Privacy Policy

Last updated: March 2026

1. Who We Are

KoreField Academy ("we", "us", "our") is an applied AI learning platform. We operate as a data controller for the personal data we collect through our platform at korefield.academy and related services.

2. Data We Collect

We collect the following categories of personal data:

  • Account information: name, email address, country, professional background, learning goals
  • Authentication data: hashed passwords, MFA secrets (encrypted), session tokens
  • Learning data: course progress, assessment scores, lab submissions, pod participation, capstone projects
  • Payment data: billing country, payment plan type, installment status. We do not store card numbers — payment processing is handled by PCI DSS-compliant third-party gateways using tokenization.
  • Usage data: pages visited, features used, session duration, device type
  • Communication data: messages sent through the platform messaging system
  • Recruitment data: CV uploads, application details, ATS matching scores (for job applicants only)

3. How We Use Your Data

  • Deliver and personalize your learning experience, including AI-powered tutoring and feedback
  • Track your progress through AI Foundation School and Track Pathways
  • Process payments and manage installment plans
  • Issue and verify certificates upon completion
  • Identify at-risk learners through our Dropout Risk Agent (advisory only — no automated decisions)
  • Improve our platform, curriculum, and AI agents
  • Communicate with you about your account, courses, and platform updates
  • Comply with legal obligations

4. AI and Automated Processing

Our platform uses AI agents (powered by LangChain and LangGraph) for tutoring, assignment feedback, dropout risk assessment, and career guidance. These agents are advisory only — they cannot override human decisions, fabricate data, modify curriculum, or bypass payment or certification gates. All AI outputs include guardrails against prompt injection, hallucination, and bias. You can request human review of any AI-generated assessment or recommendation.

5. Legal Basis for Processing

  • Contract performance: delivering the learning services you enrolled in
  • Legitimate interest: improving our platform, preventing fraud, ensuring security
  • Consent: marketing communications, optional analytics
  • Legal obligation: tax records, regulatory compliance

6. Data Sharing

We do not sell your personal data. We share data only with:

  • Cloud infrastructure providers (AWS) for hosting and storage — data encrypted at rest and in transit
  • Payment processors for transaction processing (tokenized, PCI DSS-compliant)
  • Cloudflare for video content delivery
  • Corporate partners — only for sponsored learners, limited to progress and completion data as agreed in the sponsorship terms
  • Law enforcement or regulators when required by law

7. International Transfers

Your data may be processed in regions outside your country of residence. We use AWS infrastructure with appropriate safeguards including Standard Contractual Clauses (SCCs) for transfers outside the EEA/UK. We comply with GDPR, Nigeria's NDPR, UK DPA 2018, and CCPA/CPRA requirements for cross-border data transfers.

8. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account closure
  • Learning records and certificates: retained indefinitely for verification purposes (certificates are publicly verifiable)
  • Payment records: retained for 7 years for tax and audit compliance
  • AI agent traces: retained for 90 days (via LangSmith) for quality assurance
  • Job applications: retained for 12 months after the position is filled

9. Your Rights

Depending on your jurisdiction, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data (subject to legal retention requirements)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with your local data protection authority

To exercise these rights, contact us at privacy@korefield.academy.

10. Security

We implement industry-standard security measures including TLS 1.2+ for all data in transit, encryption at rest for databases and storage, MFA for privileged roles, RBAC at API and database layers, container image vulnerability scanning, and regular security audits.

11. Children

KoreField Academy is designed for adult learners and working professionals. We do not knowingly collect data from individuals under 16. If you believe a minor has provided us with personal data, contact us immediately.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or platform notification at least 30 days before they take effect.

13. Contact

For privacy inquiries: privacy@korefield.academy