Privacy Policy

We collect information you provide directly, including your name, email address, professional license number, and learning activity data. This includes:

• Account registration details (name, email, password hash)
• Learning progress (lessons completed, time spent, quiz scores)
• Identity verification data (license number, last four SSN digits — required for CE certificate issuance only)
• Compliance audit records (enrollment events, certificate requests)
• xAPI learning statements (activity verbs, object identifiers, results)
• Cookies and localStorage tokens for authentication and session persistence

We use your data to:

• Deliver and personalize your learning experience
• Issue CE certificates and report completion to accrediting bodies
• Maintain tamper-evident compliance audit logs
• Improve course content and platform performance
• Comply with continuing education regulatory requirements in your jurisdiction

We do not sell your personal data to third parties. Identity verification data is stored encrypted and accessed only for certificate issuance.

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right to access — Request a copy of all personal data we hold about you. Use the Settings → Download my data feature for an instant export.
• Right to erasure — Request deletion of your account and associated personal data. Use Settings → Delete my account or contact us.
• Right to data portability — Receive your data in a machine-readable JSON format via the data export feature.
• Right to rectification — Correct inaccurate personal data via your account settings or by contacting us.
• Right to restrict processing — Request that we limit how we use your data while a dispute is resolved.
• Right to object — Object to processing based on legitimate interests.

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

• Right to know — Know what personal information we collect, use, disclose, or sell.
• Right to delete — Request deletion of personal information we have collected, subject to certain exceptions.
• Right to opt-out of sale — We do not sell personal information. You may still submit an opt-out request at privacy@guidian.io.
• Right to non-discrimination — We will not discriminate against you for exercising your CCPA rights.

We retain compliance audit logs for seven years to satisfy regulatory requirements for continuing education records. Account data is deleted within 30 days of a verified deletion request, except where retention is required by law.

We use localStorage tokens for authentication and session persistence. Declining cookies in the consent banner prevents analytics tracking but does not affect core learning functionality or certificate issuance.

To exercise any of these rights or for questions about this policy, contact our privacy team: