Privacy & Cookies Policy

1) Who we are & scope

This Privacy & Cookies Policy (“Policy”) explains how networkED Global, Inc. (“networkED,” “we,” “us,” “our”) collects, uses, shares, and safeguards personal information when you use our websites, dashboards, and services (the “Platform”).

Unless stated otherwise, networkED is the controller of your personal data for the Platform. Specific controller/processor roles:

• networkED as controller: For all individual accounts (CE Professional, BI, PA, Event Host), we determine the purposes and means of processing your personal data.
• networkED as processor: When processing CE records or employee data on behalf of a Corporate or Enterprise Account, the corporate entity acts as controller and networkED acts as processor. Processing in this context is governed by a Data Processing Addendum (DPA) between networkED and the corporate entity. A DPA is available upon request for Corporate Accounts and is incorporated into Enterprise Agreements.
• Event Hosts as separate controllers: If you interact with an Event Host outside the Platform (e.g., on their registration or payment pages), that Host is an independent controller for data collected through their own systems. We encourage you to review their privacy policies.
• Third-party providers: Service providers acting on our behalf (e.g., hosting, email delivery) process data as our processors under our instructions. Providers you interact with directly (e.g., a payment processor’s checkout page) may act as independent controllers for their services.

Summary of how we operate

Connector-only: We do not register attendees or submit anything on your behalf to Event Hosts. We are not a party to transactions between Users and Event Hosts and do not guarantee event quality, outcomes, or acceptance of CE credits by any board or regulator.

Minimal sharing: We do not disclose the names, personal emails, street addresses, or phone numbers of our Users (CE Professionals, Business & Industry Users, Presenters/Authors) in Event Host dashboards. Dashboards use only professional metadata (title, profession, field, industry, credential, city, and state) at an aggregated level, subject to strict minimum-cohort safeguards (see Section 6 and Appendix C).

Year 1 payment: During the introductory period, networkED does not collect payment information. Beginning in later phases, payments will be processed by a third-party provider (e.g., Stripe or a similar processor). We will not store full card numbers.

Identity verification (Event Hosts): To reduce fraud and deceptive listings, Event Hosts may be required to verify identity. We collect an image of a government-issued ID and related metadata only for verification, retain it for a short audit window (30 days), then delete the image and keep a minimal verification log (see Sections 3 and 8).

Automated processing: We use automated tools, including artificial intelligence, to process event data, classify content, match events to user profiles, and provide initial customer support responses. Where automated processing could materially affect what users see, outputs are subject to human review. AI service providers are treated as sub-processors and listed at /legal/sub-processors.

2) Categories of data we collect

A. Account & contact data (users who create accounts)

Name, email, password or SSO identifiers; organization and role; communications and support tickets.

B. Professional profile & preferences

You may add title, profession, field, industry, credentials, license board(s), city/state, interests, CE preferences, and professional association memberships.

C. Notification preferences

During signup, you select which types of optional communications you wish to receive (e.g., discounts and early-bird offers, new events matching your credentials, CE opportunities near renewal deadlines, virtual and on-demand options). You can update these preferences at any time from your profile settings. See also Section 3 (Communications).

D. CE certificates & records (optional feature)

You may upload CE certificates/letters of credit and tracking notes to your dashboard. These documents must not contain protected health information (PHI), confidential client data, or special-category data (see Section 2.J). We are not the issuer of CE/PD credits.

E. Event Host submissions

Event details, schedules, speaker lists, exhibitor/sponsor information, and Host contact details you choose to publish to the Platform.

F. Identity verification for Event Hosts (anti-fraud)

Government ID image(s) and data strictly to verify you are authorized to post events; derived verification records (pass/fail, timestamp, verifier ID). Images are deleted after 30 days; we retain a minimal verification log (see Section 8).

G. Device, usage & cookies

Log files, IP address, device/browser type, pages viewed, referral/UTM, approximate location (city/state), and cookie identifiers. See Cookie Notice (Section 10).

H. Payment & billing (future phases)

If/when payments begin, we receive limited transaction metadata from our payment processor (e.g., last 4 digits, token, status). We do not store full card numbers.

I. Corporate & Enterprise account administration

Corporate/Enterprise admin data (name, email), named seat assignments, seat activation/deactivation timestamps, transfer counts, and SSO configuration data (for Enterprise accounts where applicable).

J. Sensitive and special-category data

We do not intentionally collect special-category data as defined under GDPR (e.g., health conditions, racial or ethnic origin, religious beliefs, trade union membership, biometric data for identification) or sensitive personal information as defined under CPRA beyond what is strictly necessary for the Service. We do not use special-category data for profiling or automated decision-making. We ask users not to submit such data, including in free-text fields (e.g., profile bios, support messages, association membership descriptions). If we become aware that special-category or sensitive data has been inadvertently provided to us, we will delete or anonymize it as soon as reasonably practicable and will not use it for any other purpose.

3) Why we use your data (purposes & legal bases)

4) How we share information

We do not sell personal information. We share only as described below:

Service providers (processors): Hosting, analytics, email delivery, content processing, AI classification, customer support, and payment processors. They must use data only under our instructions. A current list of sub-processors is available at /legal/sub-processors.

Event Hosts: We do not disclose Users’ names, personal emails, street addresses, or phone numbers in dashboards. If you actively interact with a Host (e.g., click “Contact Host,” register on a Host page, or submit a CFP), you choose what to share with that Host. Event Hosts are solely responsible for representations about CE credit approval, accreditation status, or regulatory compliance made in their listings.

Corporate/Enterprise admins: For corporate and enterprise subscriptions, the master admin can view seat status/usage necessary to administer the account; they do not see your private CE documents unless you choose to share them.

Legal & safety: We may disclose information if required by law, to protect Users, prevent fraud, or respond to lawful requests.

Business transfers: In a merger, acquisition, or asset sale, we may transfer data under this Policy’s protections.

5) CE certificates & records (your responsibilities)

Not a records custodian or issuer: We are not the issuer of CE/PD credits and do not guarantee acceptance by regulators or boards. Users must verify acceptance with their licensing authority. Event Hosts are solely responsible for claims about credit approval in their listings; CE Professionals must confirm such claims with their own boards before relying on them.

No PHI/confidential client data: Do not upload PHI, client information, or special-category data. We may remove non-compliant materials without notice.

Backup responsibility: You are responsible for retaining original records. We are not a records custodian and do not guarantee the preservation of user content beyond the retention periods described in Section 9.

Export window: Upon account closure or seat removal, you have 30 days to download your CE records before deletion (see Section 9). Retention periods for CE documents and corporate seats align with the timelines described in our Terms of Use.

6) Analytics, dashboards & de-identification safeguards

We design analytics for privacy. Unless a user deliberately chooses to share their identity with a Host, aggregated reporting to Hosts uses only professional metadata (title, profession, field, industry, credential, city, and state) and complies with:

• Minimum cohort size: No stat is shown for a segment smaller than 10 individuals.
• Small-cell suppression: We suppress or combine any view that would reveal, or allow inference about, an individual.
• Rounding: Where appropriate, counts are rounded to reduce re-identification risk.
• No raw contact data: We do not display Users’ names, personal emails, phone numbers, or street addresses in Host dashboards.
• Audit controls: We log access to analytics dashboards and investigate suspected misuse.

While we take reasonable steps to reduce re-identification risk, no de-identification method is perfect; dashboards are designed to show trends, not individual-level insights.

7) International data transfers

We are a U.S.-based company. If you access the Platform from outside the U.S., your data may be transferred to the U.S. and other countries with different data protection laws. When we transfer personal data from the EEA/UK/Switzerland to the U.S., we use lawful transfer mechanisms (e.g., Standard Contractual Clauses) and implement appropriate safeguards. Where applicable, we may also rely on an adequacy decision or a successor framework (such as the EU-US Data Privacy Framework) to legitimize transfers.

8) Event Host identity verification (anti-fraud)

To combat fake or deceptive events, Event Hosts may be asked to complete identity verification. We collect an image of a government ID and related data only to confirm authorization to post events. We delete the ID image within 30 days after verification (earlier if feasible) and retain a minimal verification record (e.g., pass/fail, verification timestamp, verifier ID). We do not create biometric templates from ID images.

Legal bases: legitimate interests (fraud prevention / platform integrity) and, where applicable, legal obligation. Do not submit ID images you do not have the right to provide.

9) Retention & deletion

We keep personal data only as long as necessary for the purposes stated in this Policy or as required by law. Key periods:

• CE documents: Stored while your account is active. On account closure, a 30-day export window applies, then deletion. For corporate seat removal, records are archived for up to 90 days while we notify the affected user of the option to convert to an individual account. If not converted, records are deleted after the archive window.
• Verification images (Event Hosts): Deleted within 30 days after verification; minimal verification log retained.
• Logs and security data: Short-term operational logs are retained for security, fraud prevention, and legal defense purposes, and may be retained longer than other personal data where necessary for these purposes.
• Aggregated analytics: De-identified and aggregated analytics may be retained indefinitely, including after account deletion, as such data cannot reasonably be used to identify you.

Retention periods for CE documents and corporate seats align with the timelines described in our Terms of Use.

See Appendix B for a summary table.

10) Cookie & tracking technologies

We use cookies and similar technologies to operate the Platform. Through our consent manager, you can accept or reject non-essential cookies and change preferences anytime. The Platform remains fully functional if you reject non-essential cookies, though some analytics-driven features (such as personalized recommendations) may be less effective.

What we use: We currently use server-side logs and first-party analytics. If we introduce third-party analytics tools (e.g., Google Analytics, PostHog), they will be bound by our instructions, configured in IP-masked or privacy-enhanced mode where available, configured to minimize data collection, and subject to the consent controls described below. We will not combine third-party analytics data with other datasets for advertising without consent. We will update this Policy and the consent banner before enabling any new third-party tracking.

• Strictly Necessary (always active): Security, load balancing, user login/session management.
• Analytics (consent in EU/UK; opt-out elsewhere): Helps us understand usage in aggregate and improve the product. Analytics cookies are non-essential; the Service functions without them.
• Advertising/Marketing (consent in EU/UK): Currently not active. If introduced, you can opt-in/out at any time. We will not use Users’ names, emails, or phone numbers for third-party ad networks without consent. We will update this Policy and the consent banner before enabling advertising cookies.
• Signals: Where supported, we honor Global Privacy Control (GPC) signals for applicable jurisdictions. See Appendix A for consent-manager language.

11) Your rights

Depending on your location, you may have rights to access, correct, delete, or receive a copy of your data, to object or restrict certain processing, and to withdraw consent.

How to exercise your rights: You may submit requests by emailing privacy@networkED.global or, where available, using the in-product privacy request form accessible from your profile settings. We will respond to rights requests as required by applicable law. We may need to verify your identity to protect your data.

Limitations: We may reject or limit requests where an exception applies under applicable law — for example, where we are required to retain certain data for legal compliance, fraud prevention, or defense of legal claims. If we deny a request, we will explain the reason.

EEA/UK/Switzerland: Rights under GDPR/UK GDPR, including access, rectification, erasure, restriction, data portability, objection, and the right to lodge a complaint with your local supervisory authority. You have the right to object to processing based on legitimate interests(including analytics and optional notifications); we will honor such objections unless we have compelling legitimate grounds that override your interests. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing. We will provide contacts for our appointed EU/UK representatives on our Legal page as those appointments are made during our phased international rollout.

California (CPRA/CCPA): Right to know/access, correct, delete; right to opt-out of “sale” or “sharing” for cross-context behavioral advertising; right to limit use of “sensitive” personal information. We do not “sell” personal information as defined by CPRA, and we do not “share” personal information for cross-context behavioral advertising. You can manage non-essential cookies through the consent manager and may submit requests using the methods described above.

12) Security

We use administrative, technical, and physical safeguards to protect personal information (e.g., encryption in transit, role-based access, logging). We will notify you of data incidents affecting your personal data as required by applicable law. No system is perfectly secure; please keep your credentials confidential and notify us promptly of suspected unauthorized access.

13) Children

The Platform is for adult professionals and is not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18 without appropriate authorization, we will delete that information promptly.

14) Changes to this Policy

We may update this Policy to reflect changes in our practices or the law. If we make material changes, we will notify you (e.g., by email or in-app notice) and, where required, seek consent for new uses. If we add third-party tracking for advertising purposes, we will update this Policy and the consent banner before enabling it.

15) Contact us

• Privacy questions/requests: privacy@networkED.global
• In-product: Privacy request form (accessible from profile settings, where available)
• Legal & Notice-and-Action page (for reporting problematic listings): see the “Legal” page in the site footer and follow instructions there.
• U.S. address/jurisdiction: As set out in our Terms of Use. We will post contact details for appointed EU/UK representatives on our Legal page when available.

Appendix A — Cookie & consent-manager copy

Categories & default states

• Strictly Necessary — Always on. Required for core functionality (security, load balancing, session). Cannot be turned off.
• Analytics — OFF by default (EU/UK); ON by default (elsewhere). Helps us improve the product by understanding usage in aggregate. No names/emails are shared in analytics. The Service remains functional if rejected.
• Advertising/Marketing — OFF by default globally unless explicitly launched in your region. Used to show promotions or measure campaign performance. We do not allow third-party ad networks to access your name, email, phone, or CE documents. We will update this Policy before enabling advertising cookies.

Buttons & interactions

“Accept all” | “Reject non-essential” | “Save choices”
Link: “Change cookie settings” (always available in footer)

Signals

Honor Global Privacy Control (GPC) for applicable jurisdictions.

Records

Store consent preferences per region; persist choices for at least 12 months or until changed by the user.

Appendix B — Retention overview (summary)

Retention periods for CE documents and corporate seats align with the timelines described in our Terms of Use.

Appendix C — Aggregation & de-identification standards

• Minimum cohort size: No metric is shown if fewer than 10 individuals are represented.
• Small-cell suppression: We suppress or combine any metric that could reveal or allow inference about an individual, including via cross-filtering.
• Rounding: Where appropriate, counts may be rounded to reduce re-identification risk.
• No exposure of contact data: We do not display names, personal emails, phone numbers, or street addresses in Host dashboards.
• Metadata fields used: Title, profession, field, industry, credential, city, and state. No other personal data is exposed in Host dashboards.
• Audit and enforcement: Access to analytics is logged; misuse may result in suspension under our Terms of Use.
• Limitations: While we take reasonable steps to reduce re-identification risk, no de-identification method is perfect; dashboards are designed to show trends, not individual-level insights.