirements
We may disclose information when required by law, court order, or government request, or to:
- Comply with legal obligations
- Protect our rights, property, or safety
- Prevent fraud or security threats
- Enforce our terms and policies
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.
5. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) or your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions recognizing equivalent data protection standards
- Binding Corporate Rules for intra-group transfers
- Privacy Shield certification (where applicable)
6. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law:
- Account Data: Retained while your account is active, plus 7 years after closure for legal compliance
- Course Records: Maintained for 10 years to support certification verification
- Payment Records: Kept for 7 years to comply with tax and accounting regulations
- Marketing Data: Deleted within 30 days of consent withdrawal
- Analytics Data: Anonymized after 26 months
After the retention period expires, we securely delete or anonymize your personal data.
7. Your Rights Under GDPR and Data Protection Laws
If you are located in the EEA, UK, or other jurisdictions with comprehensive data protection laws, you have the following rights:
7.1 Right of Access
Request a copy of the personal data we hold about you, including information about processing activities.
7.2 Right to Rectification
Request correction of inaccurate or incomplete personal data.
7.3 Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data when:
- It is no longer necessary for the purposes collected
- You withdraw consent and no other legal basis exists
- You object to processing and no overriding legitimate grounds exist
- Data was unlawfully processed
7.4 Right to Restriction of Processing
Request limitation of processing when:
- You contest the accuracy of data
- Processing is unlawful but you oppose erasure
- We no longer need the data but you need it for legal claims
- You have objected to processing pending verification
7.5 Right to Data Portability
Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
7.6 Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
7.7 Right to Withdraw Consent
Withdraw consent at any time for processing based on consent, without affecting the lawfulness of processing before withdrawal.
7.8 Right to Lodge a Complaint
File a complaint with your local data protection authority:
- UK: Information Commissioner's Office (ICO) - ico.org.uk
- EU: Your national data protection authority
- California: California Attorney General - oag.ca.gov
To exercise any of these rights, please contact us through our website contact form. We will respond within 30 days (or as required by applicable law).
8. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to Know: Request disclosure of personal information collected, used, and shared
- Right to Delete: Request deletion of personal information we have collected
- Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal data)
- Right to Non-Discrimination: Not receive discriminatory treatment for exercising privacy rights
- Right to Correct: Request correction of inaccurate personal information
- Right to Limit: Limit use and disclosure of sensitive personal information
To submit a CCPA request, please contact us through our website contact form. You may designate an authorized agent to make requests on your behalf.
9. Data Security
We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
9.1 Technical Measures
- TLS/SSL encryption for data in transit
- AES-256 encryption for data at rest
- Multi-factor authentication (MFA) for account access
- Regular security audits and penetration testing
- Intrusion detection and prevention systems
- Secure backup and disaster recovery procedures
9.2 Organizational Measures
- Access controls and role-based permissions
- Employee training on data protection and security
- Confidentiality agreements with staff and contractors
- Data protection impact assessments (DPIAs)
- Incident response and breach notification procedures
9.3 Data Breach Notification
In the event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by GDPR, providing details about the breach and remedial actions.
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience. You can manage cookie preferences through our cookie consent banner or browser settings.
10.1 Types of Cookies We Use
- Essential Cookies: Required for platform functionality (cannot be disabled)
- Performance Cookies: Analyze site usage and performance
- Functional Cookies: Remember preferences and settings
- Marketing Cookies: Deliver personalized advertising (requires consent)
10.2 Third-Party Tracking
We use the following third-party services:
- Google Analytics (analytics and reporting)
- LinkedIn Insight Tag (conversion tracking)
- Payment processor tracking (fraud prevention)
These services may collect information about your online activities over time and across different websites.
11. Children's Privacy
Our services are not intended for individuals under 16 years of age (or under 13 in the United States). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
Upon verification, we will delete such information within 30 days in compliance with GDPR Article 8 and COPPA requirements.
12. Automated Decision-Making and Profiling
We may use automated processing to:
- Recommend courses based on your interests and learning history
- Detect fraudulent transactions and account activity
- Personalize content and learning paths
You have the right to object to automated decision-making that produces legal or similarly significant effects. We do not make solely automated decisions that significantly affect you without human intervention.
13. Third-Party Links and Services
Our platform may contain links to third-party websites and services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. Material changes will be communicated through:
- Email notification to registered users
- Prominent notice on our platform
- Updated "Last modified" date at the top of this policy
Your continued use of our services after changes become effective constitutes acceptance of the updated policy. If you disagree with changes, you may close your account.
15. Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws. You can contact our DPO regarding any questions about this policy or our data practices through our website contact form.
16. Contact Us
For questions, concerns, or to exercise your privacy rights, please contact us through our website contact form.
We aim to respond to all privacy-related inquiries within 30 days. For urgent matters, please indicate "URGENT" in your subject line.