Privacy Policy

Effective date: 2026-05-26

In short:

1. Who this notice applies to

This privacy notice applies to two audiences:

  • Visitors and prospects.Information you give us directly — for example, by filling in a form on our website or contacting us — is handled by PSCX as the controller of that information.
  • Learners and tenant administrators.If you use the platform because an organization (your “tenant”) provided it to you, your organization is the controller of information about you within the service. PSCX acts as a processor on your organization’s behalf and operates the service under its instructions.

This notice does not describe how a tenant organization uses information about its own people internally. That is governed by your organization’s own privacy practices.

2. Information we collect

We collect only what we need to run the training service and report on learner progress. The categories below describe everything the platform stores about you.

Account information

  • Your name and email address (provided by your organization when they invite you, or by you during sign-up).
  • Your role within the platform — learner, manager, or administrator — and your tenant association.
  • Your password, stored using industry-standard one-way hashing. We never store or transmit your password in recoverable form.

Learning activity

  • Which lessons you opened and how engaged you were with them (video position, time spent on the lesson page, with the page timer paused when your tab is hidden or after a period of inactivity).
  • Quiz attempts and scores, including the answers you gave to individual questions.
  • Lesson ratings you submit and, when your organization enables it, discussion forum posts you make on lessons. Discussion posts are visible to other learners in your organization who can view the same lesson; they are not visible to learners in other organizations.
  • Personal notes you write on a lesson, when discussion mode is not enabled by your organization. Notes are visible only to you.
  • Course assignments and acknowledgements, plus a record of who assigned each course and when assignments were acknowledged or removed.
  • Completion certificates. A certificate stores your name, the course title, and your organization’s name as they were at the time the certificate was issued.

Security signals

  • Records of failed sign-in attempts — the email address used, the source IP address where available, and the time — so we can detect and limit suspicious access attempts. These records are retained briefly and cleared on successful sign-in.
  • A signed session cookie that keeps you signed in between visits and expires after a fixed period, after which you will need to sign in again.

Operational logs

We retain server logs that record events relevant to running the service, including failed sign-in attempts and errors. Logs may briefly contain account identifiers (such as the email address used in a failed sign-in) but are not used for marketing or profiling and are subject to the retention practices of our hosting provider.

Tenant branding

If you are an administrator, the logo you provide for your organization is hosted by us as part of the service.

We do not use third-party advertising trackers, marketing cookies, behavioral analytics services, or session-replay tools on the platform.

3. How we use information

The information described above is used to:

  • Provide, operate, and improve the training service.
  • Give your organization’s administrators and managers the visibility into training progress and quiz performance they need to run their training program.
  • Issue completion certificates when you finish a course.
  • Detect and limit suspicious access attempts and other abuse of the service.
  • Send transactional messages: invitations, password-reset links, certificate notifications, and similar account messages.
  • Respond to support requests you or your administrator send us.
  • Comply with legal obligations and protect our rights.

Where the General Data Protection Regulation (GDPR) applies, our legal bases for these uses are (a) performance of our contract with your organization, (b) our legitimate interests in operating, securing, and improving the service, and (c) compliance with legal obligations. We do not make decisions about you that produce legal or similarly significant effects through automated processing alone.

4. How we share information

We do not sell personal information. We do not share it with advertisers, data brokers, or any party for their own marketing purposes. We share information only in the limited ways described below.

Within your organization

Administrators and managers in your reporting line can see information about your learning activity — including which lessons you have opened, your quiz attempts and scores, ratings you submit, time spent on lessons, and the status of any courses assigned to you. This is structural to the platform and operates on your organization’s instructions. If you want to access, correct, or delete information about you that we hold on your organization’s behalf, please contact your organization first. We will support your organization in responding to your request.

PSCX personnel

A small number of PSCX staff may access account-level information across tenants when necessary to provide customer support, investigate or resolve incidents, prevent abuse, and operate the service. Access is limited to staff whose role requires it, is restricted to the information they need, and is subject to employment confidentiality obligations.

Service providers (subprocessors)

We use a limited number of third-party service providers (“subprocessors”) to operate the platform, including providers for email delivery, hosting, and database operation. A current list of our subprocessors is available at /subprocessors. We update that list when subprocessors change.

Legal demands

We may disclose information when required by valid legal process — for example, a subpoena, court order, or similar binding demand. Where the law permits, we will attempt to notify the affected account before we comply.

Public certificate URLs

When you complete a course, we issue a completion certificate at a unique URL of the form /certify/<code>. That URL is intentionally accessible to anyone with the link, without sign-in, so you can share it with hiring managers, HR teams, or compliance auditors. The certificate page shows your name, the course title, your organization’s name, and the issue date. The URL is yours to share or keep private as you choose. If you do not want a certificate issued, ask your administrator to disable the feature for your tenant or to remove the certificate record on your behalf.

5. How long we keep information

We keep your account information and learning activity for as long as your account is active or as needed to provide the service to your organization.

When your account is deleted, we remove your personal information together with your learning activity, your assignment history, and any completion certificates issued to you. Administrators who need a record of training assignments or completions for their own compliance purposes should contact us to request an export before requesting deletion. Certificate URLs you have already shared will stop resolving once the account is removed.

When your organization ends its relationship with us, we keep tenant data for a short transition period to allow re-onboarding and then delete it.

Records of failed sign-in attempts are retained briefly to enforce protective limits and are then deleted.

6. Security

We use industry-standard measures to protect personal information in transit, and we select hosting providers that encrypt data at rest. We apply access controls so that PSCX personnel access customer data only when their role requires it. We monitor sign-in activity to detect and limit suspicious access attempts. Each organization’s data is logically separated within the platform so users from one organization cannot view another organization’s information.

No system is perfectly secure. If we become aware of a security incident affecting your information, we will notify your organization’s administrator without undue delay and cooperate with any notice or remediation required by law. You can help us protect your account by keeping your credentials confidential and reporting anything suspicious to your administrator or to us.

7. Your rights

If you are a learner

Information we hold about you on your organization’s behalf is controlled by your organization. To exercise rights of access, correction, deletion, portability, or objection, please contact your organization first — most requests can be acted on immediately through your tenant administrator. If your organization cannot help, we will support them in responding within the time required by law.

If you contacted us directly

If you are a visitor, prospect, or direct subscriber, you may request access to, correction of, or deletion of personal information we hold about you by writing to privacy@cloudwarriors.ai. We will respond within the time required by applicable law.

California residents

Under the California Consumer Privacy Act and the California Privacy Rights Act, California residents have the rights to know what personal information we have collected, to delete it, to correct it, to limit the use of sensitive personal information, and to be free from discrimination for exercising these rights. We do not sell or share personal information as those terms are defined under California law. To exercise your rights, contact us at the address above.

Other US state privacy laws

Residents of other US states with comprehensive privacy laws may have rights similar to those described above. The rights summarized in this section apply to the extent required by the law of your state.

If you are in the EU, UK, or EEA

You have the rights of access, rectification, erasure, restriction of processing, data portability, and objection under the GDPR (or UK GDPR, as applicable). You also have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we can try to resolve the issue.

8. International transfers

PSCX operates from the United States, and our subprocessors may also process information outside your country. If you are located outside the United States, the information you provide will be transferred to and processed in the United States. Where required by applicable law, we put appropriate safeguards in place for those transfers.

9. Children

PSCX Advanced Skills Training is a workplace training platform intended for adult employees of our customers. The service is not directed to children under sixteen, and we do not knowingly collect personal information from anyone under sixteen. If we learn that a child under sixteen has provided information to us without appropriate consent, we will delete it.

10. Changes to this notice

We may update this notice from time to time. The effective date at the top of this page reflects the most recent revision. For material changes, we will provide notice through the service or by email to account holders before the change takes effect. Continued use of the platform after a change becomes effective means you accept the updated notice.

11. Contact us

Questions, requests, or concerns about your personal information should be sent to privacy@cloudwarriors.ai. If you are a tenant administrator asking about a Data Processing Agreement, use the same address and we will route the request appropriately.