Back to catalog

Privacy Policy

Effective Date: May 6, 2026

Last Updated: May 6, 2026

This Privacy Policy explains how Academia ("we", "us", "our") collects, uses, stores, and shares personal data when you use our website, courses, and related services (the "Platform").

1. Data We Collect

We may collect:

  1. Account data: email, password hash, role, verification status, last login.
  2. Profile data: country/location, language, and settings you provide.
  3. Learning data: enrolled courses, purchases, progress, module/page history, quiz results.
  4. Technical data: device/browser info, IP-derived analytics signals, session and event logs.
  5. Payment data: payment metadata from Stripe (we do not store full card numbers).

2. How We Use Data

We use data to:

  1. Create and secure your account.
  2. Provide access to courses and track your progress.
  3. Process purchases and entitlements.
  4. Send required emails (verification, password reset, receipts, security alerts).
  5. Improve product quality, content, and user experience.
  6. Detect fraud, abuse, and policy violations.

3. Analytics (Google Analytics)

We use Google Analytics to understand usage patterns and improve the Platform. Google Analytics may collect information such as page visits, interactions, browser type, and approximate location based on IP.

Where applicable, analytics operates based on your consent preferences (for example through our cookie/privacy banner). You can also limit tracking by using browser privacy controls, blocking cookies, or Google opt-out tools.

4. Cookies and Local Storage

We use cookies and local storage for authentication, settings, learning continuity, and analytics preferences. Some storage is required for core functionality and security.

Name Type Purpose Duration Required
academia_auth Cookie (httpOnly, Secure) Authentication session — keeps you signed in between page loads. Set on login, cleared on sign-out. 7 days Yes
academia_privacy_consent localStorage Stores your cookie/analytics consent choices so we do not ask again on every visit. Persistent (until cleared) No
_ga Cookie (Google Analytics 4) Distinguishes unique visitors for aggregate traffic analysis. Only set when analytics consent is granted. 2 years No (consent required)
_gid Cookie (Google Analytics 4) Distinguishes users for daily session counting. Only set when analytics consent is granted. 24 hours No (consent required)
Plausible No cookies Privacy-friendly, cookieless analytics for anonymous visitor counts and funnel measurement. No personal data stored. n/a No

5. Legal Basis

Depending on your jurisdiction, we process data based on one or more of the following:

  1. Performance of a contract (providing the Platform).
  2. Legitimate interests (security, quality, fraud prevention).
  3. Consent (analytics/preferences where required).
  4. Compliance with legal obligations.

6. How We Share Data

We may share data with service providers that support the Platform, including:

  1. Payment processing — Stripe, Inc. (United States). Stripe processes payment card data and purchase records on our behalf. See Stripe's Privacy Policy and Data Processing Agreement.
  2. Email delivery — transactional emails (verification codes, password resets) are sent via an SMTP provider. No marketing lists are shared.
  3. Analytics — Google Analytics 4 (Google LLC, United States), loaded only when you grant analytics consent. See Google's Privacy Policy and Data Processing Terms. We also use Plausible Analytics (cookieless, no personal data stored).
  4. Infrastructure and hosting providers.

We do not sell personal data.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy. The following periods apply per data category:

  1. Account data (email, password hash, role, verification status): retained for the lifetime of your account, then deleted within 90 days of a verified account deletion request.
  2. Learning events and progress (enrolled courses, module history, quiz results, completion status): retained for the lifetime of your account and deleted alongside it.
  3. Payment records (purchase metadata, entitlements, Stripe session IDs, transaction amounts): retained for 7 years from the date of transaction to comply with accounting and tax obligations under applicable law.
  4. Feedback (course ratings, support messages, user-submitted comments): retained for 2 years from submission, then deleted or anonymized.
  5. Subscribers (email addresses collected for course updates or marketing): retained until you unsubscribe, then deleted within 30 days.

After the applicable retention period, data is securely deleted or irreversibly anonymized. Retention may be extended where required by law or to resolve an active dispute.

8. Security

We use reasonable technical and organizational measures to protect data, including encrypted transport (HTTPS), access controls, and secure password handling. No method of transmission or storage is fully risk-free.

9. Your Rights (GDPR and Equivalent)

If you are located in the European Economic Area, United Kingdom, or another jurisdiction with equivalent data protection law, you have the following rights regarding your personal data:

  1. Right of Access (Art. 15 GDPR): You may request a copy of the personal data we hold about you.
  2. Right to Rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete data.
  3. Right to Erasure (Art. 17 GDPR): You may request deletion of your personal data where it is no longer necessary, where you withdraw consent, or where processing is unlawful.
  4. Right to Restriction of Processing (Art. 18 GDPR): You may request that we limit how we use your data while a dispute is resolved.
  5. Right to Data Portability (Art. 20 GDPR): You may request your data in a structured, machine-readable format where processing is based on consent or contract.
  6. Right to Object (Art. 21 GDPR): You may object to processing based on legitimate interests at any time.
  7. Right to Withdraw Consent (Art. 7 GDPR): Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, send a request by email to contact@core-dynamics.io with enough detail to identify your account and the right you wish to exercise. We will respond within 30 days of receipt. If the request is complex or numerous, we may extend this period by a further 30 days and will notify you accordingly.

If you believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with your local data protection supervisory authority. In the EU, you can find your authority at edpb.europa.eu. In the UK, the relevant authority is the Information Commissioner's Office (ICO).

10. Children

The Platform is not intended for children under 13. If we learn we collected data from a child under 13 without proper authorization, we will take steps to delete it.

11. International Transfers

Your data may be processed in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will be posted on this page with an updated "Last Updated" date.

13. Contact

Email: contact@core-dynamics.io

Company: CoreDynamics

Address: Dubai PO: 9581