Privacy Policy — Kernel Pop Learning

At Kernel Pop Learning, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and share information when you use our platform at kernelpopos.polsia.app and kernelpop.pro (collectively, the "Service").

In Short: We collect information necessary to operate the platform, provide training services, and track employee progress. We do not sell your data. Employer admins can view their own organization's data.

1. Information We Collect

Account & Profile Information

When you create an account or are invited by your employer, we collect:

Personal identifiers: Name, email address, role/title, company/organization name
Authentication credentials: Password (stored encrypted), login sessions
Organization data: Company name, department, employee roster (for employer accounts)

Employee Data (Uploaded by Employers)

Employers may upload employee information via CSV invitations or manual entry, including:

Employee names and email addresses
Job titles, departments, locations
Invitation status and onboarding progress

Learning & Progress Data

To provide training and track completion, we collect:

Course activity: Videos watched, lessons completed, time spent
Quiz responses: Answers submitted, scores, pass/fail status
Completion records: Badges earned, certificates issued, timestamps
Progress tracking: Current lesson, module progress, overall completion percentage

Content Uploads

Users and employers may upload files to the platform, including:

Training materials: Videos (MP4), PDFs, documents (Word, text files)
Resumes: PDF uploads for resume review features
E-signatures: Digital signatures and acceptance records for compliance documents

Usage & Analytics Data

We automatically collect information about how you use the Service:

Device information: Browser type, operating system, device model
Usage patterns: Pages visited, features used, time on platform
Performance data: Load times, errors, technical diagnostics
Location data: General location (city/region) based on IP address

Cookies & Tracking Technologies

We use cookies, session storage, and local storage to:

Keep you logged in across sessions
Remember your preferences and settings
Track analytics and usage patterns
Improve platform performance and user experience

2. How We Use Your Information

We use the information we collect to:

Provide the Service: Deliver training content, track progress, issue certificates
Account management: Create accounts, authenticate users, manage subscriptions
Employer dashboards: Enable admins to view their organization's progress and completion data
Communication: Send account notifications, training reminders, platform updates
Analytics: Understand usage patterns, improve features, optimize content delivery
Compliance: Maintain records for e-signatures, completion tracking, audit trails
Support: Respond to help requests, troubleshoot issues, provide customer service
Legal obligations: Enforce terms of service, prevent fraud, comply with legal requirements

3. How We Share Your Information

Within Your Organization

Employer admins can view data for employees in their organization, including:

Course completion status and progress
Quiz scores and pass rates
Badges earned and certificates issued
Time spent on training activities
Login history and last activity dates

Service Providers

We share data with trusted third-party providers who help us operate the platform:

Hosting & infrastructure: Render.com (application hosting), Neon (database hosting)
File storage: Cloudflare R2 (video, PDF, document storage)
Email delivery: Postmark (transactional emails, notifications)
Payment processing: Stripe (subscription payments, billing)
AI services: OpenAI (resume analysis, content generation)
Analytics: Polsia Analytics (usage tracking, performance monitoring)

Legal Requirements

We may disclose information if required by law, including:

In response to valid legal requests (subpoenas, court orders)
To protect our rights, property, or safety
To investigate fraud or security incidents
To comply with regulatory obligations

Business Transfers

If Kernel Pop Learning is acquired or merged with another company, your information may be transferred to the new owners as part of the transaction.

We do not sell your data. We never sell, rent, or share your personal information with third parties for their marketing purposes.

4. Data Storage & Security

Where We Store Your Data

Your information is stored on secure servers in the United States:

Database: PostgreSQL on Neon (US region)
Application: Hosted on Render.com (US data centers)
File storage: Cloudflare R2 (distributed CDN with US primary storage)

Security Measures

We implement industry-standard security practices to protect your data:

Encryption: HTTPS/TLS for data in transit, encrypted storage for passwords
Access controls: Role-based permissions, multi-factor authentication available
Monitoring: Automated security alerts, regular vulnerability scans
Data isolation: Organization data is logically separated and access-controlled

While we take security seriously, no system is 100% secure. We cannot guarantee absolute security of your information.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services:

Active accounts: Data retained for the duration of your subscription
Deleted accounts: Personal data deleted within 30 days of account closure
Compliance records: E-signatures and completion certificates retained for 7 years (regulatory requirement)
Analytics data: Aggregated, anonymized data may be retained indefinitely
Backups: Deleted data may persist in backups for up to 90 days

6. Your Rights & Choices

Access & Correction

You can access and update your personal information through your account settings or by emailing stephen.greer@kernelpop.app.

Data Deletion

You may request deletion of your account and personal data by contacting us. Note that:

Compliance records (e-signatures, completion certificates) may be retained as required by law
Aggregated, anonymized data may remain in our analytics
Employer admins cannot delete employee records while employees have active accounts

Communication Preferences

You can opt out of marketing emails via unsubscribe links. You cannot opt out of essential service notifications (password resets, security alerts, subscription changes).

Cookie Management

Most browsers allow you to control cookies through settings. Disabling cookies may limit platform functionality (you may not be able to stay logged in).

California Residents (CCPA)

If you are a California resident, you have the right to:

Know: Request disclosure of what personal information we collect and how we use it
Delete: Request deletion of your personal information (with certain exceptions)
Opt-out: We do not sell personal information, so there is no opt-out required
Non-discrimination: We will not discriminate against you for exercising your privacy rights

European Residents (GDPR)

If you are in the European Economic Area (EEA) or UK, you have additional rights:

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion ("right to be forgotten")
Portability: Receive your data in a structured, machine-readable format
Restriction: Limit how we process your data
Objection: Object to processing based on legitimate interests

To exercise these rights, contact us at stephen.greer@kernelpop.app. We will respond within 30 days.

7. Third-Party Services

Our platform integrates with third-party services that have their own privacy policies:

OpenAI: AI-powered resume analysis (see OpenAI Privacy Policy)
Stripe: Payment processing (see Stripe Privacy Policy)
Postmark: Email delivery (see Postmark Privacy Policy)

We are not responsible for the privacy practices of third-party services. Please review their policies independently.

8. Children's Privacy

Kernel Pop Learning is a workplace training platform intended for employees of subscribing organizations. The Service is not designed for or directed at children under 13. We do not knowingly collect personal information from children under 13.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at stephen.greer@kernelpop.app and we will delete it.

9. International Data Transfers

Kernel Pop Learning operates in the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

We comply with applicable data protection laws when transferring data internationally.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via:

Email notification to account holders
In-app notification banner
Announcement on the platform homepage

Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your personal information, contact us:

Kernel Pop Learning
Privacy Inquiries
Email: stephen.greer@kernelpop.app
Website: kernelpop.pro

This Privacy Policy was last updated on March 3, 2026.