Privacy Policy

Last updated: 12 June 2026

1. What we collect

Account data: name, email, phone number, hashed password. Student profile:date of birth, address, passport photo, education history (10th/12th/degree/master's), and work experience — collected to administer enrollments and certification. Learning data: enrollments and lesson completion. Technical data: essential cookies for authentication.

2. How we use it

To operate your account, deliver courses, track your progress, provide support, and meet legal obligations. We do not sell personal data. Passwords are stored only as bcrypt hashes; session tokens are stored hashed and are revocable.

3. Cookies

We use a single essential, httpOnly cookie to keep you signed in securely. It is not used for tracking or advertising. Optional analytics cookies, if ever introduced, will require separate consent.

4. Data retention

Account & profile data is retained while your account is active and for 90 days after deletion (to handle accidental deletions and disputes), after which it is permanently erased. Learning records (enrollments, completions) are retained for 3 years for certification verification. Audit logs are retained for 1 year for security purposes. Expired session tokens are purged within 30 days.

5. Sharing

Data is shared only with infrastructure providers needed to run the Platform (hosting, database) under data-processing agreements, or when required by law.

6. Your rights

You can request access, correction (via an administrator for locked profiles), export, or deletion of your personal data at any time: hello@opsnova.dev.

7. Security

We apply industry practice: bcrypt password hashing, short-lived access tokens, rotating refresh tokens stored as hashes, role-based access control, input validation, rate limiting, and audit logging of privileged actions.