LEGAL
Privacy Policy
How we collect, use, share, and protect your personal data — and the choices and rights you have.
Effective [date] · Last updated [date]
Template — pending legal review. This document is a professional starting point. Items in [brackets] must be completed, and the whole document should be reviewed and localized by a qualified lawyer before you rely on it.
1. Who is responsible for your data
Edova (operating as [your registered legal entity]) is the controller of the personal data described here. If you are in a region with data-protection laws (such as the EU/UK GDPR or California's CCPA/CPRA), this policy explains your rights. Contact us about privacy at [privacy contact email].
2. What we collect
- Account data — your name, email address, password (stored hashed), and profile details you provide when you sign up or log in.
- Purchase & billing data — records of what you bought and when. Payment card details are collected and processed directly by our payment processor ([e.g. Stripe]); we receive confirmation and limited details (such as the last four digits and card brand), not your full card number.
- Learning data — your enrollments, course progress, completions, and certificates.
- Communications — messages you send via our contact form, support requests, and newsletter sign-ups.
- Usage & device data — basic technical information such as IP address, browser type, and pages viewed, collected through cookies and similar technologies to keep the site working, secure, and improving.
We do not intentionally collect special-category (sensitive) data, and you should not submit it to us. Course labs instruct you to practice on non-sensitive or invented data — please follow that guidance.
3. How and why we use it
- to create and administer your account and deliver the courses, products, and services you buy;
- to process payments, issue receipts, and prevent fraud;
- to record course progress and issue certificates;
- to respond to your messages and provide support;
- to send you service messages, and — only with your consent or as permitted by law — marketing emails you can unsubscribe from at any time;
- to secure, maintain, analyze, and improve the Services;
- to comply with our legal obligations and enforce our terms.
Where the GDPR applies, our legal bases are: performance of our contract with you (delivering what you purchased); your consent (for optional marketing and non-essential cookies); our legitimate interests (securing and improving the Services); and compliance with legal obligations.
4. How we share it
We do not sell your personal data. We share it only with:
- Service providers that operate the Services on our behalf under contract — for example our payment processor, hosting/cloud provider, email/newsletter provider, and analytics provider ([list your actual processors]).
- Authorities, when required by law or to protect legal rights, safety, or the integrity of the Services.
- A successor, in connection with a merger, acquisition, or sale of assets, subject to this policy.
5. Cookies
We use strictly-necessary cookies to run the site and keep you logged in, and — subject to your consent where required — analytics/preference cookies to understand and improve usage. You can control cookies through your browser and through any cookie banner we provide. [Add or link a cookie banner/settings tool if your jurisdiction requires consent.]
6. How long we keep it
We keep personal data for as long as your account is active and as needed to provide the Services, then for a reasonable period to meet legal, tax, accounting, and dispute- resolution obligations, after which we delete or anonymize it. [Specify your retention periods.]
7. International transfers
We may process data in countries other than yours, including [country/countries]. Where we transfer personal data across borders, we use appropriate safeguards (such as Standard Contractual Clauses) as required by applicable law.
8. Your rights
Depending on where you live, you may have the right to access, correct, delete, or receive a copy of your personal data; to object to or restrict certain processing; to withdraw consent; and to opt out of marketing. California residents may request details of data practices and opt out of "sale"/"sharing" (we do not sell your data). To exercise any right, contact [privacy contact email]; we will respond as required by law. You also have the right to complain to your local data-protection authority.
9. Security
We take reasonable technical and organizational measures to protect your data (including hashed passwords, encryption in transit, and access controls). No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security.
10. Children
The Services are not directed to children under [16], and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.
11. Changes and contact
We may update this policy; we will change the "Last updated" date and, for material changes, take additional steps where required. Questions or requests: [privacy contact email] or our contact page.