Privacy Policy

Last updated: 04/18/2026

1. Introduction

Draco School of Discovery, Inc. ("Company," "we," "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use the Draco Learning platform ("Service").

2. Information We Collect

Account Information

  • Name, email address, phone number
  • Company/employer affiliation (if applicable)
  • Account credentials (passwords are hashed and never stored in plain text)

Learning Activity Data

  • Lesson enrollments, progress, and completion records
  • Quiz scores and attempt history
  • Video watch time and checkpoint responses
  • Certificate records and CEU credit history

Technical Information

  • IP address, browser type, device information
  • Session data and login timestamps
  • Cookies for session management and preferences

3. How We Use Your Information

  • Deliver the Service: Provide access to lessons, track progress, issue certificates.
  • Account Management: Authenticate users, process subscriptions, provide support.
  • Compliance Reporting: Generate training reports for employers and regulatory bodies.
  • Communications: Send lesson reminders, certificate notifications, and platform updates (with opt-out options).
  • Improvement: Analyze usage patterns to improve content and user experience.
  • Security: Detect and prevent fraud, abuse, and unauthorized access.

4. Information Sharing

We do not sell your personal information. We may share data with:

  • Your Employer: If your account is linked to a company, your employer's administrators can view your training progress, completion status, and compliance data.
  • Service Providers: Payment processing (Stripe), email delivery (SendGrid), hosting services — all bound by confidentiality agreements.
  • Certificate Verification: Certificate holders' names, completion dates, and verification codes are accessible via our public verification page.
  • Legal Requirements: When required by law, subpoena, or to protect our rights.

5. Data Retention

  • Active accounts: Data retained for the lifetime of the account.
  • Inactive accounts: Data retained for 3 years after last login, then anonymized.
  • Certificates: Retained indefinitely for verification purposes.
  • Support tickets: Retained for 2 years after resolution.

6. Cookies

We use essential cookies for session management and authentication. We do not use third-party tracking or advertising cookies. You can disable cookies in your browser settings, but this may affect platform functionality.

7. Security

We implement industry-standard security measures including:

  • HTTPS encryption for all data in transit
  • Password hashing (bcrypt) for stored credentials
  • CSRF protection on all forms
  • Role-based access controls
  • Regular security audits and updates

8. Your Rights

You have the right to:

  • Access: Request a copy of your personal data.
  • Correction: Update inaccurate information via your account settings.
  • Deletion: Request account deletion (earned certificates remain for verification).
  • Opt-out: Manage email notification preferences in account settings.
  • Data Portability: Export your learning records and certificates.

9. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected and the right to request deletion. We do not sell personal information as defined by the CCPA.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

11. Changes to This Policy

We may update this policy periodically. We will notify registered users of material changes via email and update the "Last updated" date above.

12. Contact

For privacy inquiries, contact us at privacy@dracosd.com or visit our Contact page.