1. Overview
AccounTech ("we", "our", "us") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
This policy applies to all users of the AccounTech platform, including students, institutional members, and administrators.
2. Information We Collect
Account information: When you register, we collect your name, email address, and (optionally) your country. If you sign in via Google, we receive your name, email, and profile picture from Google.
Profile information: You may optionally provide a biography and profile photo.
Usage data: We log challenge submissions, scores, time taken, and submission history to power your progress dashboard and leaderboard rankings.
Device and technical data: We collect standard web server logs including IP address, browser type, and referring URL for security and performance purposes.
Payment information: Payment card details are handled entirely by our third-party payment processor. We do not store card numbers or CVV codes.
3. How We Use Your Information
- To create and manage your account and provide access to the Platform.
- To score your challenge submissions and display feedback and progress statistics.
- To show your ranking on the leaderboard (only if your profile is set to public).
- To send transactional emails: account verification, password reset, and institutional invitations.
- To process subscription payments and manage your subscription status.
- To detect and prevent fraud, abuse, or unauthorised access.
- To improve the Platform through aggregated, anonymised usage analytics.
We do not sell your personal data to third parties. We do not use your data for advertising.
6. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law or legitimate business interests (such as fraud prevention records).
Anonymised, aggregated submission statistics may be retained indefinitely for research and platform improvement.
7. Security
We implement industry-standard measures to protect your data, including:
- bcrypt password hashing (12 rounds).
- JWT access tokens stored in memory (not localStorage).
- httpOnly, Secure refresh token cookies.
- HTTPS-only communication.
- Magic-byte validation on uploaded files.
- Rate limiting on sensitive endpoints (login, password reset, email verification).
No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct inaccurate data — you can update most information directly in your profile settings.
- Erasure: Request deletion of your account and personal data.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to certain processing activities.
To exercise any of these rights, please use the Contact page.
9. Children's Privacy
The Platform is not directed at children under 13. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided us with personal data, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by email or by a prominent notice on the Platform at least 14 days before the change takes effect. Continued use after notification constitutes acceptance.
11. Contact Us
For privacy-related questions, data requests, or to report a concern, please use the Contact page.