What we collect,
and why.

• Account data: your name, email address, and a hashed copy of your password. Optional profile fields (title, bio, avatar URL) for instructors.
• Enrollment + payment metadata: courses you enrol in, the phone number you paid from (Zaad), the aggregator's transaction reference, the amount paid, and the status of the payment. We do not see or store your Zaad PIN.
• Learning activity: which lessons you've completed, lessons you've bookmarked, notes you've taken, and certificates issued to you.
• Operational logs: IP address, user agent, and request timestamps for security and debugging. These are retained on our hosting provider's logs (Vercel) and rotated per their schedule.

We use your information to deliver the service: authenticate you, unlock the courses you've paid for, track your progress, issue certificates, and send transactional emails (password resets, enrollment confirmations, course announcements).

We do not sell your data. We do not share it with advertisers. We do not use it to train external machine-learning models.

Running the platform requires a few service providers. Each holds the slice of data they need to do their job, and nothing more.

• Neon — hosts our PostgreSQL database (account data, enrollments, progress).
• Vercel — hosts the website and serverless functions.
• Resend — delivers transactional emails. They see your email address and the message body for each send.
• Cloudflare Stream — stores and streams course videos. Your viewing of a lesson generates standard CDN logs.
• Zaad (or other USSD aggregators) — process payments. They see the phone number you paid from and the transaction amount.

We use a single essential cookie to keep you signed in (the Auth.js session JWT). It contains your user ID and role, signed with a server-side secret. It cannot be read by other websites.

We do not use analytics, advertising, or fingerprinting cookies. If we add anonymized analytics in the future, we will add a consent surface and update this policy.

We keep your account and progress data for as long as your account exists. Enrollment and payment records are kept for seven years to satisfy accounting requirements. Operational logs are kept for 30 days at most.

When you delete your account, we delete personal data within 30 days, except where law requires us to retain it (e.g. payment records).

You can ask us to:

• Send you a copy of the data we hold about you.
• Correct anything that's wrong.
• Delete your account and personal data.
• Export your enrollment / progress data in a portable format.
• Restrict or object to specific uses.

Email hello@raazacademy.com from the address on your account. We aim to respond within 14 days. If we can't help, you can complain to your local data protection authority.

The platform is intended for learners aged 16+. If you're younger, please use it together with a parent or guardian. If you believe we have data on a child without appropriate consent, contact us and we will delete it.

If we make material changes, we'll update the "last updated" date and email you when relevant. The current version always lives at this URL.

Questions, requests, or concerns — hello@raazacademy.com.