SEVER
Academy

Privacy Policy

Last updated: March 23, 2026

Introduction

Severo Academy ("we", "us", or "our") operates the severo-academy.com website and platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.

By accessing or using Severo Academy, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services.

Information We Collect

Account Information

When you create an account, we collect your full name, email address, and a password (stored in hashed form). If you sign in with Google, we receive your name, email, profile picture, and an authentication token from Google.

Session and Device Data

When you sign in, we automatically collect your IP address, browser user agent, and session token to maintain your authenticated session and protect against unauthorized access.

Google Calendar Data (Teachers)

If you are a teacher and connect your Google Calendar, we access your calendar events to synchronize class availability. We store Google OAuth tokens (access and refresh) to maintain this connection. We only access calendar event data within the scope you authorize.

Usage and Platform Data

We collect data generated through your use of the platform, including class bookings and attendance history, course enrollment and lesson progress, teacher feedback and notes on lessons, credit transactions (credits earned, spent, and refunded), and push notification subscription endpoints.

Uploaded Files

Teachers and administrators may upload course materials (books, certificates, feedback images). These files are stored securely on our cloud infrastructure and associated with the relevant course or lesson.

Contact Form Data

Our student and teacher interest forms generate a pre-filled WhatsApp message. The form data (name, email, phone, preferences) is not stored on our servers β€” it is sent directly to WhatsApp when you submit the form.

Game and Gamification Data

If you use Royal Quest, we collect and store your game progress data, including hearts, points, streaks, session results, challenge-level progress, quest completions and claims, and leaderboard entries. This data is used to operate the gamified learning feature and track your practice progress.

Subscription Data

We store your current subscription plan, plan start date, and any capability overrides applied by administrators. For Royal Quest trial users, we also store the trial start date to determine trial expiration.

Cookies and Local Storage

We use the following cookies and browser storage mechanisms:

  • Session cookie β€” maintains your authenticated session
  • Locale cookie (severo-locale) β€” stores your language preference
  • Timezone cookie (severo-tz) β€” stores your timezone for accurate class scheduling
  • Local storage β€” stores your language preference and push notification endpoint

We do not use advertising or tracking cookies. The only analytics we use are Vercel Analytics and Vercel Speed Insights, which collect anonymized performance data.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our platform and services
  • Process class bookings, cancellations, and credit transactions
  • Synchronize teacher availability with Google Calendar
  • Send push notifications about bookings, cancellations, and course updates
  • Track course progress and deliver teacher feedback
  • Operate the Royal Quest gamified learning feature, including tracking progress, awarding points, and managing leaderboards
  • Manage subscription plans and determine feature access based on your plan tier
  • Communicate with you about your account and our services
  • Ensure platform security and prevent unauthorized access
  • Generate anonymized analytics to improve performance

Third-Party Services

We share your information with the following third-party service providers, solely to operate our platform:

Google

Authentication (OAuth), Google Calendar API for teacher scheduling, Google Meet for live classes, and Google Fonts for typography.

Vercel

Website hosting, Vercel Analytics (anonymized usage metrics), and Vercel Speed Insights (performance monitoring).

Neon

Cloud PostgreSQL database hosting where your account and platform data is stored.

Cloudflare

R2 object storage for course materials, certificates, and feedback images.

Web Push (Browser Vendors)

Push notification delivery through your browser's native push service (e.g., Google FCM, Mozilla Push Service, Apple Push).

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide our services. Class booking history and credit transactions are retained for record-keeping purposes.

If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our terms).

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Passwords stored using industry-standard hashing algorithms
  • HTTPS encryption for all data in transit
  • HTTP security headers (HSTS, X-Frame-Options, Referrer-Policy, and others)
  • Secure, authenticated API endpoints for all data access
  • OAuth tokens stored server-side and never exposed to the browser

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access β€” request a copy of the personal data we hold about you
  • Rectification β€” request correction of inaccurate or incomplete data
  • Erasure β€” request deletion of your personal data
  • Data portability β€” request your data in a structured, machine-readable format
  • Objection β€” object to certain processing of your personal data
  • Restriction β€” request that we limit how we process your data

To exercise any of these rights, please contact us at anasevero.edu@gmail.com. We will respond to your request within 30 days.

Children's Privacy

Severo Academy is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

International Data Transfers

Your data may be processed and stored in countries outside your country of residence, including the United States and the European Union, through our third-party service providers. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: anasevero.edu@gmail.com