Privacy Policy

Last updated: 2025-08-25

This Policy explains how Rank1Academy (“we”, “us”) processes your personal data in compliance with the GDPR and applicable ePrivacy rules. We only use strictly necessary cookies (see our Cookies Policy).

Data We Collect

• Account data: email, username, password (hashed).
• Purchase data: guide purchased, timestamps, order IDs, provider references (Stripe/PayPal).
• Technical data (minimal): essential session and security information (e.g., authentication tokens via Supabase, CSRF, rate-limiting).
• Payment data: processed by payment providers; we do not store full card details.

How We Use Your Data

• Authenticate users and provide access to purchased guides.
• Process payments and prevent fraud/abuse.
• Send service communications (e.g., receipts, password reset).
• Comply with legal obligations (accounting, tax, disputes).

Legal Bases

• Contract (Art. 6(1)(b) GDPR) — account creation, order processing, delivery of digital content.
• Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, service reliability.
• Legal obligation (Art. 6(1)(c)) — tax and accounting record-keeping.

Processors & Third Parties

We share data with trusted processors strictly as needed to provide the service:

• Supabase (auth, database, storage) — essential for login, access control, and secure file delivery.
• Stripe and/or PayPal (payments) — process transactions and may store payment identifiers and antifraud signals. We do not receive full card data.
• Email service (transactional emails such as password reset/receipts).

We do not sell personal data. No analytics or advertising trackers are used.

Data Retention

We keep account and purchase data for as long as your account is active and as required by law (e.g., tax/accounting). Session and security data are retained for limited periods necessary for safety and troubleshooting.

Your Rights

• Access, rectification, and deletion of your personal data.
• Restriction of processing and objection.
• Data portability.
• Withdraw consent where processing relies on consent (not applicable for essential cookies).

To exercise your rights, contact us at dpo@Rank1Academy.example. You may also lodge a complaint with your local authority (e.g., the CNIL).

International Transfers

When data is transferred outside the EEA, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and ensure processors offer adequate protection.

Security

We implement technical and organizational measures appropriate to the risk (encryption in transit, access controls, least privilege, audit logging).

Changes

We may update this Policy to reflect changes to our practices or legal requirements. We will post any updates here and adjust the “Last updated” date.

Contact

Data Controller: Rank1Academy — dpo@Rank1Academy.example