Last Updated: January 3, 2026
This Privacy Policy describes how Continual CV LLC LLC ("Company," "we," "us," or "our") collects, uses, discloses, and protects personal information in compliance with:
• California: CCPA/CPRA (California Consumer Privacy Act, as amended)
• EU/UK: GDPR and UK GDPR
• US Multi-State: VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), UCPA (Utah)
• Canada: PIPEDA
• International: Other applicable privacy laws
LANGUAGE & TRANSLATION NOTICE
This Privacy Policy is provided in English.
At or before collection, we provide notice of:
• Categories of personal information to be collected
• Purposes for which information will be used
Categories of Information Collected:
| Category | Examples | Purpose |
|----------------------------|----------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|
| Identifiers | Name, email, phone, IP address, account login. | Account creation, course enrollment, communication. |
| Professional Info | Job title, company name, LinkedIn profile, background. | Tailor educational content, improve relevance |
| Education Info | School/degree, field of study, learning goals. | Personalize learning experience |
| Sensitive Info (SPI) | Login credentials, passwords, security codes | Account authentication and security |
| Payment Info. | Credit card type, last 4 digits, billing address | Process payments (not stored by us—Stripe/PayPal handles) |
| Internet Activity | Pages viewed, features used, course progress, time spent, clicks | Improve Services, analytics, platform optimization |
| Audio/Visual Data | Video/audio recordings of live sessions | Educational purposes, student playback, archival |
| Geolocation | City/country (from IP address) | Localize experience, comply with tax laws, fraud prevention |
Primary Purposes:
• Deliver online courses and educational content
• Process payments and manage subscriptions
• Create and manage your student account
• Send course updates, announcements, and administrative emails
• Provide customer support and respond to inquiries
• Improve Services and user experience
• Ensure platform security and detect fraud
• Comply with legal and tax obligations
Sensitive Personal Information (SPI) Use:
Per CCPA/CPRA and GDPR, we do NOT use SPI (passwords, credentials, security codes) for:
• Profiling
• Targeted advertising
• Secondary commercial purposes
• Any purpose other than account authentication and security
Recording Consent & Use
Notice of recording is provided:
• At the beginning of all live sessions
• In our Privacy Policy
• Via in-session notifications
If you do not consent to recording, do not participate in live interactive sessions.
Recordings are used solely for:
• Providing playback to enrolled students
• Educational purposes
• Quality assurance
• Platform improvement
Recordings are NOT used for marketing, advertising, or promotion without separate written consent.
Marketing Communications
• You may receive emails about new courses, promotions, and company news
• You may unsubscribe anytime via the link in emails
• Unsubscribing does not affect transactional (course-related) emails
Cookies & Tracking
We use cookies for:
• Essential functionality (login, session management)
• Analytics (page views, engagement)
• Performance monitoring
We do NOT use cookies for:
• Cross-context behavioral advertising (which would be considered "sharing" under CCPA)
• Profiling for targeting
You may manage cookies in your browser settings.
We retain personal information only as long as necessary for stated purposes, unless law requires longer retention.
| Category | Retention Period | Rationale |
|------------------------------------------ |--------------------------------------------------------|------------------------------------------------------------------ |
| Identifiers & Professional Info | 3 years after last active use. | Active account + statute of limitations |
| Education Info | Duration of account + 1 year | Course history and alumni records |
| Login/Credentials | Duration of active account | Account authentication only |
| Payment Info | 7 years | Tax and financial record-keeping (IRS) |
| Video/Audio Recordings | 12 months from course completion | Educational playback; automatic deletion after |
| Internet/Platform Activity | 12 months | Analytics, security audits, fraud investigation |
| Support Communications | 2 years | Dispute resolution, reference |
| Marketing Consent Records | Duration of account + 3 years | Compliance proof for email regulations |
Extended Retention:
We may retain data longer if:
• Required by law (tax, legal, regulatory)
• Necessary to resolve disputes or enforce agreements
• Protecting our legal rights or security
• Complying with law enforcement requests
No Sale of Data
We do NOT sell your personal information for monetary or valuable consideration. We do not receive money or anything of value in exchange for personal data.
No Sharing for Advertising
We do NOT "share" your personal information with third parties for cross-context behavioral advertising (as defined by CCPA).
Global Privacy Control (GPC)
If your browser or device sends a Global Privacy Control (GPC) signal, we treat it as a valid request to opt out of sale or sharing of personal information, where applicable.
Opt-Out of Marketing
Unsubscribe from marketing emails via the link in any email or by contacting privacy@continualcv.com.
As a California resident, you have the following rights:5.1 RIGHT TO KNOW / ACCESS (CCPA § 1798.100)
You may request:
• Categories of personal information we've collected (since January 1, 2022)
• Specific pieces of personal information we hold about you
• Sources from which information was collected
• Business purposes for collection and use
• Categories of third parties with whom we share information
Response: We provide data within 45 days in a portable, machine-readable format (CSV/JSON).
5.2 RIGHT TO DELETE (CCPA § 1798.105)
You may request deletion of personal information, subject to legal exceptions:
We MAY retain data if necessary to:
• Complete transactions (course completion, payment)
• Detect security incidents or fraud
• Comply with legal obligations (tax records, 7 years)
• Enable internal uses reasonably aligned with your expectations
• Exercise free speech rights
Note: We always retain financial records for 7 years per IRS requirements.
Response: We process deletions within 45 days (with exceptions noted above).
5.3 RIGHT TO CORRECT (CCPA § 1798.120)
You may request correction of inaccurate personal information.
How: Email privacy@continualcv.com with the incorrect information and the correction.
Response: We update records within 30 days and notify you of correction.
5.4 RIGHT TO LIMIT USE OF SENSITIVE PERSONAL INFORMATION (CPRA § 1798.121)
You may request that we limit use of SPI (login credentials) to essential purposes only.
Per our policy, SPI is already limited to authentication and security. We do not use it for profiling or advertising anyway. This right affirms your control.
5.5 RIGHT TO OPT-OUT (CCPA § 1798.120)
You may opt-out of:
• Marketing emails (click unsubscribe link or email privacy@continualcv.com)
• Analytics and performance monitoring (disable in browser settings)
• Cookies (manage in browser settings)
5.6 RIGHT TO NON-DISCRIMINATION (CCPA § 1798.125)
We will NOT discriminate against you for exercising your privacy rights.
We will NOT:
• Deny you services
• Charge you different prices
• Provide different quality of service
• Penalize you for making a request
If you are located in the European Union, United Kingdom, or other GDPR jurisdictions, you have the following rights:
6.1 LEGAL BASIS FOR PROCESSING (GDPR Article 6)
We process your personal data based on:
1. Contract (Article 6(1)(b))
• Processing necessary to perform the services contract (course delivery, payment processing, certificate issuance)
• Includes: Creating account, billing, course access, customer support
2. Consent (Article 6(1)(a))
• Marketing emails (you can withdraw anytime)
• Recording consent for live sessions (you can opt-out by not participating)
• Third-party tool integrations (disclosed at signup)
• You may withdraw consent anytime via unsubscribe link or email
3. Legitimate Interest (Article 6(1)(f))
• Platform security and fraud prevention
• Improvement and optimization of Services
• Analytics and performance monitoring
• User experience personalization
• Protecting our legal rights
We balance your rights against our interests; processing only when balance justifies it.
4. Legal Obligation (Article 6(1)(c))
• Tax and financial record-keeping (7 years, required by law)
• Court orders or government requests
• Fraud investigation and law enforcement
6.2 RIGHT OF ACCESS (GDPR Article 15)
Request a copy of all personal data we hold about you.
Format: Machine-readable export (CSV/JSON).
Timeline: 30 days (may extend to 60 days for complex requests).
6.3 RIGHT TO RECTIFICATION (GDPR Article 16)
Request correction of inaccurate or incomplete data.
Timeline: 30 days.
6.4 RIGHT TO ERASURE / RIGHT TO BE FORGOTTEN (GDPR Article 17)
Request deletion of personal data.
EXCEPTIONS (we may retain data):
• Data necessary to perform the contract (can't delete active account data)
• Compliance with legal obligations (tax records, 7 years)
• Establishment, exercise, or defense of legal claims
• Completion of educational mission (may retain course records)
Timeline: 30 days (subject to exceptions above).
6.5 RIGHT TO RESTRICT PROCESSING (GDPR Article 18)
Request that we limit how we use your data without deleting it.
Example: If you dispute accuracy, you may restrict processing while we investigate.
Timeline: 30 days.
6.6 RIGHT TO DATA PORTABILITY (GDPR Article 20)
Request your data in a structured, portable format (CSV/JSON) for transfer to another provider.
Includes: Profile information, course history, submissions, grades (if applicable).
Timeline: 30 days.
6.7 RIGHT TO OBJECT (GDPR Article 21)
Object to processing for marketing or profiling.
How: Click "unsubscribe" in marketing emails or email privacy@continualcv.com.
Timeline: Immediate.
6.8 RIGHTS RELATED TO AUTOMATED DECISION-MAKING (GDPR Article 22)
You have the right to human review for automated decisions that have legal or similarly significant effects.
How this applies to us:
Refund decisions may be assessed automatically (% of content accessed, session attendance, etc.).
Your right: Request human review if you disagree.
How to request: Email billing@continualcv.com with subject "Refund Appeal – Human Review"
Include: Order number, reason for appeal, circumstances.
Timeline: 5 business days for human review and written decision.
6.9 RIGHT TO LODGE A COMPLAINT (GDPR Article 77)
If you believe we violate GDPR, you may file a complaint with your national Data Protection Authority (DPA) without penalty:
By Country:
• Austria: Österreichische Datenschutzbehörde (dsb.gv.at)
• Belgium: Autorité de Protection des Données (autoritelespd.be)
• Bulgaria: Commission for Personal Data Protection (cpdp.bg)
• Croatia: Croatian Personal Data Protection Agency (azop.hr)
• Cyprus: Commissioner for Personal Data Protection (dataprotection.gov.cy)
• Czech Republic: Office for Personal Data Protection (uoou.cz)
• Denmark: Datatilsynet (datatilsynet.dk)
• Estonia: Data Protection Inspectorate (aki.ee)
• Finland: Office of the Data Protection Ombudsman (tietosuoja.fi)
• France: Commission Nationale de l'Informatique et des Libertés (cnil.fr)
• Germany: Bundesdatenschutzbeauftragte (bfdi.bund.de)
• Greece: Hellenic Data Protection Authority (apdp.gr)
• Hungary: National Data Protection Authority (naih.hu)
• Ireland: Data Protection Commission (dataprotection.ie)
• Italy: Garante per la Protezione dei Dati Personali (garanteprivacy.it)
• Latvia: Data State Inspectorate (dvi.gov.lv)
• Lithuania: State Data Protection Inspectorate (ada.lt)
• Luxembourg: Commission Nationale pour la Protection des Données (cnpd.lu)
• Malta: Office of the Information & Data Protection Commissioner (idpc.gov.mt)
• Netherlands: Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl)
• Poland: Urząd Ochrony Danych Osobowych (uodo.gov.pl)
• Portugal: Comissão Nacional de Proteção de Dados (cnpd.pt)
• Romania: National Authority for Supervision of Personal Data Processing (autoritatea.cnpdp.ro)
• Slovakia: Office for Personal Protection of Data (nrsr.sk)
• Slovenia: Information Commissioner (ip-rs.si)
• Spain: Autoridad de Protección de Datos (aepd.es)
• Sweden: Datainspektionen (datainspektionen.se)
• UK: Information Commissioner's Office (ico.org.uk)
Right to Compensation (Article 82): You have the right to compensation for material or non-material damages caused by GDPR violations. This right is preserved and not limited by any arbitration or dispute resolution clause in our Terms.
If you are located in the United Kingdom, your data is protected under UK GDPR (which largely mirrors EU GDPR post-Brexit, with some amendments).
All rights listed under "GDPR RIGHTS" section above apply to UK residents.
Regulatory Authority:
File complaints with the Information Commissioner's Office (ICO):
• Website: https://ico.org.uk/
• Phone: +44 (0)303 123 1113
Data Transfers:
We transfer data under:
• UK-recognized International Transfer Mechanisms
• Standard Contractual Clauses (SCCs) for transfers to US/non-adequacy countries
• UK Adequacy Decisions (where available)
If you are a resident of the following US states, these additional rights apply:
8.1 VIRGINIA (VCDPA) – Effective January 1, 2025
Your Rights:
1. Right to Know – Access categories and specific pieces of data
2. Right to Delete – Request deletion (with legal exceptions)
3. Right to Correct – Request inaccurate data correction
4. Right to Opt-Out – Opt-out of profiling and targeted advertising
5. Right to Obtain Copy – Data in portable, machine-readable format
6. Right to Appeal – Appeal our decisions
How to Exercise: Contact privacy@continualcv.com
Timeline: 45 days
Non-Discrimination: We will not penalize you for exercising these rights
8.2 COLORADO (CPA) – Effective July 1, 2023
Your Rights:
7. Right to Know – Access data we collect
8. Right to Delete – Request deletion (with exceptions)
9. Right to Correct – Correct inaccurate data
10. Right to Portability – Receive data in portable format
11. Right to Opt-Out – Opt-out of profiling, targeted ads, and automated decision-making
12. Right to Appeal – Appeal our decisions
How to Exercise: Contact privacy@continualcv.com
Timeline: 45 days
8.3 CONNECTICUT (CTDPA) – Effective July 1, 2025
Your Rights:
Similar to Colorado CPA above:
13. Right to Know
14. Right to Delete
15. Right to Correct
16. Right to Portability
17. Right to Opt-Out (profiling, targeting, automated decision-making)
18. Right to Appeal
How to Exercise: Contact privacy@continualcv.com
Timeline: 45 days
8.4 UTAH (UCPA) – Effective December 31, 2023
Your Rights:
19. Right to Know – Access data we collect
20. Right to Delete – Request deletion
21. Right to Correct – Request corrections
22. Right to Portability – Receive data in portable format
23. Right to Opt-Out – Profiling, targeted ads, and automated decision-making
24. Right to Appeal – Appeal our decisions
How to Exercise: Contact privacy@continualcv.com
Timeline: 45 days
8.5 AUTHORIZED AGENT
You may designate an authorized agent (family member, lawyer) to submit a request on your behalf.
We require:
• Written authorization from you
• Proof of agent's authority
• Verification of your identity
9.1 GENERAL POLICY
The Services are intended for users 18 years and older.
We do NOT knowingly collect personal information from children under 13.
If we become aware that a child under 13 has provided information, we will:
• Delete the information immediately
• Notify the parent/guardian
• Comply with COPPA requirements
If you are a parent/guardian and believe your child under 13 has accessed our Services, contact privacy@continualcv.com immediately.
9.2 USERS AGED 13–17
If you are between 13–17 years old, you may use the Services with parental/guardian permission.
Special protections apply:
• We collect minimal data
• We do NOT use data for advertising or profiling
• No cookies for behavioral tracking
• Parental access to child's data available
For parental consent/access: Contact privacy@continualcv.com
10.1 DATA PROCESSORS
We share data with the following processors for essential business functions:
| Processor | Purpose | Location | Privacy Framework |
|-----------|---------|----------|-------------------|
| LearnWorlds | Platform hosting & course delivery | US/EU | DPA in place; GDPR compliant |
| Stripe | Payment processing | US | DPA in place; PCI DSS Level 1 |
| PayPal | Payment processing | US | DPA in place |
| Zoom | Video conferencing | US | DPA in place; GDPR SUP |
| Google Workspace | Email, calendar, docs | US | Google Cloud Data Processing Amendment |
| Google Colab | Code execution environment | US | Google Cloud GDPR terms |
| GitHub | Repository hosting | US | GitHub Data Protection Addendum |
| Google Analytics | Usage analytics | US | Google Analytics Data Processing Terms |
| Mixpanel | Event analytics | US | Data Processing Agreement |
All processors have Data Processing Agreements (DPAs) in place requiring:
• GDPR/UK GDPR compliance
• Confidentiality and security obligations
• No processing beyond our instructions
• Subprocessor notification
• Data subject rights support
10.2 INTERNATIONAL DATA TRANSFERS (EU/UK to US)
Legal Mechanism:
Your data may be transferred to the United States for processing by the Company and third-party processors.
We transfer data via Standard Contractual Clauses (SCCs) as approved by the European Commission, which provide adequate safeguards equivalent to GDPR.
Supplementary Safeguards:
• Encryption in transit (HTTPS/TLS)
• Encryption at rest (AES-256)
• Data minimization (collect only necessary data)
• Regular security assessments
• Access controls and authentication
• Incident response procedures
Your Rights:
You have the right to challenge data transfers:
• Contact your national Data Protection Authority (DPA)
• Or contact us: privacy@continualcv.com
If we cannot ensure adequate protection in a receiving country, we will not transfer data or will implement additional safeguards.
10.3 DATA NOT SHARED
We do NOT share your personal information with:
• Marketing or advertising networks (no sales or sharing)
• Data brokers
• Political campaigns
• Non-essential third parties
11.1 SECURITY MEASURES
We implement industry-standard security:
• SSL/TLS encryption for data in transit
• AES-256 encryption for data at rest
• Secure authentication (email + password, optional 2FA)
• Regular security audits and penetration testing
• Employee access controls and confidentiality agreements
• Secure backup and disaster recovery procedures
11.2 BREACH NOTIFICATION
If a data breach occurs, we will:
• Notify affected individuals within 30 days (GDPR requirement)
• Notify relevant authorities if required by law
• Provide details about the breach and our response
How you'll be notified: Email to the address on your account.
12.1 DATA PROTECTION OFFICER (DPO)
For questions about our privacy practices or GDPR compliance:
Email: dpo@continualcv.com
Note: DPO inquiries are handled separately from privacy requests.
12.2 PRIVACY REQUESTS (CCPA, GDPR, VCDPA, etc.)
For formal privacy rights requests (access, deletion, portability, etc.):
Email: privacy@continualcv.com
Include:
• Your full name
• Email address
• Specific request (access, delete, correct, portability, etc.)
• Supporting details (optional)
Timeline: 30–45 days depending on request type and jurisdiction.
Identity Verification:
We verify your identity by matching information you provide with our records.
No Retaliation:
We will not retaliate, penalize, or discriminate against you for exercising your privacy rights.
The Services may contain links to third-party websites, apps, and services (e.g., external learning resources, news articles).
We are NOT responsible for the privacy practices of third-party services.
Review their privacy policies before providing your information.
We may update this Privacy Policy from time to time.
Material changes (new data processing, expanded uses, removal of rights) will be communicated via:
• Email notification at least 30 days before change takes effect
• Updated policy posted on our website
Your continued use constitutes acceptance of the updated policy.
Privacy & GDPR Questions:
Email: privacy@continualcv.com
Data Protection Officer (DPO):
Email: dpo@continualcv.com
Billing/Refund Questions:
Email: billing@continualcv.com
General Inquiries:
Email: legal@continualcv.com
Business Address:
Continual CV LLC, 10080 N Wolfe Rd STE SW3200, Cupertino, California, USA
Response Time: 30 days for privacy rights requests; 3–5 business days for general inquiries
California Residents:
California Attorney General, Privacy Enforcement & Protection Unit
caag.databreachnotification@doj.ca.gov
Virginia Residents:
Virginia Attorney General
https://www.oag.state.va.us/
Colorado Residents:
Colorado Attorney General
https://coag.gov/
Connecticut Residents:
Connecticut Attorney General
https://portal.ct.gov/ag/
Utah Residents:
Utah Attorney General
https://attorney.general.utah.gov/
---
END OF PRIVACY POLICY
Last updated January 3, 2026. Print or save a copy for your records.
