Privacy Policy

Last updated: April 15, 2026

1. Data Controller

Ridgeline Cyber Defence Ltd is the data controller for personal data collected through training.ridgelinecyber.com.

2. What We Collect

When you create an account: your email address, name (optional), and hashed password. When you subscribe: Stripe collects payment information directly — we never see or store your card details. We also store your course progress and feedback submissions.

3. How We Use Your Data

To provide access to training content, to process subscriptions, to send transactional emails (welcome, password reset, subscription status), and to send our weekly newsletter if you subscribe to it. We do not sell your data to third parties.

4. Third-Party Processors

Stripe (payment processing), Resend (transactional email), Cloudflare (hosting and security). Each processor handles data under their own privacy policies and applicable data processing agreements.

5. Data Retention

Account data is retained while your account is active. If you cancel, your account remains with free-tier access. To request complete account deletion, contact training@ridgelinecyber.com.

6. Your Rights (GDPR)

You have the right to access, rectify, erase, restrict processing, and port your personal data. To exercise these rights, contact training@ridgelinecyber.com. We will respond within 30 days.

7. Cookies

We use a single session cookie (HttpOnly, Secure, SameSite=Lax) for authentication. We use Cloudflare Web Analytics which does not use cookies and does not track individual users. We do not use advertising cookies or third-party tracking.

8. Contact

Privacy inquiries: training@ridgelinecyber.com