Privacy Policy

Stackflow Academy respects your privacy and is committed to protecting personal information processed through our website, learning platform, support channels, and related services.

This Privacy Policy explains what information we collect, how we use it, when we share it, how long we retain it, and the rights available to you.

We may collect personal information you provide directly, such as your name, email address, billing details, account credentials, and communications with us.

We also collect usage information, device and browser information, log data, analytics data, and cookie-related information. Payment card details are collected directly by Stripe; we do not store full card numbers or card security codes on our systems.

We use personal information to create and manage accounts, process transactions, deliver purchased products, provide customer support, improve our content and platform, communicate service updates, detect abuse, and comply with legal obligations.

We may also use aggregated or de-identified information for analytics, product planning, operational reporting, and service improvement.

Payments are processed by Stripe, a third-party payment processor that is responsible for handling payment card information in accordance with PCI DSS requirements.

When you complete a purchase, relevant transaction and billing details are shared with Stripe to process the payment, manage fraud prevention, and support refunds, chargebacks, and recurring billing. You can learn more by reviewing Stripe’s privacy policy.

We use third-party vendors and service providers to operate the website and business, including hosting providers, analytics providers, communication tools, and payment processors.

These providers receive only the information reasonably necessary to perform services on our behalf and are expected to protect that information appropriately.

We do not sell your personal information. We may share information with service providers, professional advisors, regulators, law enforcement, or transaction counterparties when legally required or reasonably necessary to operate the business.

We may also share information when needed to enforce our Terms, protect our rights, investigate fraud, or respond to legal process.

We retain personal information for as long as reasonably necessary to provide the service, maintain business records, resolve disputes, enforce agreements, and comply with applicable legal, tax, and accounting obligations.

Retention periods vary depending on the type of information, the sensitivity of the data, and the purpose for which it was collected.

Subject to applicable law, you may have the right to request access to your personal information, correction of inaccurate data, deletion, restriction of processing, portability, or objection to certain uses such as direct marketing.

To exercise privacy rights, contact us at privacy@stackflowacademy.org. We may need to verify your identity before completing certain requests.

Because we operate online and may use service providers in multiple jurisdictions, your information may be transferred to and processed outside your local jurisdiction, including locations that may have different data protection laws.

Where required, we take reasonable steps to ensure appropriate safeguards are used for international data transfers.

Our service is not directed to children under 13 and we do not knowingly collect personal information from children in a manner subject to the U.S. Children’s Online Privacy Protection Act (COPPA).

If you believe a child has provided personal information to us improperly, please contact us so we can review and address the issue.

We use reasonable technical and organizational safeguards designed to protect personal information, including encrypted transport using TLS, access controls, and appropriate storage protections such as encryption measures where suitable, including AES-256 or comparable methods for certain stored data.

No system is completely secure, and we cannot guarantee absolute security of information transmitted or stored through the service.

If we determine that a data breach affecting personal information has occurred, we will investigate promptly and provide notice as required by applicable law.

Where legally required and feasible, we aim to issue relevant breach notifications within 72 hours of confirming a reportable incident.

We may update this Privacy Policy periodically to reflect changes in legal obligations, technology, or business practices. When changes are made, we will update the Last Updated date at the top of the page.

Your continued use of the service after an updated policy becomes effective means you acknowledge the revised policy.

If you have questions about this Privacy Policy or want to exercise your privacy rights, contact our privacy team at privacy@stackflowacademy.org or our data protection contact at dpo@stackflowacademy.org.

Registered address: Unit 1603, 16/F, The L. Plaza, 367-375 Queen's Road Central, Sheung Wan, Hong Kong.