Last updated: 2025-11-11 • Version 1.0

Privacy Policy

This Privacy Policy explains how Professors Academy ("ProfAcademy", "we", "us", "our") collects, uses, discloses, and protects personal information when you use our website, mobile apps, and related services (collectively, the "Services").

1) Our role and legal framework

We are the Responsible Party for purposes of South Africa’s Protection of Personal Information Act, 4 of 2013 (POPIA). Where we use service providers to process information on our behalf, they act as Operators under POPIA.

2) Contact

Information Officer
Email: [email protected]
Website: https://profacademy.org/

Information Regulator (South Africa)
Website: https://inforegulator.org.za/
You may lodge a complaint with the Regulator if you believe we have infringed your POPIA rights.

3) What we collect

Account & identity: email address, password hash, subscription status (Basic/Premium).
Payment: payment reference, plan, and status returned by our payment provider (we do not store card numbers).
Usage: pages visited, clicks, device and network metadata (e.g., IP address) to secure the Service and improve performance.
Support: messages you send to us and related metadata.
Learning progress (when enabled): content started/completed, timestamps, and basic analytics to resume playback and track progress.

4) Why we process your information (POPIA section 11 grounds)

To provide the Service and fulfill features you request (account, sign‑in, progress syncing, subscriptions).
To conclude or perform a contract with you for Premium access.
To comply with law (e.g., tax and accounting record‑keeping).
With your consent where required (e.g., direct marketing by email). You can withdraw consent at any time.
Legitimate interests, balanced against your rights (e.g., security, fraud prevention, Service improvement).

5) How we use your information

Authenticate you; maintain sessions; remember preferences.
Process subscriptions and verify successful payments.
Deliver content via our CDN; optimize performance and reliability.
Respond to support requests and troubleshoot issues.
Measure product usage at an aggregate level to improve the Service.
Comply with legal requests, subpoenas, or lawful access requirements.

6) Operators and third‑party recipients

Paystack (payment processing).
Cloudflare (security, CDN, and edge compute/Workers; includes R2 object storage).
Email delivery (e.g., MailChannels or equivalent) for transactional messages such as password resets.
YouTube (only when you play embedded videos; YouTube may collect usage data per its own policy).
Analytics (if enabled) for aggregate usage reporting.

Operators are bound by contract to process personal information only on our instructions and to implement appropriate security safeguards as required by POPIA section 20.

7) Cross‑border transfers

Your information may be processed outside South Africa (for example, by our CDN/email/payment providers). When we transfer information cross‑border, we use contractual and technical safeguards consistent with POPIA (section 72), and we choose suppliers with appropriate security standards.

8) Retention

Account data: kept while your account remains active and for up to 24 months after last activity, then deleted or anonymised unless we must keep it longer by law.
Payment records: retained for at least 5 years for tax and accounting compliance.
Support correspondence: retained for up to 24 months.
Backups/logs: short, rolling periods for resilience and security.

9) Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including encryption in transit, access controls, audit logging, least‑privilege access, and regular patching of infrastructure. No system can be guaranteed 100% secure; we continuously improve controls and monitor for abuse.

10) Your POPIA rights

Request access to the personal information we hold about you.
Request correction or deletion of your information where legally permissible.
Object to certain processing, including direct marketing; or request that we restrict processing.
Withdraw consent where processing is based on consent.
Lodge a complaint with the Information Regulator (South Africa).

To exercise these rights, contact us at [email protected]. We may require identity verification before actioning a request. Some requests may be limited by law (e.g., record‑keeping obligations).

11) Children and learners

Our Services are intended for learners aged 13 and older. If you are between 13 and 17, you should obtain consent from a competent person (parent or legal guardian) where POPIA requires such consent. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information, contact us and we will take appropriate steps to delete it.

12) Cookies and similar technologies

We use strictly necessary cookies to run the Service (e.g., session tokens). With your consent, we may use analytics cookies to understand usage. Third‑party content (e.g., YouTube) may set its own cookies. You can control non‑essential cookies via your browser settings and, if provided, our on‑site controls.

13) Direct marketing

We may send you service and transactional messages (e.g., password resets, payment confirmations) without consent. We will only send direct marketing messages with your consent or as otherwise permitted by POPIA. You can opt out at any time by using the “unsubscribe” link in the message or by contacting us.

14) Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. When we post changes, we will update the “Last updated” date above. If changes are material, we will provide additional notice.

15) PAIA/Access to Information

Where applicable, our PAIA manual describes how to request access to records we hold. Contact us at [email protected] for more information.

Questions? Email [email protected].