Privacy Notice

1. Who we are

The Online Education Platform ("we", "us") is the responsible party that decides why and how your personal information is processed when you register and use the Platform. This notice applies to learners, instructors, and administrators.

2. Personal information we collect

• Identity & contact: name, username, email address, phone number, date of birth.
• Profile: education level, occupation, interests, profile photo, preferred language.
• Account & security: password hash, login timestamps, IP address of last login, failed-login counters.
• Learning activity: enrolments, course progress, test attempts, free-text answers, certificates and points.
• Communications: WhatsApp messages exchanged with the platform, in-app chats, notification preferences.
• Consent records: the version of the Terms & Conditions you accepted and the date you accepted them.

3. Why we process your information (purpose)

• To create and manage your account, authenticate you, and keep the service secure.
• To deliver courses, track progress, and award certificates and points.
• To send service messages (account, enrolment, results, reminders) by email and WhatsApp.
• To generate AI-assisted feedback on your learning, with direct identifiers redacted before any third-party AI call.
• To maintain audit logs needed for security, compliance and dispute resolution.

4. Lawful basis (POPIA conditions)

We process your information based on (a) your consent given at registration, (b) the performance of our agreement with you (or your enrolling organization), and (c) compliance with legal obligations.

5. Who we share your information with (operators)

• Your enrolling organization (employer / training provider) — for progress reporting.
• Hosting & database providers — to run the Platform.
• Communication providers: Twilio (WhatsApp), email service providers.
• AI providers: OpenAI and Anthropic. Direct identifiers (names, emails, ID numbers, phone numbers) are redacted before any prompt is sent.

6. Cross-border transfers (Section 72)

Some of our operators (notably OpenAI, Anthropic and Twilio) process data outside South Africa. We rely on their published privacy and security commitments and contractual data-processing terms to ensure an adequate level of protection.

7. How long we keep your information (Section 14)

• Account records are kept while your account is active and for as long as required by your enrolling organization.
• WhatsApp interaction logs are kept for 180 days, then automatically purged.
• System activity logs are kept for 365 days, then automatically purged.
• AI insight cache entries are purged once they expire, or after 90 days at the latest.
• Pre-authentication tokens are purged within 7 days of being issued or used.
• Certain certificate and audit records may be retained longer where required by law.

8. Your rights as a data subject

• Access — request a copy of the personal information we hold about you (use the "Download my data" button on your Account Settings page).
• Correction — update your details on your Account Settings page or via your administrator.
• Deletion — close your account using the "Delete my account" option on the Account Settings page.
• Objection to direct marketing — toggle notification preferences in Account Settings.
• Lodge a complaint with the Information Regulator of South Africa (inforegulator.org.za) if you believe we have mishandled your information.

9. Children (Section 34)

The Platform is intended for users aged 13 and above. We collect a date of birth at registration and refuse accounts for users below this age unless verifiable parental consent has been provided through your enrolling organization.

10. Security

We use technical and organisational safeguards including transport encryption, password hashing (PBKDF2-SHA256), least-privilege access controls, redaction of personal information before AI processing, and automatic retention purges. In the event of a security compromise we will notify the Information Regulator and affected users without undue delay, as required by Section 22.

11. Cookies

We use a small number of strictly necessary cookies to keep you signed in and to remember your preferences. We do not use third-party advertising cookies.

12. Changes to this notice

When we make material changes we publish a new version number above and ask you to accept the updated Terms & Conditions on your next sign-in.

13. Contact

Direct any privacy-related query to our Information Officer at privacy@onlineplatform.co.za.