Privacy Protocol

This Privacy Protocol ("Protocol") constitutes a legally binding document that comprehensively delineates the manner in which Alpha Centauri Studies, a division of Alpha Centauri Inc. ("Company," "we," "us," or "our"), collects, processes, stores, transfers, and otherwise handles personal data pertaining to users ("you," "your," or "Data Subject") of our educational platform and associated services.

This Protocol applies to all personal data processing activities conducted through our web-based platform, mobile applications, application programming interfaces (APIs), and any ancillary services or communications, including but not limited to email correspondence, customer support interactions, and marketing communications.

By accessing or utilizing our services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Protocol. If you do not agree with any provision herein, you must immediately discontinue use of our services.

For the purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Privacy Act of 2018 ("CCPA"), and other applicable data protection legislation, the data controller responsible for your personal data is:

The Data Protection Officer ("DPO") may be contacted directly for any inquiries relating to the processing of personal data, the exercise of data subject rights, or concerns regarding data protection practices.

We process the following categories of personal data:

3.1 Identity Data

Full legal name, username, profile photograph, date of birth (where applicable), and any other identifiers you provide during account registration or profile configuration.

3.2 Contact Data

Email address, telephone number (where provided), postal address (where applicable), and preferred communication channels.

3.3 Technical Data

Internet Protocol (IP) address, browser type and version, operating system and platform, device identifiers, time zone settings, browser plug-in types and versions, and other technology identifiers on the devices used to access our platform.

3.4 Usage Data

Information regarding your utilization of our platform, including pages viewed, features accessed, course enrollment and completion data, assessment results, learning progress metrics, and interaction patterns.

3.5 Transaction Data

Details pertaining to payments, subscriptions, purchases, and financial transactions processed through our platform, including payment method details (processed by secure third-party payment processors).

3.6 Marketing and Communications Data

Your preferences regarding receipt of marketing communications, newsletter subscriptions, and communication preferences.

This section constitutes our comprehensive Cookie Policy and describes our use of cookies and similar tracking technologies.

4.1 What Are Cookies

Cookies are small text files that are stored on your device when you visit our platform. They enable us to recognize your device, remember your preferences, and provide a personalized experience.

4.2 Categories of Cookies

4.3 Managing Cookie Preferences

You may manage your cookie preferences at any time by clicking the "Cookie Settings" link in the footer of any page. Additionally, most web browsers allow you to control cookies through their settings. Please note that disabling certain cookies may impact your experience on our platform.

We process personal data under the following legal bases as established by the GDPR:

• Contractual Necessity (Article 6(1)(b)): Processing necessary for the performance of our service agreement with you.
• Consent (Article 6(1)(a)): Where you have provided explicit consent for specific processing activities, such as marketing communications and non-essential cookies.
• Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate interests, such as fraud prevention, platform security, and service improvement, provided such interests are not overridden by your fundamental rights.
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with applicable legal and regulatory requirements.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law. Specific retention periods include:

• Account Data: Retained for the duration of your account and for 3 years following account deletion.
• Transaction Records: Retained for 7 years to comply with financial regulations.
• Cookie Consent Records: Retained for 3 years from the date of consent for audit compliance.
• Communication Records: Retained for 2 years from the last interaction.
• Analytics Data: Aggregated and anonymized data retained indefinitely; identifiable data deleted after 26 months.

Under applicable data protection legislation, you have the following rights:

7.1 GDPR Rights (EU Residents)

• Right of Access: Request a copy of personal data we hold about you.
• Right to Rectification: Request correction of inaccurate personal data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: Request limitation of processing in certain circumstances.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

7.2 CCPA Rights (California Residents)

• Right to Know: Request disclosure of personal information collected, used, and disclosed.
• Right to Delete: Request deletion of personal information.
• Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information).
• Right to Non-Discrimination: Not be discriminated against for exercising your rights.

To exercise any of these rights, please contact our Data Protection Officer using the contact information provided in Section 12.

We engage the following categories of third-party service providers:

• Cloud Infrastructure: Supabase (database and authentication services)
• Payment Processing: Stripe (payment gateway services)
• Email Services: Transactional email providers for system communications
• Analytics: Platform usage analysis and performance monitoring
• Content Delivery: CDN providers for optimal content delivery

All third-party processors are contractually obligated to process personal data only in accordance with our instructions and applicable data protection laws.

Your personal data may be transferred to and processed in countries outside your country of residence. Where such transfers occur, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Binding Corporate Rules where relevant
• Certification mechanisms and codes of conduct

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures
• Regular backup and disaster recovery protocols

We may update this Protocol periodically to reflect changes in our practices, legal requirements, or operational needs. Material changes will be communicated through:

• Prominent notice on our platform
• Email notification to registered users
• Updated "Last Modified" date at the top of this Protocol
• Re-prompting for cookie consent where policy version changes affect cookie processing

Your continued use of our services following such updates constitutes acceptance of the revised Protocol.

For any questions, concerns, or requests regarding this Protocol or our data protection practices, please contact us:

You also have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.