Privacy Policy

Introduction

We comply with PIPEDA and applicable provincial laws. This policy explains what we collect and why.

“We”, “our”, and “Academy” refer to Northern Journalism Academy. This policy applies to our websites, learning platforms, and related services offered in Canada.

Last updated: 2025-01-01

Data We Collect

• Account information (name, email)
• Course activity and progress
• Payment metadata (processed by third-party providers)
• Support interactions and feedback you provide
• Technical data such as IP address, device, and browser type

How We Use Data

To operate courses, provide support, and improve our services. We do not sell personal data.

• Account creation, course enrollment, and certificate issuance
• Service communications (e.g., reminders, policy updates)
• Security, fraud prevention, and platform integrity
• Research and product development using de-identified or aggregated data

Cookies

We use essential cookies and basic analytics. See cookie banner for details.

• Essential: keeps you signed in and remembers preferences
• Analytics: measures usage to improve content and UX

Security

We apply organizational and technical safeguards, including encryption at rest where appropriate.

• Least-privilege access and access logging
• Encryption in transit (HTTPS/TLS)
• Regular backups and disaster recovery procedures

Legal Basis (When Applicable)

While we operate under Canadian law (PIPEDA), if you are located in the EU/UK, we may also rely on GDPR legal bases, including consent, contract performance, legitimate interests, and compliance with legal obligations.

Data Retention

We retain personal data only as long as necessary to provide services, meet legal obligations, and resolve disputes.

• Account and course records: while your account is active and for a reasonable period thereafter
• Payment metadata: retained to comply with tax and accounting requirements
• Support records: typically 24 months

Children’s Privacy

Our services are intended for individuals 16+ or the age of majority in your province. We do not knowingly collect data from children under 13. If you believe a child has provided data, contact us to request deletion.

International Transfers

Our primary servers are in Canada. When data leaves Canada, we use protections consistent with Canadian law.

Where applicable, we implement contractual safeguards for international transfers.

Service Providers and Processors

We may share data with trusted processors who assist in delivering our services (e.g., cloud hosting, analytics, email delivery, payment processing). These providers are bound by contracts to use data only as instructed and to protect it adequately.

Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects. We may use basic automation to personalize learning paths and content sequencing.

Your Rights

You can access, correct, or delete your data. Contact us at [email protected].

• Access and portability
• Correction and updates
• Deletion where applicable
• Withdraw consent (where processing is based on consent)

How to Make a Request

To exercise your rights, email [email protected] with “Privacy Request” in the subject line. We may need to verify your identity before fulfilling a request. We typically respond within 30 days where required by law.

Do Not Track

Some browsers offer a “Do Not Track” signal. Because there is no consistent industry standard, our services do not respond to such signals. You may control certain tracking via your browser settings and our cookie preferences.

Updates

We will notify users of material changes via email or in-app notices.

Contact

Questions? Email [email protected] or call +1 416-555-0198.