How We Handle Your Information

Different touchpoints generate different information types. When someone registers for a career development program, we receive their full name, email address, phone number, and their stated interest area within sustainable travel. That's the baseline. But the intake doesn't stop there.

Program participants often submit career history documents, educational background summaries, and specific learning objectives. These arrive through our learning platform when people complete their initial assessment or enrollment forms. The content varies wildly depending on where someone stands in their career transition journey.

Everything listed above arrives because someone took a deliberate action—signed up, submitted a form, contacted support, enrolled in a program. We don't purchase data from third-party aggregators or merge in information from external databases. The only exception: payment processors send us transaction confirmation details, but those contain minimal information beyond "payment succeeded" or "payment failed" plus a transaction identifier.

One area worth highlighting: when prospective students browse our site before enrolling, we capture technical visit data. Browser type, which pages they viewed, how long they stayed, what device they used. This happens automatically through standard website infrastructure. The Cookie Policy explains those mechanisms in detail, but the short version is that pre-enrollment browsing creates a technical record even before someone becomes a registered user.

Every piece of information we capture serves a functional purpose. There's no "just in case" collection happening. Let's break down the operational logic category by category.

Here's what we explicitly don't do: sell participant information to third parties, use your details for unrelated marketing campaigns, or share career histories with potential employers without explicit permission. The boundaries are clear—information serves program delivery and operational necessity, nothing beyond that scope.

Most information stays within our operational infrastructure, but certain functions require external service providers. Understanding those handoffs matters because your details briefly pass through systems we don't directly control.

Payment processing represents the clearest example. When you enroll in a program, billing details move to our payment processor. They handle the actual transaction—card verification, fraud checks, fund transfers. We receive confirmation that payment succeeded or failed, but the processor retains the sensitive payment credentials. That separation is intentional and security-driven.

Email delivery services receive your email address and the content of messages we send. Program updates, enrollment confirmations, support responses—those all flow through a third-party email infrastructure. We compose the messages, but the actual delivery mechanism sits outside our servers. Those providers operate under strict data handling agreements that limit how they can use participant information.

One scenario we want to address directly: if compareusvsca were acquired by another organization or merged with a different educational provider, participant information would transfer to the new entity. That's a business reality—the new owner would need access to student records, enrollment details, and operational data to maintain service continuity. In such circumstances, affected participants would receive advance notice about the transition and any changes to information handling practices.

We don't engage in data brokerage, don't sell mailing lists to other educational institutions, and don't provide participant details to marketing aggregators. The external movement described above represents the complete picture—anything beyond those specific categories requires your explicit authorization first.

Technical safeguards exist across multiple layers. Data transmission between your browser and our servers occurs through encrypted connections. Stored information sits behind authentication barriers that require valid credentials for access. Payment details never touch our systems directly—they move straight to payment processors with specialized security infrastructure.

Internal access follows role-based restrictions. Support staff see only what they need to resolve issues. Career advisors access learning records relevant to their assigned participants. System administrators have broader access for technical maintenance, but activity logs track who viewed what information and when. These controls aren't perfect, but they reduce unnecessary exposure.

Regular security assessments happen, though the frequency and scope vary based on resource availability and evolving threat landscapes. We patch known vulnerabilities, monitor for suspicious activity, and maintain backup systems in case primary infrastructure fails. But here's the reality: no system is completely breach-proof. Sophisticated attacks sometimes succeed despite reasonable precautions.

If a security incident occurs that compromises participant information, affected individuals receive direct notification. The timeline depends on the investigation complexity—sometimes we know immediately, sometimes it takes days to understand the full scope. Transparency about breaches isn't optional; it's both an ethical obligation and a legal requirement in most jurisdictions.

Information retention follows operational necessity. Active participant records remain accessible throughout program enrollment and for a reasonable period afterward to support transcript requests or alumni services. Once that operational window closes, records move to archive status with more restricted access. Eventually, details that no longer serve any legitimate purpose get permanently deleted.

Financial records follow different retention rules because tax regulations require multi-year documentation. Those timelines aren't our choice—they're dictated by legal requirements that apply to educational service providers. Similarly, certain compliance-related records must be kept for specified durations regardless of whether ongoing operational need exists.

You can request to view what information we hold about you. That includes account details, learning progress records, support ticket history, and enrollment documentation. Some technical logs may be excluded because they contain mixed data from multiple users that can't be easily separated, but the core personally identifiable details are accessible.

Corrections happen when information is inaccurate. If your email address changed, name was misspelled, or career history details need updating, those modifications can be made through your account settings or by contacting support. Some records, like completed transaction details, can't be altered after the fact because they serve as historical documentation of what occurred.

Response timelines for these requests vary. Simple access requests usually get fulfilled within a week. Complex data export requests involving large learning histories might take two to three weeks. Deletion requests that require legal review can extend to thirty days. We'll acknowledge receipt promptly and provide status updates if processing takes longer than initially estimated.

Certain requests can't be accommodated if they conflict with legal obligations or would undermine essential service functions. If your employer sponsored your enrollment and payment came through corporate channels, we may need to retain some transaction documentation even if you request deletion. Active legal disputes or regulatory investigations might freeze information until those matters resolve. These limitations are narrow but real.