Privacy Policy

We only collect data necessary to operate and secure the Service:

We process personal data under the following legal bases:

• Contractual necessity – to provide access to the platform and deliver purchased services
• Legitimate interests – to secure, improve, and maintain platform functionality
• Legal obligation – to comply with applicable laws and financial/accounting regulations
• Consent – for optional communications where required

We use personal data for:

• Providing access to courses, labs, and learning content
• Managing subscriptions and access control
• Tracking learning progress and issuing certificates
• Authenticating users and securing accounts
• Preventing fraud, abuse, and unauthorized access
• Improving system performance and user experience
• Sending essential service communications

To ensure platform integrity:

• Accounts are strictly personal and non-transferable
• Account sharing or credential sharing is prohibited
• Users are responsible for maintaining account confidentiality

We reserve the right to:

• Suspend or terminate accounts violating these terms
• Revoke access to services or content at our discretion in case of abuse, fraud, or policy violation

All content provided through AlphaSploit (including courses, labs, videos, text, and assessments) is owned or licensed by AlphaSploit.

Users are granted a Limited, Non-exclusive, Non-transferable, and Revocable license for personal educational use only.

Users may NOT:

• Copy or redistribute content
• Share materials outside the platform
• Resell or commercialize content
• Claim ownership of platform content

AlphaSploit operates on a subscription-based access model.

• Access to paid content is granted only during an active subscription period
• Upon subscription expiration, access may be automatically restricted or revoked
• We may enforce access rules dynamically based on subscription status, usage policies, or violations

We reserve the right to manage, suspend, or revoke access where subscription is inactive, misuse or policy violations occur, or system integrity requires enforcement.

We do not sell personal data. We share limited data only with data processors necessary for Service operation, including authentication and database infrastructure providers, hosting providers, and payment processors.

These processors act on our instructions, are bound by confidentiality obligations, and are not permitted to use data for independent purposes.

Personal data may be processed outside your jurisdiction depending on infrastructure providers. Where applicable, we ensure appropriate safeguards are in place in accordance with GDPR requirements (e.g., Standard Contractual Clauses).

We retain personal data only as long as necessary:

• Active accounts: retained during service use
• Learning records: retained for certification and academic history
• Technical logs: retained for limited security and audit purposes
• Deleted accounts: removed or anonymized within a reasonable period unless legally required to retain

We implement appropriate technical and organizational measures, including encryption in transit (TLS/SSL), role-based permissions, secure authentication, and database-level restrictions (Row-Level Security). Despite safeguards, no system is fully secure.

Under GDPR, you have the right to access your personal data, rectify inaccurate data, request erasure (“right to be forgotten”), restrict processing, data portability, object to processing, and withdraw consent. Requests can be submitted via our support email.

We use cookies for authentication, session management, security, fraud prevention, and platform performance analytics. You may disable cookies in your browser settings; however, some features may not function properly.

In the event of a personal data breach, we will assess and contain the incident promptly, notify affected users and relevant authorities where legally required under GDPR, and take corrective measures to prevent recurrence.

We send only service-related communications, including account notifications, subscription and billing updates, security alerts, and course-related updates. Non-essential communications may be opted out of where applicable.

The Service is not intended for individuals below the minimum legal age in their jurisdiction. We do not knowingly collect personal data from minors without appropriate consent.

We may update this Privacy Policy from time to time. Updates will be posted with a revised “Last Updated” date.