We built this platform to make cybersecurity education accessible. Your data is handled with the same care we teach you to apply to others' systems — securely, minimally, and transparently.
No sale
Data never sold
90 days
Log retention
GDPR
Rights respected
When you create an account, we collect your name, email address, and a hashed password. We do not store plaintext passwords at any point.
We track course progress, lab completions, quiz scores, and time spent on content to personalise your learning path and generate your certificate.
Standard server logs include your IP address, browser type, operating system, referring URLs, and session identifiers. This data is retained for 90 days.
All payments are processed by a PCI-DSS compliant third-party provider. We store only a tokenised reference — never raw card numbers or CVVs.
Your data is used to authenticate you, track progress, issue certificates, and operate the platform. Without this, the service cannot function.
Aggregated, anonymised usage data helps us understand which labs are effective and which need improvement. No individually identifiable data is used for this.
We may email you about course updates, new module releases, or important account notices. Marketing emails are always opt-in and can be unsubscribed from at any time.
We monitor for unusual access patterns, credential stuffing, and abuse of lab environments to protect all users and maintain platform integrity.
We have never sold personal data and will never do so. Your learning records and personal information are not a commercial product.
We use a small number of vetted sub-processors — for payment processing, cloud hosting, and email delivery. Each is bound by a data processing agreement.
We may disclose data if required by a valid court order or applicable law. Where legally permitted, we will notify you before complying.
You may request a full export of your personal data at any time from your account settings. Exports are delivered within 72 hours.
You may update your name, email, and profile information directly. Contact us for any corrections we cannot action ourselves.
You may delete your account from settings. This permanently removes your profile, progress data, and personal information within 30 days, subject to legal retention obligations.
You may object to certain processing activities or request restriction. Contact sarvodayaofficial001@gmail.com with your specific request.
Data is retained for as long as your account is active. Inactive accounts (no login for 24 months) receive a 30-day notice before data is purged.
Issued certificates are retained for 5 years after account deletion to support third-party verification requests from employers.
Transaction records are retained for 7 years to comply with accounting and tax obligations under applicable law.
The data controller for this platform is Sarvodaya Security Academy. For privacy-specific queries, contact sarvodayaofficial001@gmail.com.
We will notify registered users by email at least 14 days before any material change to this policy takes effect. Continued use after that date constitutes acceptance.
Privacy questions? sarvodayaofficial001@gmail.com
