Privacy Policy

This Privacy Policy describes how ZeroToArchitect ("we", "us", or "our") collects, uses, and protects your personal information when you use our website and services at zerotoarchitect.com.

ZeroToArchitect is operated as a Persoană Fizică Autorizată (PFA) registered in Romania. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and Romanian data protection laws.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.

The data controller responsible for your personal information is:

3.1 Information You Provide

We collect information that you voluntarily provide to us when you:

• Create an account (name, email address, password)
• Update your profile information
• Make a purchase (billing information processed securely through Stripe)
• Participate in courses, exams, or assessments
• Communicate with us via email or contact forms
• Subscribe to our newsletter or marketing communications

3.2 Automatically Collected Information

When you access our website, we automatically collect:

• Device information (browser type, operating system, device identifiers)
• Log data (IP address, access times, pages viewed, referring URLs)
• Usage data (course progress, quiz results, time spent on platform)
• Cookies and similar tracking technologies

3.3 Third-Party Information

We may receive information from third-party services:

• Firebase Authentication (authentication data)
• Stripe (payment transaction information)
• Google Analytics (anonymized usage statistics)
• PostHog (product analytics)

We use the collected information for the following purposes:

4.1 Service Delivery

• Create and manage your account
• Provide access to courses, exams, and learning materials
• Track your learning progress and achievements
• Issue certificates and credentials
• Process payments and manage subscriptions

4.2 Communication

• Send transactional emails (account verification, password resets, purchase confirmations)
• Provide customer support and respond to inquiries
• Send educational content and course updates
• Deliver marketing communications (with your consent)

4.3 Improvement and Analytics

• Analyze platform usage to improve our services
• Develop new features and educational content
• Conduct research and analytics
• Ensure platform security and prevent fraud

4.4 Legal Compliance

• Comply with legal obligations under Romanian and EU law
• Enforce our Terms of Service
• Protect our rights and prevent misuse of our services

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services and fulfill our contractual obligations to you
• Consent: Marketing communications, cookies, and optional features (you can withdraw consent at any time)
• Legitimate Interests: Improving our services, security, and analytics (balanced against your rights)
• Legal Obligations: Compliance with Romanian and EU legal requirements

We do not sell your personal information. We may share your information only in the following limited circumstances:

6.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our platform:

• Firebase: Authentication and database services (Google LLC)
• Stripe: Payment processing (Stripe, Inc.)
• Postmark: Transactional email delivery (Wildbit, LLC)
• PostHog: Product analytics (PostHog, Inc.)
• Hosting Providers: Infrastructure and content delivery

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

6.2 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations, court orders, or government requests
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Enforce our Terms of Service

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

We retain your personal information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal obligations (e.g., tax and accounting records for 10 years in Romania)
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

Specific retention periods:

• Account data: Duration of account + 30 days after deletion
• Transaction records: 10 years (Romanian legal requirement)
• Marketing data: Until you unsubscribe or withdraw consent
• Analytics data: Anonymized and retained for up to 26 months

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with Firebase (password hashing, secure tokens)
• Regular security audits and vulnerability assessments
• Access controls and authentication for all systems
• Secure payment processing through PCI-DSS compliant providers (Stripe)
• Regular backups and disaster recovery procedures

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

As a data subject under GDPR, you have the following rights regarding your personal information:

We use cookies and similar tracking technologies to enhance your experience and analyze platform usage.

10.1 Types of Cookies We Use

10.2 Managing Cookies

You can control cookies through:

• Your browser settings (most browsers allow you to refuse or delete cookies)
• Our cookie consent banner (when available)
• Opt-out tools provided by analytics services

Note: Disabling essential cookies may affect platform functionality.

Your personal information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where some of our service providers are located.

When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Service providers certified under relevant data protection frameworks

Our primary service providers (Firebase, Stripe, Postmark, PostHog) comply with GDPR requirements and implement appropriate safeguards for international transfers.

Our services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16.

If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information promptly.

If you believe we have collected information from a child under 16, please contact us immediately at contact@zerotoarchitect.com.

With your consent, we may send you marketing communications about our courses, features, and promotions.

You can opt out at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your email preferences in your account settings
• Contacting us at contact@zerotoarchitect.com

Note: You will continue to receive transactional emails (account notifications, purchase confirmations, etc.) even if you opt out of marketing communications.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements.

When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or prominent notice on our website
• Request your consent if required by law

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Authority: