INSAIG — Institute of Security and Artificial Intelligence

Privacy Policy

Effective Date: May 1, 2026
Last Updated: May 1, 2026

1. Introduction

Welcome to INSAIG — Instituto de Inteligência Artificial e Segurança (“INSAIG”, “we”, “us”, or “our”), a brand owned and operated by EventPulse Technologies. We operate the website and certification platform accessible at insaig.ai(the “Platform”).

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Platform or use our services, including online certification exams, digital certificates, and related features.

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Platform.

2. Information We Collect

2.1 Information You Provide Directly

  • Account registration data: name, email address, and password.
  • Profile information: professional details, job title, or LinkedIn profile URL, if you choose to provide them.
  • Payment information: billing name, address, and payment card details. Payment transactions are processed by Stripe, Inc.; we do not store full card numbers on our servers.
  • Exam submissions: answers, scores, time stamps, and other data generated during a certification exam.
  • Identity verification data: if required for proctored exams, a webcam photo capture may be collected at the start of the session for identity confirmation purposes.
  • Communications: any messages you send us via email or support channels.

2.2 Information Collected Automatically

When you access the Platform, we may automatically collect:

  • Log data: IP address, browser type and version, operating system, referring URLs, pages visited, and access timestamps.
  • Device information: device identifiers, screen resolution, and language settings.
  • Exam proctoring data: tab-switch events, copy-paste attempts, and session activity signals, collected exclusively during active exam sessions for integrity purposes.
  • Cookies and similar technologies: session tokens and preference cookies necessary for Platform functionality. See Section 8 for details.

2.3 Information from Third Parties

We may receive limited information from third-party services you connect to your account, such as LinkedIn, solely for the purpose of issuing or displaying digital badges and certificates.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and exam sessions.
  • Deliver, administer, and score certification exams.
  • Generate and issue digital certificates and LinkedIn badges.
  • Process payments and send transaction confirmations.
  • Verify candidate identity and maintain exam integrity.
  • Send you transactional emails (e.g., exam results, certificate issuance, password resets).
  • Send promotional communications about new certifications or features, where you have given consent or where permitted by applicable law.
  • Analyze Platform usage to improve our services.
  • Comply with legal obligations and enforce our Terms of Service.
  • Prevent fraud, misuse, and unauthorized access.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your personal data are:

PurposeLegal Basis
Providing the Platform and exam servicesPerformance of a contract (Art. 6(1)(b))
Processing paymentsPerformance of a contract (Art. 6(1)(b))
Identity verification and exam proctoringLegitimate interests (Art. 6(1)(f))
Sending marketing communicationsConsent (Art. 6(1)(a)) or legitimate interests
Complying with legal obligationsLegal obligation (Art. 6(1)(c))
Fraud prevention and securityLegitimate interests (Art. 6(1)(f))

5. How We Share Your Information

We do not sell your personal data. We may share your information with:

  • Service providers: third-party vendors who assist in operating the Platform, including cloud infrastructure (Vercel, Supabase), payment processing (Stripe), and email delivery (Resend). These parties are contractually obligated to protect your data and use it only as directed by us.
  • Credential verification services: if you request badge issuance on platforms such as LinkedIn or Credly, limited certificate data (name, certification title, issue date) will be shared with those platforms.
  • Legal and regulatory authorities: when required by law, court order, or to protect the rights and safety of INSAIG, our users, or the public.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email or prominent notice on the Platform before your data becomes subject to a different privacy policy.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. Specifically:

  • Account data is retained while your account exists and for up to 2 years after account deletion, to support certificate verification requests.
  • Certificate and exam records are retained indefinitely to support the validity of issued credentials, unless you request deletion (subject to Section 9).
  • Proctoring session data (webcam snapshots, activity logs) is retained for 90 days following exam completion, then permanently deleted.
  • Payment records are retained as required by applicable financial and tax regulations (typically 5–7 years).

7. International Data Transfers

INSAIG operates primarily in Portugal and serves users across Europe. Our infrastructure may involve data processing in other countries, including the United States. When we transfer personal data outside the EEA, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) as approved by the European Commission.

8. Cookies

We use the following types of cookies:

  • Strictly necessary cookies: required for authentication, session management, and Platform security. These cannot be disabled.
  • Functional cookies: remember your preferences (e.g., language settings).
  • Analytics cookies: help us understand how users interact with the Platform (e.g., pages visited, exam completion rates). These are only used in anonymized or aggregated form.

You may disable functional and analytics cookies through your browser settings. Disabling strictly necessary cookies will impair Platform functionality.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure (“right to be forgotten”): request deletion of your personal data, subject to legal retention requirements. Note that issued certificates tied to a certificate ID may be retained in anonymized form to support public verification.
  • Restriction: request that we restrict processing of your data in certain circumstances.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@insaig.ai. We will respond within 30 days.

If you are in the EEA, you also have the right to lodge a complaint with your local data protection authority (e.g., CNPD in Portugal).

10. Children’s Privacy

The Platform is intended for users who are at least 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information promptly.

11. Security

We implement industry-standard technical and organizational measures to protect your personal data, including encryption in transit (TLS), access controls, and regular security reviews. However, no transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

12. Third-Party Links

The Platform may contain links to third-party websites (e.g., LinkedIn, Credly). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Platform at least 14 days before the change takes effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related inquiries, requests, or complaints:

EventPulse Technologies(operating as INSAIG — Instituto de Inteligência Artificial e Segurança)
Email: privacy@insaig.ai
Website: https://www.insaig.ai