Privacy Policy

1. Information We Collect

RSI Academy collects the following information when you enroll in or use our program:

• Enrollment information: Full name, professional email address, and organization or employer name, collected via our enrollment form.
• Payment information: Payment is processed by Stripe, Inc. RSI Academy does not store credit card numbers, bank account details, or other sensitive payment credentials. Stripe's privacy policy governs payment data handling.
• Program activity: Module completion status, quiz and assessment responses, certification exam attempts, and attestation timestamps, stored in our secure database.
• Communications: Emails sent to or received from our support address in connection with your enrollment.
• Usage data: Aggregate traffic and visit data collected via HuggingFace Spaces analytics. No personally identifiable usage tracking is performed.

2. How We Use Your Information

We use the information collected solely for the following purposes:

• Verifying enrollment status and granting access to program content
• Delivering welcome communications and program access instructions
• Issuing certificates of completion and NAHQ/AHIMA continuing education documentation
• Responding to support inquiries
• Maintaining required records for continuing education accreditation compliance (NAHQ, AHIMA ACEP)
• Improving curriculum content based on aggregate learner outcome data

3. Disclosure to Third Parties

RSI Academy shares your information only with the following parties and only as necessary to operate the program:

• Stripe, Inc. — payment processing. Your payment data is governed by Stripe's privacy policy at stripe.com/privacy.
• Resend — transactional email delivery (welcome email, access instructions). Email content is limited to enrollment confirmation and program access information.
• Supabase — secure cloud database hosting for enrollment records and program activity data.
• HuggingFace — platform hosting for the RSI Academy application.
• NAHQ / AHIMA — if you request CE credit documentation, your name, completion date, and CEU count will be included in required accreditation records. No additional personal data is shared.

We do not sell, rent, or trade your personal information to any third party for commercial purposes.

4. Security Practices

RSI Academy implements the following security measures to protect your information:

• All data transmitted to and from the RSI Academy platform is encrypted via HTTPS/TLS.
• Enrollment records are stored in Supabase with row-level security (RLS) policies limiting access to authorized service roles only.
• Payment processing is handled entirely by Stripe's PCI-compliant infrastructure. No payment credentials pass through or are stored by RSI Academy systems.
• API keys and service credentials are stored as encrypted environment secrets and are never exposed in application code or public repositories.
• Access to enrollment data is restricted to program faculty and operators on a need-to-know basis.

5. Data Retention

Enrollment records are retained for a minimum of three years following program completion to satisfy continuing education accreditation record-keeping requirements. Upon written request, non-accreditation data may be deleted earlier subject to applicable legal and contractual obligations.

6. Your Rights

You have the right to:

• Request a copy of the personal data RSI Academy holds about you
• Request correction of inaccurate personal data
• Request deletion of your personal data, subject to accreditation retention requirements
• Withdraw consent for communications at any time by contacting us at the address below

To exercise any of these rights, contact us at reichert.starguardai@gmail.com.

7. Cookies and Analytics

RSI Academy does not use third-party advertising cookies or tracking pixels. The HuggingFace Spaces platform may collect aggregate, non-identifiable traffic analytics. No personally identifiable behavioral tracking is performed within the RSI Academy application.

8. Children's Privacy

RSI Academy is a professional continuing education program intended for adult healthcare analytics professionals. We do not knowingly collect information from individuals under the age of 18.

9. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. Material changes will be communicated to enrolled learners via email. The effective date at the top of this page reflects the most recent revision.