Privacy Policy

Authect Academy is operated by AUTHECT - FZCO (Trade License No. 70505, IFZA), registered at Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates. We are the data controller for all personal data processed through the Platform.

Privacy contact: privacy@authect.com· +971 50 246 5223

This Privacy Policy applies to personal data collected through the Platform, including account registration, course enrolments, payment processing, and any interactions with the service. By using the Platform, you acknowledge and accept this Policy.

We collect and process the following categories of personal data:

• Account information— name, email address, profile picture, authentication provider details (e.g. Google account profile), and gender preference.
• Payment information— processed and stored exclusively by Stripe. We do not store credit card numbers on our servers.
• Usage data— course progress, lesson completions, certificates earned, reviews submitted, and community post interactions.
• Device & access data— IP address, browser type, access timestamps, and session data for security and analytics purposes.

Your data is used to:

• Provide, maintain, and improve the Platform and learning experience.
• Process payments and manage billing through Stripe.
• Issue certificates of completion.
• Authenticate your identity and secure your account.
• Communicate important updates about your account, courses, or the Platform.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.

In accordance with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and, where applicable, the EU General Data Protection Regulation (GDPR), we process your data on the following legal bases:

• Contract performance— to deliver courses and services you purchase and to manage your account.
• Legitimate interest— platform security, analytics, service improvement, and fraud prevention.
• Consent— where required for optional features such as marketing communications. You may withdraw consent at any time.
• Legal obligation— compliance with applicable laws and regulations.

We do not sell your personal data. We share data only with trusted third-party services necessary to operate the Platform:

• Supabase — database, authentication, and file storage infrastructure.
• Stripe — payment processing (PCI DSS compliant).
• Vercel — hosting and content delivery.
• Google — OAuth authentication (when you choose to sign in with Google).

All third-party providers are bound by data processing agreements and maintain appropriate security measures. We will not communicate data to other third parties unless required by law or with your explicit consent.

Depending on your location and the providers used, international transfers of personal data may occur. When transfers are made outside the UAE or EEA, we adopt the safeguards required by applicable regulations, including standard contractual clauses and adequacy decisions where relevant.

The Platform uses essential cookies for authentication and session management. We do not use advertising or behavioural tracking cookies. For details, see our Cookie Policy.

We retain your account data for as long as your account is active. Upon account deletion, your personal data is permanently removed within 30 days. Payment records may be retained as required by applicable financial regulations (typically up to 6 years for commercial documentation).

Usage analytics data is anonymised and aggregated and does not identify individual users after the retention period.

Under the UAE PDPL and, where applicable, the GDPR, you have the right to:

• Access a copy of your personal data.
• Correct inaccurate or incomplete information.
• Request deletion of your data (“right to be forgotten”).
• Object to or restrict certain processing activities.
• Receive your data in a portable, structured format.
• Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at privacy@authect.com with a copy of your identification. We will respond within 30 days.

If you believe that data processing violates your rights, you may lodge a complaint with the UAE Data Office or, where applicable, the relevant EU supervisory authority.

We implement industry-standard security measures including encryption in transit (TLS), encrypted storage, row-level security policies, rate limiting, input validation, and regular security reviews. Access to personal data is restricted to authorised personnel on a need-to-know basis.

The Platform is not directed to persons under 16 years of age. If we become aware that personal data of a minor has been collected without authorisation, we will proceed with its immediate deletion.

We may update this Privacy Policy periodically. Material changes will be communicated on the Platform. Your continued use constitutes acceptance of the updated policy.

For privacy-related inquiries: privacy@authect.com

AUTHECT - FZCO · Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates.