Privacy Policy

1. Introduction

Brighten Academy ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website your-domain.com and use our educational services.

We comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Contact Information: Name, email address, phone number, mailing address
• Account Information: Username, password (encrypted), profile preferences
• Student Information: Age, grade level, educational background, learning preferences
• Payment Information: Billing address, payment method details (processed securely through third-party providers)
• Communication Data: Messages, inquiries, feedback, and correspondence with us

2.2 Automatically Collected Information

When you access our website, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages viewed, time spent on pages, click patterns, navigation paths
• Location Data: Approximate geographic location based on IP address
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies

2.3 Information from Third Parties

We may receive information from:

• Social media platforms (if you connect your account)
• Educational partners and institutions
• Analytics and marketing service providers
• Public databases and data enrichment services

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

• Providing and managing educational courses and programs
• Creating and maintaining your account
• Processing enrollments and payments
• Delivering personalized learning experiences
• Tracking academic progress and performance

3.2 Communication

• Sending course updates, announcements, and notifications
• Responding to inquiries and support requests
• Providing customer service and technical assistance
• Sending administrative information and policy updates

3.3 Marketing and Improvement

• Sending promotional materials and newsletters (with consent)
• Analyzing website usage and user behavior
• Improving our services, content, and user experience
• Conducting research and development

3.4 Legal and Security

• Complying with legal obligations and regulations
• Preventing fraud and unauthorized access
• Protecting the security and integrity of our services
• Enforcing our terms and conditions

4. Cookies and Tracking Technologies

4.1 What Are Cookies

Cookies are small text files stored on your device that help us recognize you and remember your preferences. We use both session cookies (deleted when you close your browser) and persistent cookies (remain until deleted or expired).

4.2 Types of Cookies We Use

• Essential Cookies: Required for website functionality and security
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how visitors use our website
• Marketing Cookies: Used to deliver relevant advertisements

4.3 Managing Cookies

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our website. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block cookies from specific websites
• Accept or reject all cookies

5. Third-Party Services and Sharing

5.1 Service Providers

We share information with trusted third-party service providers who assist us in:

• Payment Processing: Secure payment gateways and processors
• Email Services: Email delivery and marketing platforms
• Analytics: Google Analytics, web analytics tools
• Cloud Storage: Data hosting and storage services
• Customer Support: Help desk and support ticket systems
• Learning Management: Educational technology platforms

5.2 Educational Partners

We may share student information with accredited educational institutions, tutors, and curriculum providers to deliver our services effectively.

5.3 Legal Requirements

We may disclose your information when required by law, court order, or government regulation, or to protect our rights, safety, and property.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.5 With Your Consent

We may share information with other parties when you provide explicit consent.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: SSL/TLS encryption for data transmission
• Access Controls: Restricted access to personal data on a need-to-know basis
• Secure Storage: Industry-standard security protocols for data storage
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Data protection and privacy training for staff
• Incident Response: Procedures for detecting and responding to data breaches

Important Note: While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

7.1 Retention Periods

• Account Information: Retained while your account is active and for 3 years after account closure
• Course Records: Maintained for 7 years for academic record-keeping
• Payment Information: Retained as required by tax and accounting regulations (typically 7 years)
• Marketing Data: Retained until you withdraw consent or for 2 years of inactivity
• Website Analytics: Aggregated data retained for 26 months

7.2 Deletion

After the retention period expires, we securely delete or anonymize your personal information. You may request earlier deletion subject to legal and operational requirements.

8. Your Privacy Rights

Under GDPR, CCPA, and other privacy laws, you have the following rights:

8.1 Access and Portability

• Right to Access: Request a copy of personal information we hold about you
• Right to Data Portability: Receive your data in a structured, commonly used format

8.2 Correction and Deletion

• Right to Rectification: Request correction of inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")

8.3 Control and Objection

• Right to Restrict Processing: Limit how we use your information
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw previously given consent at any time

8.4 Automated Decision-Making

• Right to Human Review: Not be subject to decisions based solely on automated processing

8.5 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

Brighten Academy provides educational services to students of all ages. We are committed to protecting children's privacy in compliance with COPPA (Children's Online Privacy Protection Act) and GDPR.

9.1 Parental Consent

For users under 13 years of age (or under 16 in the EU), we require verifiable parental consent before collecting personal information. Parents have the right to:

• Review their child's personal information
• Request deletion of their child's information
• Refuse further collection or use of their child's information

9.2 Limited Collection

We collect only the minimum information necessary to provide educational services to children. We do not condition participation on disclosure of more information than reasonably necessary.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Privacy Shield Framework (where applicable)
• Adequacy decisions by regulatory authorities
• Your explicit consent for specific transfers

11. Marketing Communications

We may send you promotional emails about new courses, special offers, and educational content. You can opt-out at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your communication preferences in your account settings
• Contacting us directly at [email protected]

Note: Even if you opt-out of marketing communications, we will still send essential transactional emails related to your account and services.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to registered users
• Displaying a prominent notice on our website

Your continued use of our services after changes become effective constitutes acceptance of the revised Privacy Policy. We encourage you to review this policy regularly.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer

For EU residents, you may contact our Data Protection Officer:

Email: [email protected]

14. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide services you've requested
• Consent: You have given clear consent for specific processing purposes
• Legitimate Interests: Processing necessary for our legitimate business interests
• Legal Obligation: Processing required to comply with legal requirements
• Vital Interests: Processing necessary to protect someone's life or health