Legal

Privacy Policy

Last updated: March 2026

Tristar Academy ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered learning management platform.

1. Information We Collect

We collect information you provide directly when you create an account, enroll in courses, or contact us. This includes:

  • Account information: name, email address, job title, company name
  • Profile data: skills, certifications, training history
  • Usage data: courses accessed, progress, assessment results, time spent
  • Communication data: support tickets, chat messages, feedback
  • Payment information: billing address, payment method details (processed by our payment providers — we do not store full card numbers)
  • Device and access data: IP address, browser type, device information, access timestamps

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our learning management platform
  • Personalise learning paths using our AI-powered recommendation engine
  • Conduct AI-driven competency gap analysis for your organisation
  • Generate reports and analytics for administrators
  • Process payments and manage subscriptions
  • Send service notifications, updates, and support communications
  • Ensure platform security and prevent fraud
  • Comply with legal obligations

3. AI-Powered Features & Data Processing

Tristar Academy uses artificial intelligence to enhance the learning experience. Our AI systems analyse training data, assessment results, and skill profiles to generate personalised learning paths and competency analyses. All AI processing is performed on secure servers, and AI-generated insights are used solely to improve educational outcomes. You may opt out of AI-powered personalisation by contacting your organisation's administrator.

4. Data Sharing & Third Parties

We do not sell your personal data. We share information only in the following circumstances:

  • With your employer/organisation: Administrators can access training progress, assessment results, and compliance data for employees within their organisation
  • Service providers: We use trusted third-party services for hosting, analytics, payment processing, and email delivery — all bound by data processing agreements
  • Legal requirements: We may disclose data when required by law, regulation, or legal process
  • Business transfers: In the event of a merger, acquisition, or sale, user data may be transferred as part of the transaction

5. Data Security

We implement industry-standard security measures to protect your data, including:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Role-based access control (RBAC) with multi-factor authentication
  • Regular security audits and penetration testing
  • Automated backup with point-in-time recovery
  • SOC 2 Type II compliance programme

6. GDPR Compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). Our lawful bases for processing include: performance of contract (providing our service), legitimate interests (improving our platform and ensuring security), consent (for optional features like AI personalisation), and legal obligations (compliance reporting). You have the right to access, rectify, erase, restrict processing, port your data, and object to processing.

7. MENA Data Residency

For customers in the Middle East and North Africa region, we offer data residency options. Your data can be stored and processed within MENA-region data centres upon request. We comply with applicable data protection regulations in the UAE, Saudi Arabia, and other GCC countries. Enterprise customers may specify data residency requirements in their service agreement.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Export your data in a portable format
  • Withdraw consent for optional data processing
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at privacy@tristar-academy.com or through your organisation's administrator.

9. Cookies

We use cookies and similar technologies to maintain your session, remember preferences, and analyse usage patterns. Essential cookies are required for the platform to function. Analytics and preference cookies can be managed through our cookie consent banner. For full details, see the cookie preferences available on every page.

10. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. When an organisation's subscription ends, we retain data for 90 days before permanent deletion, unless a longer retention period is required by law. You may request early deletion by contacting us.

11. Children's Privacy

Tristar Academy is designed for corporate and organisational use. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through a notice on our platform. Continued use of Tristar Academy after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

  • Email: privacy@tristar-academy.com
  • Address: Tristar Middle East, Dubai, United Arab Emirates
  • Data Protection Officer: dpo@tristar-academy.com