Privacy Policy

1. Introduction

1.1 Data Controller

Accreditation Standards Institute LLC acts as the data controller for personal information collected through our platforms. As the data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with applicable data protection laws.

1.2 Scope of This Policy

This Privacy Policy applies to all personal information collected through:

• Our website at accreditation-standards.org and all associated domains
• Our learning management system (LMS) and student portals
• Certification programs, mini-diplomas, and educational courses
• Community forums, group coaching, and mentorship programs
• Email communications and marketing materials
• Mobile applications and downloadable resources
• Customer support interactions and feedback submissions

1.3 Agreement to This Policy

By accessing our services, creating an account, enrolling in a program, or otherwise providing your information to us, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you voluntarily provide when you register, enroll in courses, or interact with our services:

• Identity Information: Full legal name, date of birth, professional credentials, and professional title
• Contact Information: Email address, phone number, mailing address, and country of residence
• Account Information: Username, password, security questions, and account preferences
• Payment Information: Credit/debit card details, billing address, and transaction history (processed securely through third-party payment processors)
• Professional Background: Education history, professional experience, current occupation, and career goals
• Profile Information: Profile photo, biography, professional certifications, and social media links
• Communication Content: Messages sent through our platform, support tickets, feedback, and survey responses

2.2 Usage Data and Analytics

We automatically collect certain information when you access and use our services:

• Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution
• Access Logs: Login times, session duration, pages visited, and features used
• Referral Data: How you arrived at our website (search engine, social media, referral link)
• Geographic Data: Approximate location based on IP address geolocation

2.3 Learning Analytics

To enhance your educational experience and track certification progress, we collect detailed learning data:

• Course Progress: Lessons completed, modules accessed, and overall course completion percentage
• Video Engagement: Videos watched, playback duration, pause/resume patterns, and completion rates
• Assessment Performance: Quiz scores, exam results, assignment submissions, and certification test attempts
• Time on Task: Time spent on individual lessons, modules, and the platform overall
• Community Participation: Forum posts, comments, reactions, and peer interactions
• Resource Downloads: Worksheets, templates, and supplementary materials accessed

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information:

• Essential Cookies: Required for basic website functionality, authentication, and security
• Functional Cookies: Remember your preferences, language settings, and login status
• Analytics Cookies: Help us understand how visitors interact with our website
• Marketing Cookies: Track advertising effectiveness and enable targeted marketing
• Third-Party Cookies: Set by our service providers for analytics and advertising purposes

3. How We Use Your Information

3.1 Course Delivery and Educational Services

• Provide access to purchased courses, modules, and learning materials
• Track your progress through certification programs
• Deliver personalized learning recommendations based on your performance
• Facilitate community discussions and peer-to-peer learning
• Provide coaching, mentorship, and student support services

3.2 Certification and Credentialing

• Issue certificates, mini-diplomas, and professional credentials upon program completion
• Maintain credential verification systems for employers and organizations
• Track continuing education requirements and credential renewals
• Provide certification status to authorized verification requesters

3.3 Marketing and Communications

• Send transactional emails regarding your account and courses
• Deliver newsletters, educational content, and program updates
• Notify you of new courses, features, and special offers
• Conduct surveys and collect feedback to improve our services
• Personalize marketing messages based on your interests and behavior

3.4 Analytics and Service Improvement

• Analyze usage patterns to improve our platform and courses
• Develop new features, content, and educational programs
• Measure the effectiveness of our marketing campaigns
• Conduct research and analysis to enhance learning outcomes
• Generate aggregated, anonymized reports for internal use

3.5 Security and Fraud Prevention

• Protect against unauthorized access, fraud, and security threats
• Verify user identity and prevent account sharing violations
• Investigate and respond to security incidents
• Document transactions for dispute resolution purposes
• Comply with anti-fraud and anti-money laundering requirements

4. Legal Bases for Processing

We process your personal information under the following legal bases:

4.1 Contractual Necessity

Processing necessary to fulfill our contract with you, including providing access to courses, tracking your progress, issuing certificates, and delivering customer support. Without this processing, we cannot provide our educational services.

4.2 Consent

Where you have given explicit consent, such as opting into marketing communications, participating in surveys, or enabling optional features. You may withdraw consent at any time without affecting the lawfulness of prior processing.

4.3 Legitimate Interests

Processing necessary for our legitimate business interests, provided these interests do not override your fundamental rights. Our legitimate interests include:

• Improving our educational programs and platform functionality
• Preventing fraud and ensuring platform security
• Conducting business analytics and measuring performance
• Marketing our services to existing customers
• Maintaining records for legal and compliance purposes

4.4 Legal Obligations

Processing required to comply with applicable laws, regulations, legal processes, or enforceable governmental requests, including tax obligations, record-keeping requirements, and responding to subpoenas or court orders.

5. Information Sharing and Disclosure

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Payment Processors: Stripe, PayPal, and other payment platforms to process transactions
• Cloud Hosting: Amazon Web Services, Vercel, and database hosting providers
• Email Services: Transactional and marketing email delivery providers
• Analytics: Google Analytics, Mixpanel, and similar analytics platforms
• Customer Support: Helpdesk and live chat software providers
• Video Hosting: Video streaming and content delivery networks

These providers are contractually bound to use your information only for the purposes we specify and to protect your information with appropriate security measures.

5.2 Credential Verification

With your consent, we may share limited information with employers, healthcare organizations, or other parties seeking to verify your ASI credentials. Verification information is limited to:

• Your name as it appears on the credential
• Credential type and program completed
• Date of issuance and current validity status
• Continuing education compliance status (if applicable)

5.3 Legal Requirements

We may disclose your information when required by law or in response to:

• Valid subpoenas, court orders, or legal process
• Requests from law enforcement or regulatory agencies
• Investigations of fraud, security breaches, or Terms of Service violations
• Protection of our rights, property, or safety, or that of our users

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or part of our assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website of any change in ownership and your choices regarding your information.

6. International Data Transfers

6.1 Our Global Operations

ASI is headquartered in the United States with a regional office in Dubai, UAE. We serve students in over 45 countries worldwide. Your personal information may be transferred to, stored, and processed in the United States, UAE, or other countries where we or our service providers maintain facilities.

6.2 Safeguards for International Transfers

When transferring personal data internationally, we implement appropriate safeguards to protect your information:

• Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses (SCCs) for transfers from the European Economic Area
• Data Processing Agreements: All service providers must sign agreements with data protection obligations
• Adequacy Decisions: Where available, we rely on adequacy decisions by data protection authorities
• Supplementary Measures: We implement additional technical and organizational measures as needed

6.3 Your Consent to Transfers

By using our services, you acknowledge and consent to the transfer of your information to countries that may have different data protection laws than your country of residence. We will always protect your information in accordance with this Privacy Policy regardless of where it is processed.

7. Data Security

7.1 Security Measures

We implement comprehensive technical and organizational security measures to protect your personal information:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL protocols. Sensitive data at rest is encrypted using AES-256 encryption.
• Access Controls: Role-based access controls limit employee access to personal data on a need-to-know basis. All access is logged and monitored.
• Authentication: We require strong passwords and offer two-factor authentication (2FA) for enhanced account security.
• Infrastructure Security: Our servers are hosted in SOC 2 Type II certified data centers with physical security controls, redundant power, and fire suppression systems.
• Regular Audits: We conduct regular security assessments, vulnerability scans, and penetration testing.

7.2 Incident Response

In the event of a data breach or security incident:

• We maintain an incident response plan with defined roles and procedures
• We will investigate and contain the breach as quickly as possible
• We will notify affected users and relevant authorities as required by law
• We will provide guidance on steps you can take to protect yourself
• We will conduct a post-incident review and implement improvements

7.3 Your Security Responsibilities

You are responsible for maintaining the security of your account credentials, using strong passwords, enabling two-factor authentication when available, and promptly reporting any unauthorized access to your account.

8. Data Retention

8.1 Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

8.2 Extended Retention

We may retain certain information for longer periods when required by law, for dispute resolution, to enforce our agreements, or to maintain business records. Certification records are maintained permanently to enable lifetime credential verification.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

9.1 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@accreditation-standards.org. We will respond to your request within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.

9.2 Opt-Out of Marketing

You can unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email or by contacting us directly. Please note that you will continue to receive transactional emails related to your account and courses even after opting out of marketing communications.

10.1 Your California Rights

If you are a California resident, you have additional rights under the CCPA/CPRA:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, purposes for collection, and third parties with whom we share it.
• Right to Delete: Request deletion of your personal information (subject to exceptions for legal retention).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell personal information. If we share personal information for targeted advertising, you can opt out.
• Right to Limit Use of Sensitive Information: Limit how we use sensitive personal information to purposes necessary for providing our services.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

10.2 Categories of Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers (name, email, IP address)
• Customer records (billing information, purchase history)
• Commercial information (products purchased, course enrollments)
• Internet activity (browsing history, course interactions)
• Geolocation data (approximate location from IP)
• Professional information (credentials, work history)
• Education information (course progress, certifications earned)
• Inferences drawn from the above categories

10.3 Submitting Requests

California residents may submit requests by emailing privacy@accreditation-standards.org with "California Privacy Request" in the subject line. You may designate an authorized agent to make requests on your behalf. We may require verification of your identity and authorization.

11.1 Your GDPR Rights

If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation:

• Right of Access (Art. 15): Obtain confirmation of processing and access to your personal data.
• Right to Rectification (Art. 16): Correct inaccurate personal data without undue delay.
• Right to Erasure (Art. 17): Request deletion ("right to be forgotten") in certain circumstances.
• Right to Restriction (Art. 18): Restrict processing when accuracy is contested or processing is unlawful.
• Right to Data Portability (Art. 20): Receive data in a structured, commonly used format.
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
• Right Related to Automated Decisions (Art. 22): Not be subject to decisions based solely on automated processing with legal effects.
• Right to Withdraw Consent: Withdraw consent at any time without affecting prior lawful processing.

11.2 Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe our processing violates applicable data protection laws.

11.3 EU Representative

While ASI is based in the United States, we are committed to GDPR compliance for our European users. For GDPR-related inquiries, please contact privacy@accreditation-standards.org.

12. Cookies and Tracking Technologies

12.1 Types of Cookies We Use

12.2 Managing Cookies

You can control cookies through your browser settings:

• Block all cookies (may prevent some features from working)
• Block third-party cookies only
• Delete cookies when you close your browser
• Be notified before cookies are set

12.3 Do Not Track

Some browsers offer a "Do Not Track" (DNT) setting. Currently, there is no industry standard for how websites should respond to DNT signals. Our website does not currently respond to DNT signals, but we respect your choices through the cookie management options described above.

13. Children's Privacy

Our services are designed for adult professional education and are not directed to children under 18 years of age. We do not knowingly collect personal information from children under 18.

13.1 Age Restrictions

You must be at least 18 years of age (or the age of majority in your jurisdiction) to create an account, purchase courses, or use our services. By using our services, you represent that you meet this age requirement.

13.2 Parental Notice

If we learn that we have collected personal information from a child under 18, we will delete that information as quickly as possible. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@accreditation-standards.org.

14. Third-Party Links and Services

Our website and services may contain links to third-party websites, services, or content that are not owned or controlled by ASI. This Privacy Policy applies only to information collected by our services.

14.1 Third-Party Websites

We are not responsible for the privacy practices of third-party websites. When you leave our platform via external links, we encourage you to read the privacy policies of those websites before providing any personal information.

14.2 Social Media Features

Our website includes social media features such as share buttons and links to our social media profiles. These features may collect information about your IP address and pages visited, and may set cookies. Your interactions with these features are governed by the privacy policies of the respective social media platforms.

14.3 Third-Party Integrations

Some features may require integration with third-party services (e.g., payment processors, video hosting). These integrations are governed by the respective third parties' privacy policies, and we encourage you to review them.

15. Changes to This Privacy Policy

15.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the top of this page indicates when the policy was last revised.

15.2 Notification of Changes

For material changes to this Privacy Policy, we will:

• Post the updated policy on our website with a new "Last Updated" date
• Send an email notification to registered users
• Display a prominent notice on our platform
• Where required by law, obtain your consent before implementing changes

15.3 Continued Use

Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the updated policy, you should stop using our services and may request account deletion.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: