Privacy & Compliance
This policy explains how FGTA collects, uses, stores, and protects information when you visit our website or use the student portal. We aim to keep data minimal, secure, and purpose-limited.
1) What we collect
We collect data necessary to operate the FGTA website and student learning workflows. This includes:
- Account & profile data: name(s), email, phone, country, and optional profile photo (stored as a file path).
- Authentication/security data: password hashes, session metadata used to protect accounts from hijacking.
- Learning activity: enrollments, module progress, quiz/exam attempts, and completion outcomes.
- Payments: manual payment details and Proof of Payment uploads (stored as file paths, not database file blobs).
- Certificates: certificate status, serial/verification data, and certificate verification checks.
- Practical bookings: booking requests, status changes, approvals/rejections, and related instructions.
- Notifications: messages sent to students about payments, certificates, bookings, and system updates.
- Technical logs: limited server logs for debugging, security, and performance.
2) What we do not intentionally collect
- We do not request sensitive identity attributes (e.g., religion, political views) for portal operation.
- We do not store passwords in plain text.
- We do not store uploaded images as database blobs; we store file paths.
3) How we use your data
We use data only for legitimate training and service operations, including:
- Creating and managing student accounts and sessions.
- Delivering training modules and enforcing learning gates (practice quizzes/exams and pass thresholds).
- Processing and verifying manual payments and unlocking certificates where applicable.
- Managing practical sessions and bookings (eligibility checks, seat limits, approvals/rejections).
- Generating certificates and supporting public verification checks.
- Displaying portal notifications about your status and actions.
- Security monitoring, fraud prevention, troubleshooting, and performance improvements.
4) Legal basis (practical terms)
- Contract / service delivery: to provide training and certification workflows you request.
- Consent: for optional features (e.g., profile photo upload) and communications where applicable.
- Legitimate interests: security, fraud prevention, and maintaining platform integrity.
- Compliance: where required by law or industry obligations.
5) Payment proof uploads (PoP)
If you upload Proof of Payment, the file is used strictly for verification. We store the file on the server and store only the file path in the database. Access is restricted to authorized staff for verification and audit purposes.
- Do not upload unrelated documents or sensitive items not required for verification.
- We may retain PoP records to resolve disputes, prevent fraud, and support audit requirements.
6) Certificates and public verification
FGTA may provide a public certificate verification feature using a Certificate ID or verification mechanism. Verification checks may be logged to protect the integrity of certificates and detect abuse.
Use the verification page: Certificate Verification.
7) Cookies and sessions
The student portal uses session cookies to keep you signed in and protect your account. We apply standard cookie security attributes where possible (e.g., HttpOnly and SameSite) and use defensive session techniques to reduce hijacking risk.
8) Data sharing
We do not sell your personal data. We may share data only when necessary:
- With authorized administrators/verification staff for portal operations.
- With service providers strictly for hosting or technical operations (where applicable) under confidentiality.
- If required by law, court order, or to protect rights/safety and prevent fraud.
9) Data retention
We retain data for as long as needed to deliver training services, maintain certifications, and meet legal/security obligations. Examples:
- Account data: retained while your account is active and as needed afterward for records.
- Certificates: may be retained long-term to support verification and fraud prevention.
- Payments & PoP: retained as needed for verification and dispute handling.
- Logs: retained for a limited period based on operational needs.
10) Security measures (high level)
- Passwords stored as secure hashes (never in plain text).
- Input sanitization.
- Restricted access to uploaded files and operational records.
- Audit-style logging may be used for sensitive admin actions.
11) Your rights
Depending on applicable law, you may request:
- Access to your personal data.
- Correction of inaccurate profile data.
- Deletion or restriction of data where legally appropriate.
- Help with account security or suspected unauthorized access.
For practical requests, contact support (placeholders may be updated later): Contact.
12) Children’s privacy
FGTA training services are intended for individuals who can lawfully consent to training and service agreements. If you believe a minor is using the portal without appropriate consent, contact support.
13) Changes to this policy
We may update this policy from time to time. Continued use of the website or portal means you accept the updated policy. For registered students, updated terms/policy versions may be tracked during registration/acceptance workflows.