Privacy Policy

Privacy Policy – Framework

  1. Responsible Entities
  • Infina Ltd (UK) and InfinaTech Inc (USA) jointly process data.
  • UK data (GDPR) processed under UK law; U.S. data processed under U.S. privacy laws (e.g. CCPA, COPPA where applicable).
  1. Data Collected
  • Personal info: name, email, phone number, payment details, cohort activity.
  • Behavioral data: video watches, quiz results, GitHub repo metrics.
  • Optional data: job outcome for job-guarantee cohorts.
  1. Legal Bases
  • Contractual necessity: to deliver services you signed up for.
  • Legitimate interest: for platform improvements and analytics.
  • Consent: for marketing—opt-in only, with opt-out line in every email.
  1. Use Cases
  • Deliver course content, manage bookings, and enforce terms.
  • Marketing (only if opted in), automated recommendations, and feedback surveys.
  • Alumni validation (permission-based project showcases).
  1. Sharing Data
  • We do not sell your data.
  • We may share with:
    • Affiliate or partner organizations for pilot programs (e.g. client POC sponsors).
    • Analytics & infrastructure providers on a subprocessor basis (Google, Stripe, AWS).
  • All subprocessors bound by strict data protection terms.
  1. Data Storage & Retention
  • Retained for as long as you are an active learner, then archived for 5 additional years (for alumni, employability tracking).
  • Data stored in UK or U.S.-based AWS servers (ISO 27001 certified) with encryption in transit and at rest.
  1. Your Rights
  • UK Clients (under GDPR): right to access, rectification, erasure, restriction, data portability, objection.
  • US Clients (under CCPA): right to access, deletion, “do not sell.”
  • Opt-out by emailing hello@joininfinatech.com.
  • Lawful requests handled within 30 days.
  1. Children & Minors
  • Not intended for minors. Applicants under 18 must have written guardian consent. No unaccompanied minor enrollments.
  1. Security
  • Infina employs industry-standard security: MFA, annual penetration tests, quarterly code audits, and logging.
  • In the event of a breach, you’ll be notified within 72 hours in compliance with GDPR/CCPA.
  1. Updates to Policy
  • We may update this policy. You’ll be notified by email 45 days prior to any material changes requiring opt-in again.