Privacy Policy

Last updated: March 27, 2026

1. Data we collect

When you create an account, we collect your first name, last name, email address, and optional phone number and country code. We also store your course progress, payment records, professional title where provided, and any profile avatar you upload. Lesson comments and notifications you generate are stored with your account.

2. How we use your data

Your data is used to run DrVoice Academy: accounts, courses, progress, payments, and essential communications. We do not sell your personal data.

3. Data storage and security

Application data is stored in a MongoDB database (hosted on MongoDB Atlas). Passwords are hashed (bcrypt) and never stored in plain text. The site is served over HTTPS. We use security headers, rate limiting, input sanitisation, and safe database access patterns.

User-uploaded files (for example avatars, course images, lesson videos or documents) may be stored on disk on our servers or, when configured, on Amazon S3 and served via HTTPS.

4. Your rights (GDPR)

If the GDPR applies to you, you have rights including:

• Access and a copy of your data (including export from your profile where available)
• Rectification via your profile
• Erasure or restriction in line with our legal obligations
• Objection or complaint to a supervisory authority

Account deletion and data handling are described in the retention section below.

5. Cookies

We use an essential, HTTP-only cookie to keep you signed in (session token). We do not use third-party advertising or analytics cookies on this basis.

6. Processors and other services

Under the GDPR we must tell you who else may process data on our behalf or receive technical data when you use the site. This includes:

• MongoDB Atlas — hosts our database (personal data you provide and activity we store).
• Amazon Web Services (S3) — when enabled, stores uploaded files (e.g. media you upload or course content); otherwise uploads stay on our infrastructure.
• Fonts and libraries — we load fonts (e.g. Google Fonts) and scripts or styles from CDNs such as Cloudflare (cdnjs), jsDelivr, and unpkg. Your browser may send standard technical data (such as IP address) to those providers when assets load. Font Awesome icons are loaded from a CDN.

Maps or embedded resources on specific pages (for example admin visit maps) may load tiles or assets from providers such as OpenStreetMap-related hosts as referenced in our security configuration. Those requests are typical browser requests and may include IP addresses.

7. Data retention

We keep your data while your account is active. If you delete your account, we anonymise personal identifiers as implemented in our application. Some records may be kept in a minimal or anonymised form where the law requires (for example around payments).

8. Contact

For privacy questions or requests, use your Profile when you are logged in. If you are not logged in, contact the administrator of this website.