BuzzT Cyber Academy
Create account

Legal

Privacy Policy

Last updated: 4 May 2026

BuzzT Cyber Academy ("we", "us") provides cybersecurity training to learners worldwide. This policy explains what personal data we collect, why we collect it, who we share it with, and the choices you have. By creating an account or using the platform, you agree to the practices described here.

1. What we collect

  • Account data: name, email address, hashed password, optional avatar image, and your role (learner or administrator).
  • Verification data: short-lived 6-digit codes sent to your email to confirm ownership before activating an account.
  • Learning activity: course enrollments, module progress, last-visited content, assessment attempts and scores, certificate issuance records.
  • Payment metadata: when you purchase a paid course, our payment processor (Flutterwave) returns a transaction reference, status, and currency. We do not store your card details — those are held only by Flutterwave.
  • Session data: JWT access and refresh tokens stored in your browser's local storage so you stay signed in across visits.
  • Audit log: administrative actions (course edits, role changes, etc.) are recorded with the actor's user id and a timestamp for accountability.

2. How we use it

  • To create and authenticate your account, including the email-verification step.
  • To deliver courses, track your progress, and issue verifiable certificates.
  • To process payments for paid courses through Flutterwave.
  • To send transactional email (verification codes, certificate notifications, account messages).
  • To investigate abuse, enforce our Terms, and meet legal obligations.

We do not sell your personal data, and we do not use it for third-party advertising.

3. Sub-processors we share data with

We rely on the following service providers to operate the platform. Each receives only the data needed for its narrow purpose, under their own data-protection terms.

  • Flutterwave — payment processing for paid courses. Receives your name, email, transaction amount and reference.
  • Brevo — transactional email delivery (verification codes, certificates). Receives your name and email.
  • Cloudinary — image hosting for avatars, course covers, and brand assets.

4. How long we keep it

We keep your account data for as long as your account is active. Verification codes expire after 30 minutes. Refresh tokens expire after 7 days. Audit log entries are retained as long as needed to investigate security or compliance matters. When you ask us to delete your account, we remove your personal data within 30 days, except where we are required to retain it by law.

5. Your rights

Depending on where you live, you may have the right to access the data we hold about you, correct it, delete it, restrict or object to processing, or receive a copy in a portable format. To exercise any of these rights, email us using the address below. We respond within 30 days.

6. Cookies and local storage

We do not use tracking cookies. The platform stores a session record in your browser's local storage so you don't have to sign in on every page load. Clearing your browser storage will sign you out.

7. Children

The platform is not directed to children under 13, and we do not knowingly collect personal data from them. If you believe a child has created an account, contact us so we can remove it.

8. Changes to this policy

We may update this policy as the platform evolves. We will revise the "Last updated" date above and, for material changes, notify you by email.

9. Contact

Questions or requests about this policy? Reach us at buzztholdings@gmail.com.