Privacy Policy

Last updated: March 1, 2026

ServeMaster Academy ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our website and platform at servemasteracademy.ca.

1. Information We Collect

We collect the following types of information:

• Account information: Your name, email address, and password (stored as a secure hash) when you register.
• Profile information: Your experience level and any optional profile details you provide.
• Training progress: Modules completed, scenario scores, streaks, badges, and leaderboard data.
• Payment information: Billing details are processed and stored by Stripe. We do not store your full credit card number on our servers. We retain your Stripe customer ID and subscription status.
• Voice data: If you use voice roleplay, audio is sent to OpenAI's Whisper API for transcription and is not stored by us after processing.
• Usage data: Standard server logs including IP address, browser type, and pages visited.
• Contact messages: Any messages submitted through our contact form.

2. How We Use Your Information

• To provide and improve the ServeMaster Academy platform and training content.
• To process payments and manage your subscription.
• To send you account-related communications (e.g. password resets, billing receipts).
• To respond to support inquiries and contact form submissions.
• To display leaderboard rankings (using your name only, not your email).
• To generate and deliver training certificates.
• To analyze platform usage and improve our training modules.

3. AI and Third-Party Services

We use the following third-party services to power the platform:

• OpenAI: AI roleplay responses and voice transcription. Your conversation content is sent to OpenAI and subject to their Privacy Policy.
• Stripe: Payment processing. Subject to Stripe's Privacy Policy.
• Google: Optional Google OAuth sign-in. Subject to Google's Privacy Policy.

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Replit's infrastructure. We use industry-standard security practices including password hashing, HTTPS encryption, and JWT-based authentication. While we take reasonable precautions, no system is completely secure and we cannot guarantee absolute security.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account or request deletion, we will remove your personal information within 30 days, except where we are required to retain it for legal or financial compliance purposes.

6. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Withdraw consent for optional data uses at any time.

To exercise any of these rights, contact us at privacy@servemasteracademy.ca or through our contact page.

7. Cookies

We use session cookies to keep you logged in and localStorage to store your authentication token. We do not use advertising or tracking cookies.

8. Children's Privacy

ServeMaster Academy is intended for users aged 16 and older. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page. Continued use of the platform after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, please contact us:

• Email: privacy@servemasteracademy.ca
• Contact form: servemasteracademy.ca/contact