Privacy Policy

Learn how DataFlow Academy protects your personal data, manages advertising tracking, and upholds your privacy rights under international regulations.

Last updated: August 11, 2025

Our Commitment to Data Protection

DataFlow Academy is committed to protecting your personal data and respecting your privacy rights. This policy explains how we collect, use, share, and protect your information when you interact with our educational services, website, and advertising platforms.

We operate under strict data protection principles and comply with applicable privacy laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other regional privacy frameworks. Our advertising data practices are designed to be transparent, fair, and respectful of user choice.

This policy covers our use of advertising platforms including Google Ads, Facebook Pixel, and Microsoft Advertising, as well as analytics tools and marketing automation systems that help us deliver personalized educational content and measure our impact.

Data Collection by Advertising Platforms

Google Services Data Collection

Google Analytics: Collects page views, session duration, bounce rates, device information, browser type, operating system, referring websites, and user interaction patterns to help us understand website performance and user behavior.

Google Ads: Tracks conversion data, remarketing audiences, interest categories, click-through rates, and ad performance metrics to optimize our advertising campaigns and measure return on investment.

Data Points Collected: IP address (anonymized), browser type, device identifiers, geographic location (city/region level), pages visited, time spent on site, click events, and form interactions.

Cross-Device Tracking: When you're signed into your Google account, we may track your interactions across different devices to provide consistent experiences and measure campaign effectiveness.

Retention Period: Google Analytics data is retained for 26 months by default, while Google Ads conversion data follows Google's standard retention policies of up to 540 days.

Facebook/Meta Data Collection

Facebook Pixel: Monitors page views, button clicks, form submissions, course inquiries, and other conversion events to track the effectiveness of our Facebook and Instagram advertising campaigns.

Custom Audiences: Creates audience segments based on website visitors, email list matching, and lookalike audience generation for more targeted advertising across Facebook's family of apps.

Data Points Collected: User behavior patterns, device IDs, browser information, IP-based location data, interaction timestamps, and conversion events such as contact form submissions.

Cross-Platform Tracking: Integrates data across Facebook, Instagram, WhatsApp, and Messenger to provide comprehensive audience insights and advertising reach.

Retention Period: Facebook Pixel data is retained for 180 days for remarketing purposes, with aggregated data retained longer for performance reporting.

Microsoft/Bing Data Collection

UET Tag: Universal Event Tracking monitors user actions, goal completions, page views, and conversion events to measure the performance of our Bing Ads campaigns.

Remarketing Lists: Segments website visitors based on pages visited, engagement level, time spent, and user actions to create targeted remarketing campaigns.

Data Points Collected: Search queries (when coming from Bing), click data, demographic information (age, gender estimates), device characteristics, and conversion metrics.

Microsoft Account Integration: When you're signed into a Microsoft account, we may link website activity with account data for cross-service tracking and personalization.

Retention Period: Bing Ads data is retained for up to 390 days maximum, with conversion data used for attribution modeling and campaign optimization.

How We Use Your Data

Purposes of Processing

Service Delivery & Support

Processing course applications, delivering educational content, providing customer support, and managing student relationships throughout your learning journey.

Marketing & Advertising

Creating targeted advertising campaigns, measuring marketing effectiveness, building custom audiences, and delivering personalized content recommendations.

Analytics & Optimization

Analyzing website performance, understanding user behavior patterns, optimizing conversion funnels, and improving our educational programs based on data insights.

Security & Compliance

Fraud prevention, security monitoring, legal compliance, protecting against abuse, and maintaining the integrity of our educational platform.

Legal Basis for Processing

Consent

For marketing communications, advertising cookies, social media tracking, and optional analytics. You can withdraw consent at any time through our preference management tools.

Legitimate Interest

For website analytics, security monitoring, fraud prevention, and improving our services. We balance our interests against your privacy rights and provide opt-out mechanisms.

Contract Performance

For delivering educational services, processing course applications, managing student accounts, and providing customer support as part of our service agreement.

Legal Obligation

For tax reporting, financial record keeping, regulatory compliance, and responding to lawful requests from authorities when required by applicable law.

Data Sharing with Third Parties

Advertising Partners

  • Google: Analytics data, conversion events, audience segments for Google Ads, YouTube advertising, and Display Network campaigns
  • Meta/Facebook: Website visitor data, custom audience creation, conversion tracking for Facebook and Instagram advertising
  • Microsoft: Search behavior data, conversion tracking for Bing Ads, and audience segmentation for Microsoft Advertising Network
  • Programmatic Networks: Aggregated audience data for display advertising across publisher networks and demand-side platforms
  • Retargeting Platforms: Visitor behavior data for remarketing campaigns across multiple advertising channels and networks

Service Providers

  • Cloud Hosting Providers: Infrastructure services, data storage, content delivery networks, and website hosting solutions
  • Email Service Providers: Marketing automation, newsletter delivery, transactional emails, and communication management
  • Payment Processors: Secure payment processing, subscription management, and financial transaction handling
  • Customer Support Tools: Help desk software, chat systems, ticket management, and customer relationship management
  • Analytics Providers: Website performance monitoring, user behavior analysis, and business intelligence services

International Data Transfers

Some of our service providers are located outside Japan and the European Economic Area. We ensure adequate protection for international data transfers through:

  • • EU-US Data Privacy Framework participants for US-based services
  • • Standard Contractual Clauses (SCCs) approved by data protection authorities
  • • Adequacy decisions from the European Commission for certain countries
  • • Additional safeguards including encryption and access controls

Your Rights and How to Exercise Them

GDPR Rights (EU/UK Residents)

Right to Access

Request a copy of your personal data we hold, including advertising profiles and tracking information.

Right to Rectification

Correct any inaccurate or incomplete personal data in our systems and advertising platforms.

Right to Erasure

Request deletion of your personal data, including removal from advertising audiences and tracking systems.

Right to Restrict Processing

Limit how we use your data while maintaining your account and basic service functionality.

Right to Data Portability

Receive your data in a machine-readable format to transfer to another service provider.

Right to Object

Opt-out of marketing, profiling, and advertising activities based on legitimate interests.

CCPA Rights (California Residents)

Right to Know: Understand what personal information we collect, use, share, and sell, including categories of data and third-party recipients.

Right to Delete: Request deletion of personal information, subject to certain exceptions for business operations and legal requirements.

Right to Opt-Out: Opt-out of the sale or sharing of personal information for advertising purposes through our "Do Not Sell My Personal Information" link.

Right to Non-Discrimination: Receive equal service and pricing regardless of whether you exercise your privacy rights.

Right to Correct: Request correction of inaccurate personal information in our records and advertising systems.

Platform-Specific Privacy Controls

Google My Ad Center

Control Google advertising and data settings

Facebook Privacy Center

Manage Facebook and Instagram privacy settings

Microsoft Privacy Dashboard

Access Microsoft account privacy controls

Browser Settings

Configure privacy settings in your web browser

How to Exercise Your Rights

To exercise any of your privacy rights, you can:

  • • Use our website contact form to submit a privacy request
  • • Adjust settings directly in the advertising platforms linked above
  • • Configure your browser privacy controls and cookie settings
  • • Use email opt-out links provided in our marketing communications
  • • Request account deletion through our customer support system

We will respond to privacy requests within 30 days and may require identity verification to protect your personal information.

Data Retention and Deletion

Retention Periods

Data Type Retention Period Purpose
Contact Form Data 3 years from last interaction Customer relationship management and service delivery
Analytics Data (Google) 26 months maximum Website optimization and performance analysis
Marketing Data Until consent withdrawn or 2 years inactive Targeted advertising and campaign optimization
Legal Records 5-7 years as required by law Compliance with legal and regulatory requirements
Security Logs 90 days Security monitoring and incident response

Deletion Procedures

Automatic Deletion

Data is automatically deleted after retention periods expire through our automated data lifecycle management systems.

  • • Scheduled deletion jobs run monthly
  • • Secure data overwriting procedures
  • • Audit logging of deletion activities

Manual Deletion

Data can be manually deleted upon user request or when no longer needed for business purposes.

  • • Privacy request processing
  • • Account closure procedures
  • • Third-party deletion coordination

Exceptions to Deletion

We may retain certain data beyond standard retention periods when:

  • • Required by law or regulatory obligations
  • • Necessary for legitimate business purposes (e.g., fraud prevention)
  • • Needed for legal proceedings or dispute resolution
  • • Essential for security and safety purposes
  • • Anonymized data used for research and analytics