Effective date: 2026-05-26
In short:
This privacy notice applies to two audiences:
This notice does not describe how a tenant organization uses information about its own people internally. That is governed by your organization’s own privacy practices.
We collect only what we need to run the training service and report on learner progress. The categories below describe everything the platform stores about you.
We retain server logs that record events relevant to running the service, including failed sign-in attempts and errors. Logs may briefly contain account identifiers (such as the email address used in a failed sign-in) but are not used for marketing or profiling and are subject to the retention practices of our hosting provider.
If you are an administrator, the logo you provide for your organization is hosted by us as part of the service.
We do not use third-party advertising trackers, marketing cookies, behavioral analytics services, or session-replay tools on the platform.
The information described above is used to:
Where the General Data Protection Regulation (GDPR) applies, our legal bases for these uses are (a) performance of our contract with your organization, (b) our legitimate interests in operating, securing, and improving the service, and (c) compliance with legal obligations. We do not make decisions about you that produce legal or similarly significant effects through automated processing alone.
We do not sell personal information. We do not share it with advertisers, data brokers, or any party for their own marketing purposes. We share information only in the limited ways described below.
Administrators and managers in your reporting line can see information about your learning activity — including which lessons you have opened, your quiz attempts and scores, ratings you submit, time spent on lessons, and the status of any courses assigned to you. This is structural to the platform and operates on your organization’s instructions. If you want to access, correct, or delete information about you that we hold on your organization’s behalf, please contact your organization first. We will support your organization in responding to your request.
A small number of PSCX staff may access account-level information across tenants when necessary to provide customer support, investigate or resolve incidents, prevent abuse, and operate the service. Access is limited to staff whose role requires it, is restricted to the information they need, and is subject to employment confidentiality obligations.
We use a limited number of third-party service providers (“subprocessors”) to operate the platform, including providers for email delivery, hosting, and database operation. A current list of our subprocessors is available at /subprocessors. We update that list when subprocessors change.
We may disclose information when required by valid legal process — for example, a subpoena, court order, or similar binding demand. Where the law permits, we will attempt to notify the affected account before we comply.
When you complete a course, we issue a completion certificate at a unique URL of the form /certify/<code>. That URL is intentionally accessible to anyone with the link, without sign-in, so you can share it with hiring managers, HR teams, or compliance auditors. The certificate page shows your name, the course title, your organization’s name, and the issue date. The URL is yours to share or keep private as you choose. If you do not want a certificate issued, ask your administrator to disable the feature for your tenant or to remove the certificate record on your behalf.
We keep your account information and learning activity for as long as your account is active or as needed to provide the service to your organization.
When your account is deleted, we remove your personal information together with your learning activity, your assignment history, and any completion certificates issued to you. Administrators who need a record of training assignments or completions for their own compliance purposes should contact us to request an export before requesting deletion. Certificate URLs you have already shared will stop resolving once the account is removed.
When your organization ends its relationship with us, we keep tenant data for a short transition period to allow re-onboarding and then delete it.
Records of failed sign-in attempts are retained briefly to enforce protective limits and are then deleted.
We use industry-standard measures to protect personal information in transit, and we select hosting providers that encrypt data at rest. We apply access controls so that PSCX personnel access customer data only when their role requires it. We monitor sign-in activity to detect and limit suspicious access attempts. Each organization’s data is logically separated within the platform so users from one organization cannot view another organization’s information.
No system is perfectly secure. If we become aware of a security incident affecting your information, we will notify your organization’s administrator without undue delay and cooperate with any notice or remediation required by law. You can help us protect your account by keeping your credentials confidential and reporting anything suspicious to your administrator or to us.
Information we hold about you on your organization’s behalf is controlled by your organization. To exercise rights of access, correction, deletion, portability, or objection, please contact your organization first — most requests can be acted on immediately through your tenant administrator. If your organization cannot help, we will support them in responding within the time required by law.
If you are a visitor, prospect, or direct subscriber, you may request access to, correction of, or deletion of personal information we hold about you by writing to privacy@cloudwarriors.ai. We will respond within the time required by applicable law.
Under the California Consumer Privacy Act and the California Privacy Rights Act, California residents have the rights to know what personal information we have collected, to delete it, to correct it, to limit the use of sensitive personal information, and to be free from discrimination for exercising these rights. We do not sell or share personal information as those terms are defined under California law. To exercise your rights, contact us at the address above.
Residents of other US states with comprehensive privacy laws may have rights similar to those described above. The rights summarized in this section apply to the extent required by the law of your state.
You have the rights of access, rectification, erasure, restriction of processing, data portability, and objection under the GDPR (or UK GDPR, as applicable). You also have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we can try to resolve the issue.
PSCX operates from the United States, and our subprocessors may also process information outside your country. If you are located outside the United States, the information you provide will be transferred to and processed in the United States. Where required by applicable law, we put appropriate safeguards in place for those transfers.
PSCX Advanced Skills Training is a workplace training platform intended for adult employees of our customers. The service is not directed to children under sixteen, and we do not knowingly collect personal information from anyone under sixteen. If we learn that a child under sixteen has provided information to us without appropriate consent, we will delete it.
We may update this notice from time to time. The effective date at the top of this page reflects the most recent revision. For material changes, we will provide notice through the service or by email to account holders before the change takes effect. Continued use of the platform after a change becomes effective means you accept the updated notice.
Questions, requests, or concerns about your personal information should be sent to privacy@cloudwarriors.ai. If you are a tenant administrator asking about a Data Processing Agreement, use the same address and we will route the request appropriately.