Privacy Policy

1. Introduction

ScholaPharma ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services (collectively, the "Services"). By accessing or using our Services, you consent to the data practices described in this policy.

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) for California residents, and other relevant privacy regulations. If you do not agree with the terms of this Privacy Policy, please discontinue use of our Services immediately.

2. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our Services, and information from third-party sources. The types of information we collect include:

3. How We Use Your Information

We use the information we collect for various purposes related to providing, maintaining, and improving our Services. Specifically, we use your information to:

• Provide Services: Create and manage your account, process course enrollments, deliver course content, track learning progress, and issue certificates
• Process Payments: Handle transactions, verify payment information, prevent fraud, and process refunds
• Communicate: Send transactional emails (purchase confirmations, password resets), course updates, support responses, and important service announcements
• Personalize Experience: Recommend relevant courses, customize content based on your interests, and remember your preferences
• Improve Services: Analyze usage patterns, conduct research, test new features, and optimize course content and platform performance
• Marketing: Send promotional emails about new courses, special offers, and educational content (with your consent, where required)
• Security: Detect and prevent fraud, unauthorized access, and other illegal activities; enforce our Terms of Service
• Legal Compliance: Comply with legal obligations, respond to legal requests, and protect our rights and interests

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your interactions with our Services. Cookies are small text files stored on your device that help us recognize you, remember your preferences, and improve your experience.

5. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

6. Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. Our security practices include:

• Encryption of data in transit using SSL/TLS protocols (HTTPS)
• Encryption of sensitive data at rest using AES-256 encryption
• Secure authentication with hashed and salted passwords
• Regular security audits and vulnerability assessments
• Access controls limiting employee access to personal data on a need-to-know basis
• Secure payment processing through PCI-DSS compliant providers (Stripe)
• Regular backups and disaster recovery procedures

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our security measures and respond promptly to any security incidents.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. These rights may include:

To exercise any of these rights, please contact us at [email protected] with your request. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

8. GDPR Compliance (EEA Users)

If you are located in the European Economic Area (EEA), we process your personal data in accordance with the General Data Protection Regulation (GDPR). Our legal bases for processing your information include:

• Contract Performance: Processing necessary to fulfill our contract with you (providing courses, processing payments)
• Legitimate Interests: Processing necessary for our legitimate business interests (improving services, fraud prevention, analytics)
• Consent: Processing based on your explicit consent (marketing communications, optional cookies)
• Legal Obligation: Processing required to comply with legal requirements

You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with GDPR requirements. We are committed to working with you to resolve any concerns.

9. CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the third parties with whom we share it.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: You have the right to opt-out of the "sale" of your personal information. We do not sell personal information as defined by CCPA.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at [email protected] or call our toll-free number. We will verify your identity and respond within 45 days.

10. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account Information: Retained for the duration of your account plus 3 years after account closure for legal and business purposes
• Course Progress Data: Retained for the lifetime of your account to provide continuous access to your learning history
• Transaction Records: Retained for 7 years to comply with tax and financial regulations
• Marketing Data: Retained until you unsubscribe or request deletion
• Analytics Data: Aggregated and anonymized data may be retained indefinitely for statistical purposes

When we no longer need your information, we securely delete or anonymize it in accordance with our data retention policies and applicable laws.

11. International Data Transfers

ScholaPharma is based in the United States, and your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your country of residence.

When we transfer personal data from the EEA to countries outside the EEA, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure your data receives adequate protection. By using our Services, you consent to the transfer of your information to countries outside your country of residence.

12. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected], and we will promptly delete such information from our systems.

13. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by ScholaPharma. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices of third parties, and we encourage you to review their privacy policies before providing any personal information.

We integrate with third-party services such as Stripe for payments, Google OAuth for authentication, and analytics providers. These services have their own privacy policies that govern their collection and use of your information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (if you have provided an email address) or by posting a prominent notice on our website at least 30 days before the changes take effect.

The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of our Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated policy, you should discontinue use of our Services.

15. Do Not Track Signals

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activity tracked. Our Services do not currently respond to DNT signals or similar mechanisms. We continue to monitor developments in DNT technology and may implement DNT recognition in the future.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days. For GDPR-related requests from EEA residents, we will respond within the timeframes required by applicable law.