AppSec Training

Privacy Policy

Last updated: June 11, 2026

1. Who We Are

AppSec Training Inc. ("we", "us") provides professional security training courses. This policy explains how we collect, use, and protect your personal data when you use our education portal.

Contact: privacy@appsectraining.com

2. Data We Collect

  • Account information: email address, first name, last name
  • Training progress: which sections you have watched, completion percentage, timestamps
  • Authentication data: login timestamps, one-time login codes (not stored after use)
  • Technical data: IP address, browser type (logged for security purposes)

3. Why We Collect It (Legal Basis)

  • Contract fulfillment: To deliver the training courses you or your employer enrolled you in
  • Legitimate interest: To track completion for certification and reporting to your employer's training administrators
  • Security: To protect the platform and detect unauthorized access

4. Who Has Access to Your Data

  • You: Full access to your own data via your profile
  • Your company's training administrators: Can see your name, email, course progress, and completion status
  • AppSec Training Inc.: Platform administration and support
  • Sub-processors: Vimeo (video hosting), Google Workspace (email delivery). Each operates under their own privacy policy and data processing agreements.

5. Data Retention

  • Account and progress data: Retained for the duration of the training engagement plus 1 year, or until you request deletion
  • Audit logs: Retained for 2 years for security purposes, then anonymized
  • Certificates: Retained indefinitely for verification purposes, unless you request deletion

6. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access: Request a copy of all data we hold about you
  • Rectification: Update your personal information via your profile
  • Erasure: Request deletion of your account and associated data
  • Portability: Download your data in a machine-readable format
  • Objection: Object to processing of your data
  • Complaint: Lodge a complaint with your local data protection authority

You can exercise these rights from your profile page or by contacting us at privacy@appsectraining.com.

7. Cookies

We use only essential session cookies required for authentication. We do not use tracking cookies, analytics cookies, or advertising cookies. No cookie consent banner is required as these cookies are strictly necessary for the service to function.

8. Security

We protect your data through:

  • Passwordless authentication (no passwords are stored)
  • Encrypted connections (HTTPS)
  • Access controls and audit logging
  • Regular security reviews

9. Data Breach Notification

In the event of a data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours and notify affected individuals without undue delay.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email. The "last updated" date at the top indicates when the policy was last revised.