Privacy Policy
Last updated: 20 May 2025
FinanceCore Academy ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, and your rights under UK GDPR and applicable data protection law.
Data Controller: Dr. Ahmad Maaitah, FinanceCore Academy, University of Southampton, United Kingdom.
1. What Data We Collect
- ·Account data: name, email address, password (hashed, we never store your plain-text password)
- ·Profile data: subscription tier, account preferences
- ·Usage data: pages visited, courses accessed, progress within modules (stored anonymously for platform improvement)
- ·Technical data: IP address (for security purposes only), browser type, device type
- ·Communications: if you contact us by email, we retain that correspondence
2. How We Use Your Data
- ·To create and manage your account
- ·To provide access to course content according to your subscription tier
- ·To send account-related emails (confirmation, password reset, subscription updates)
- ·To improve the Platform based on aggregated, anonymised usage patterns
- ·To comply with legal obligations
- ·We do NOT sell your personal data to third parties
- ·We do NOT use your data for targeted advertising
3. Legal Basis (UK GDPR)
- ·Contract: processing necessary to provide the service you signed up for
- ·Legitimate interests: security monitoring, fraud prevention, platform improvement
- ·Consent: where we ask for permission before processing (e.g., marketing emails)
- ·Legal obligation: where required by law
4. Data Storage & Security
- ·Account data is stored on Supabase (EU-based servers, ISO 27001 compliant)
- ·The Platform is hosted on Render (US-based, SOC 2 compliant)
- ·We use industry-standard encryption (HTTPS/TLS) for all data in transit
- ·Passwords are hashed using bcrypt, we cannot recover your password
- ·We retain account data for as long as your account is active, plus 12 months
- ·You may request deletion of your account and data at any time
5. Your Rights (UK GDPR)
- ·Right of access: you can request a copy of all data we hold about you
- ·Right to rectification: you can correct inaccurate data
- ·Right to erasure ("right to be forgotten"): you can request deletion of your data
- ·Right to data portability: you can request your data in a machine-readable format
- ·Right to object: you can object to processing based on legitimate interests
- ·Right to restrict processing: you can ask us to pause processing your data
- ·To exercise these rights, contact us by email. We will respond within 30 days.
6. Cookies
We use strictly necessary cookies for session management (Supabase authentication). We do not currently use any analytics, marketing, or tracking cookies. See our Cookie Policy for full details.
7. Third Parties
- ·Supabase (authentication and database, EU servers)
- ·Render (hosting, US servers, adequacy decision applies for UK/EU)
- ·Stripe (payment processing, when payments are enabled; their own privacy policy applies)
- ·We do not share your data with any other third parties
8. Children's Privacy
FinanceCore Academy is intended for users aged 18 and over. We do not knowingly collect personal data from persons under 18. If you believe a minor has provided us with personal data, please contact us immediately.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or by posting a prominent notice on the Platform. The "last updated" date at the top of this page will be revised accordingly.
10. Contact & Complaints
For privacy-related queries or to exercise your rights, contact Dr. Ahmad Maaitah via the email on the Platform. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.