Privacy Policy

Last updated: January 2026

1. Data Controller

Agentic Academy is operated by Silvio Gobet, based in Geneva, Switzerland. For any privacy-related inquiries, please contact us through the channels provided on our website.

2. Data We Collect

We collect the following types of personal data:

  • Account Information: Email address, encrypted password
  • Usage Data: Training progress, test attempts, certificates earned
  • Session Data: IP addresses, device information, login timestamps for security purposes
  • Payment Information: Processed securely by Lemon Squeezy, our Merchant of Record. We do not store payment card details. Lemon Squeezy's privacy practices are governed by their Privacy Policy
  • User-Generated Content: Reviews and feedback you choose to submit

3. Purpose of Processing

We process your data for the following purposes:

  • Providing and managing your access to training content
  • Tracking your learning progress and issuing certificates
  • Processing payments and managing subscriptions
  • Preventing unauthorized account sharing and ensuring service security
  • Improving our services based on usage patterns
  • Communicating with you about your account

4. Legal Basis for Processing

Under the Swiss Federal Act on Data Protection (FADP) and GDPR principles, we process your data based on:

  • Contract Performance: Processing necessary to provide the training services you purchased
  • Legitimate Interest: Security measures to prevent fraud and account sharing
  • Consent: For optional features like displaying your review publicly

5. Third-Party Processors

We use the following third-party services to operate our platform:

  • Supabase: Authentication and database hosting (servers in EU/US)
  • Lemon Squeezy: Payment processing as Merchant of Record (US-based, GDPR compliant) - Privacy Policy
  • Vercel: Website hosting and delivery (global CDN)

These processors are bound by data processing agreements and comply with applicable data protection laws.

6. Data Retention

We retain your data for as long as your account is active. After account deletion:

  • Account data is deleted within 30 days
  • Payment records are retained for 10 years as required by Swiss tax law
  • Anonymized usage statistics may be retained indefinitely

7. Your Rights

Under the FADP and GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data (subject to legal retention requirements)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests

To exercise these rights, contact us through our website.

8. Kids Academy & Children's Privacy

Our Kids Academy section is designed for children ages 8-16 learning alongside their parents or guardians. We take children's privacy seriously and adhere to the following principles:

  • Parental Involvement: Kids Academy is designed for co-learning with parents/guardians
  • Minimal Data Collection: We collect only essential data (email, progress, XP/badges for gamification)
  • No Behavioral Advertising: We do not use children's data for advertising or profiling
  • No Public Profiles: Children do not have public profiles or ability to message other users
  • Age-Appropriate Content: All Kids Academy content is reviewed for age-appropriateness
  • Parental Access: Parents can view all activity and progress on shared accounts

For US Users (COPPA Compliance): We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe we have collected data from a child under 13 without parental consent, please contact us immediately.

9. Cookies and Tracking

We use essential cookies for authentication and session management. These are necessary for the platform to function and cannot be disabled. We do not use third-party tracking cookies or advertising trackers.

10. Security Measures

We implement industry-standard security measures including:

  • Encrypted data transmission (TLS/HTTPS)
  • Secure password hashing
  • Session monitoring to detect unauthorized access
  • Regular security reviews

11. International Transfers

Your data may be processed in countries outside Switzerland, including the EU and US. Where data is transferred to countries without adequate data protection, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email.

13. Contact & Supervisory Authority

For privacy inquiries, contact us through the channels on our website.

You have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority if you believe your data protection rights have been violated.

Terms of ServiceHome