This policy explains what data Africa Rising Academy ("the Academy") collects when you use this website and learning platform, why we collect it, who we share it with, and the choices and rights you have. The data controller is M-Office Portal Limited. The Academy serves learners across Africa and beyond; we process personal data in line with the Nigeria Data Protection Act 2023 (NDPA) — the law of our home jurisdiction — and we respect the data-protection laws of other countries, in Africa and elsewhere, where they apply to you. We keep this policy plain and only describe what the platform actually does.

The short version (the full policy below governs)
We collect what's needed to teach, examine and certify you — we don't sell your data. Anything public (profiles, leaderboards, the Talent Network, the sponsor wall) is opt-in; certificate verification is public by design because that's what makes your credential trustworthy. Analytics are privacy-first — no keystrokes, no full IP addresses. You can export your data or delete your account at any time.

Information we collect

  • Account details — your name, email address and (optionally) your organisation. Passwords are stored only as a strong one-way hash (Argon2id); we never see or store your password in plain text. If you sign in with a social provider (e.g. Google, Microsoft, Apple), we receive your name, email and the provider's account identifier — never your password with that provider.
  • Learning activity — the courses you enrol in, your lesson progress, exam attempts and scores, certificates issued, and (where gamification is enabled) points, levels, achievements, streaks, reward coins and redemptions.
  • Payments & funding — when you buy a course, membership, seat bundle or recertification, payment is processed by our payment providers (Paystack for Naira and Stripe for international cards). We do not receive or store your full card details; we keep order records and the provider's transaction reference so we can confirm payment and issue receipts. If you apply for a co-funded seat or scholarship, we record your application, eligibility answers and the funding decision.
  • Interest signals — demand votes you cast and waitlists you join, so we can gauge interest in planned courses and notify you when one you asked for launches.
  • Messages — anything you send us through the contact form or by email, so we can respond.
  • Usage & device analytics — where enabled, we record privacy-respecting analytics about how the site is used: pages viewed, links/buttons clicked, time on page, and your device type, browser, operating system, approximate country, and the referring site. We do not record keystrokes or the contents of form fields, URLs are stripped of tokens and identifiers, and your IP address is stored only as a short, salted hash — never in full. We honour your browser's Do Not Track setting.
  • Exam integrity — to protect the value of certificates, exams may record integrity signals such as switching away from the exam window, and exam screens may carry an identity watermark. Where the operator has enabled webcam identity verification, a photo is captured at the start of the exam, stored privately, and made available only to authorised reviewers.
  • Content partner details — if you apply to become, or are onboarded as, a content partner (someone who publishes courses on the platform), we collect your name or organisation, contact email, website, the courses you author, your bank/payout details, and a record of the partner agreements you accept (with the date, IP address and version).
  • Talent Network profile — if you choose to publish a profile to the Certified Talent Network, we collect what you add there: a headline, skills, location and onsite/remote preference, an optional résumé, and the verifiable certifications you elect to show. Employers see this; your contact details stay private until you accept an approach (see below).
  • Employer & sponsor details — if you register as an employer or hiring organisation, or sponsor certifications (as a company, philanthropist, NGO, government body or individual), we collect your name or organisation, contact details, and a record of your jobs, scholarships, gifts, seats and messages, and we generate gift receipts and impact summaries for you.
  • Ambassador & referral data — if you join the ambassador (affiliate) programme, we record your referral code, the sign-ups and purchases attributed to it, your commission ledger and your payout details.

Why we process it (lawful bases)

  • To perform our contract with you — deliver courses, run exams, issue certificates, process payments and funded seats, operate memberships, credit referrals, and pay partners.
  • Legitimate interests — keep the platform secure, prevent fraud and abuse, uphold exam and certificate integrity, understand and improve how the site and courses are used, and defend legal claims.
  • Consent — optional features you switch on (public profile, leaderboard, Talent Network, sponsor wall credit) and non-essential emails, which you can withdraw at any time.
  • Legal obligation — tax, accounting and lawful requests from competent authorities.

Verifiable certificates are public by design

The whole point of a verifiable certificate is that anyone can confirm it. When you earn one, its details (your name, the course, the issue and expiry dates and a unique ID) can be confirmed on our public verification page and via an Open Badge. Sharing that link is your choice; the verification record exists so employers and clients can trust it. If a certificate is revoked for an integrity breach, the verification record reflects that.

Public profiles, leaderboards & share cards

Features such as your public profile, brag badges, the leaderboard, your talent passport and social share cards are opt-in. They only show what you choose to make public (for example a display handle, level, badges, or the certifications on your passport) and you can turn them off in your settings. Note that a page you have shared publicly may be cached by search engines or social networks for a time after you unpublish it.

Certified Talent Network

The Talent Network is opt-in. If you publish a profile, verified employers can find you by skill and locality and see the profile you chose to show — but your contact details stay private until you accept an employer's approach. We don't sell or scrape candidate data, and we don't cold-share your email. You can unlist your profile, delete your résumé, or leave the network at any time from your settings. When you apply to a job, the employer that posted it receives your application and the profile you've made visible. Once you choose to share contact details or a résumé with an employer, that copy is in the employer's hands and is governed by their own privacy practices.

Scholarships, co-funded seats & sponsor-to-hire

If you receive a Sponsor-to-Hire scholarship, the employer who funded it is told that you applied, were awarded a seat, and (once you certify) that you qualified — this is the "first-look" that makes employer-funded training possible. They see your name and the certification you earned, not your exam answers. The certificate you earn is a normal, full-value credential that is yours to keep whether or not you are hired. Taking a scholarship never obliges you to accept a job. If you apply for a co-funded seat, your application and eligibility details are seen only by Academy staff who administer the fund.

The Community Scholarship Fund

If you sponsor certifications through the Community Fund, we record your gift and, with your consent, may credit you publicly on the sponsor wall and Nation Builders leaderboard and issue you a verifiable Nation Builder certificate. You can choose to give anonymously or keep your gift off the wall. Sponsored seats are awarded to vetted learners; a sponsor funding the pool as a public good does not receive the personal data of the learners their gift helps certify — impact summaries are aggregate.

Teams, organisations & branded portals

If your seat is bought or sponsored by your employer or another organisation (including through a branded organisation portal), that organisation's administrators can see the status of the seats they fund — who they are assigned to, enrolment and progress, and whether the certification was earned. They do not see your password, messages, or activity outside the seats they fund.

Content partners & their courses

Some courses on the platform are created by vetted content partners rather than by us. When you take a partner course, the partner receives only aggregate, non-identifying performance about their course — such as enrolment counts, completion and exam-pass rates, and average ratings. They do not receive your name, email or other personal data, and are contractually bound not to attempt to identify or contact you outside the platform. Reviews you leave are shown to partners anonymously.

Who we share it with

We do not sell your personal data. We share it only with the service providers needed to run the Academy — our payment processors (Paystack, Stripe), our email delivery provider, and our hosting infrastructure — and where we are legally required to (for example a lawful order from a competent authority), or where reasonably necessary to enforce our terms, protect exam integrity, or establish or defend legal claims. Content partners receive only aggregate course performance, never your personal data (see above). Where you opt in, employers see the Talent Network profile you publish (with contact details gated until you accept), organisation administrators see the seats they fund, and a scholarship sponsor sees the candidate they funded as described above — in each case only because you chose to take part. If the Company is involved in a merger, acquisition or asset sale, personal data may transfer as part of that transaction under confidentiality protections; we will take reasonable steps to notify you. Aggregated, non-identifying statistics may be used to describe the platform (for example "learners certified").

International transfers

Some of our service providers (for example Stripe and email infrastructure) may process data outside Nigeria. Where personal data leaves Nigeria we rely on the transfer mechanisms recognised by the NDPA, including transfers to jurisdictions with adequate protection and contractual safeguards with the provider.

How long we keep it

We keep your account and learning records while your account is active. Detailed analytics are short-lived: interaction events are deleted after about 90 days and visit sessions after about 180 days. Payment and gift records are kept as long as tax and accounting law requires. Signed certificates are retained as long as they are valid so they remain verifiable.

Automated features & human review

Some features compute signals automatically — for example talent scores and rankings, leaderboards, learner-progress indicators and exam-integrity flags. These are informational aids. Decisions that significantly affect you — such as withholding or revoking a certificate after an integrity flag, awarding a scholarship or co-funded seat, or suspending an account or partner — are made or reviewed by a person, and you can contest them by contacting us.

Your rights & choices

Under the NDPA (and equivalent laws where they apply) you have the right to:

  • Access & portability — request a copy of your data; the platform can export your account, enrolments, attempts and certificates as a data file.
  • Erasure — ask us to delete your account. We anonymise your personal information; already-issued signed certificates are retained in anonymised form so existing verifications don't break, and records we must keep by law (e.g. payment records) are kept for their statutory period.
  • Correction — update your profile details at any time, or ask us to fix them.
  • Objection & withdrawal of consent — switch off opt-in features at any time; object to processing based on legitimate interests.
  • Marketing opt-out — every non-essential email (including broadcasts and course announcements) has an unsubscribe link; essential service emails are always sent.

To exercise any of these, contact us or email academy@m-office.example. We respond within the timelines the law requires. If you believe we have not handled your data properly, you may also lodge a complaint with the Nigeria Data Protection Commission (NDPC) or your local supervisory authority.

Cookies & local storage

We use a small number of cookies and browser-storage items: a secure session cookie to keep you signed in (HttpOnly, Secure, SameSite), a remembered theme (light/dark) preference, a referral attribution when you arrive through an ambassador link, and — when analytics are enabled — anonymous visit/visitor identifiers. We don't use third-party advertising cookies.

Security

Data is encrypted in transit over HTTPS. Passwords are hashed with Argon2id, certificates are signed with RSA, and the platform uses CSRF protection, login throttling, optional two-factor authentication and role-based access controls. No system is perfectly secure, but we take reasonable, modern measures to protect your information, and we will notify you and the NDPC of a breach where the law requires it.

Children

The Academy is intended for professional and workplace training and is not directed at children. We do not knowingly collect data from children; if you believe a child has registered, contact us and we will remove the account.

Changes to this policy

We may update this policy from time to time. We'll revise the "last updated" date above and, for significant changes, take reasonable steps to let you know.

Questions about your data?
Reach us any time at academy@m-office.example or via the contact page.