Legal

Privacy Policy

Last updated: [effective date]

Template notice. This is a starting draft for an online academy that has accounts, payments, and uploaded video. Replace the highlighted placeholders and have it reviewed by a lawyer before launch. It isn’t legal advice.

This Privacy Policy explains how [Legal entity name] (“AVI”, “we”, “us”), operator of the Aegis Veritas Institute academy, collects and uses your information when you use our website and services (the “Service”).

1. Who we are

The data controller is [Legal entity name], [registered address]. For any privacy question, contact us at [privacy@yourdomain].

2. Information we collect

  • Account data: your name, email, and a securely hashed password.
  • Payment data: processed by Stripe; we receive confirmation and the courses you bought, but we never see or store full card details.
  • Learning data: your enrollments, lesson progress, and completion.
  • Content: for instructor/admin accounts, the course material and videos you upload.
  • Technical data: a login session cookie, and standard server logs (IP address, browser, timestamps) used for security and reliability.

3. How we use your information

  • To create and secure your account and log you in.
  • To deliver courses, track progress, and issue certificates.
  • To process payments and grant access to purchased courses.
  • To operate, protect, and improve the Service (including rate-limiting and abuse prevention).
  • To contact you about your account or purchases [and, with consent, updates/newsletters].

4. Cookies & local storage

On your first visit, a banner lets you choose between Accept all and Essential only. Your choice is stored locally and can be cleared by deleting your site data in your browser.

The site uses:

  • Essential — always loaded. A single httpOnly session cookie (avi_session) that keeps you logged in. We also use browser localStorage to remember your theme preference and your cookie-banner choice itself.
  • Optional — only with “Accept all”. The Calendly booking widget on /engage loads a third-party iframe from calendly.com, which sets its own cookies under Calendly’s domain. If you choose Essential only, the widget is replaced by an email contact instead.

We do not use third-party advertising cookies and have no analytics scripts at the time of writing.

5. Service providers

We share data only with providers that help us run the Service:

  • Stripe: payment processing.
  • Neon: managed Postgres database hosting.
  • [Hosting provider]: application hosting.
  • [Object storage / video provider]: stored lesson videos.
  • [Email provider]: transactional email, once enabled.

6. Data retention

We keep your account and learning data while your account is active. You can ask us to delete your account; we may retain limited records (e.g. payment/tax records) as required by law.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these, email [privacy@yourdomain].

8. Security

Passwords are hashed, sessions are signed and HTTP-only, traffic is served over HTTPS, and access to course videos is restricted to enrolled users. No system is perfectly secure, but we work to protect your data.

9. Children

The Service is not directed to children under [16 / the age you choose], and we do not knowingly collect their data.

10. International transfers

Your data may be processed in countries other than your own by the providers listed above. We rely on their safeguards for such transfers.

11. Changes

We may update this policy; we’ll revise the “last updated” date and, for material changes, notify you.

12. Contact

Questions? Email aegisveritasinstitute@gmail.com or write to [registered address].