Terms of Service & Privacy Policy

Last updated: October 9, 2025

1) Who we are

This e-learning platform (the "Platform") is operated by BIM Alphabet ("we", "us"). These Terms of Service and Privacy Policy ("Terms") apply to every user of the Platform.

2) What data we collect
  • Account: email, password (hashed), first name, last name, country; for company accounts also company name.
  • Selected courses: courses you choose during registration or that an admin assigns to you.
  • Video viewing analytics: events such as play/pause, timeline sampling (approximately every 15s), forward/back jumps (seek/skip), playback speed changes, effectively watched time, and technical metadata such as IP address and device/browser information.
  • Feedback: satisfaction and clarity ratings and optional free-text for individual videos and courses.
  • Certificates: certificate codes/verify slugs and file paths for generated certificates.
  • Error logs: in case of errors we store technical details (e.g., IP address, user-agent, URL, timestamp, status) for diagnostics, in an internal “error_events” table.
  • Cookies/session: essential session cookies for login and protection (e.g., CSRF token). If we introduce analytics or marketing cookies, these will only be used with your consent.
3) Why we process your data
  • Service delivery: creating and managing your account, assigning courses, providing content, tracking progress, and issuing certificates.
  • Content improvement: aggregated analytics and feedback to improve our courses and user experience.
  • Security and stability: diagnostics and incident response based on technical logs.
  • Communication: transactional messages (e.g., registration confirmation, password reset, account approval).
4) Legal bases
  • Contractual necessity: processing necessary to provide the e-learning service.
  • Legitimate interests: platform security, usage measurement, and service improvement.
  • Consent: where you explicitly provide consent (e.g., optional feedback, newsletter sign-up, or non-essential cookies).
5) Data retention

We retain account data while your account is active and for up to 2 years after account closure, unless longer retention is required by law (e.g., tax/accounting obligations) or necessary for the establishment, exercise, or defense of legal claims. Certificate records may be kept longer to allow verification of issued certificates. Error logs are kept for a limited period consistent with operational needs and legal obligations.

6) Sharing and processors

We do not sell your data. We may share it with infrastructure providers (hosting/backup/email) strictly as needed to operate the Platform, under appropriate contractual safeguards. All processors are bound by written Data Processing Agreements (DPAs).

7) Your rights
  • Access, rectification, and deletion of your personal data;
  • Restriction of processing and objection, where applicable;
  • Data portability, where applicable.

To exercise your rights or request data deletion, contact us via the contact form or email us at office@bimalphabet.com. We may need to verify your identity. We will delete your account and associated data unless retention is required by law or necessary for the establishment, exercise, or defense of legal claims.

For privacy inquiries, you may also contact our Data Protection Officer (DPO) at office@bimalphabet.com.

8) Security

We apply technical and organizational measures to protect your data. Passwords are stored as cryptographic hashes. Administrative access is restricted and monitored.

9) International transfers

If data is processed outside your jurisdiction by our providers, we ensure appropriate safeguards consistent with applicable data-protection laws, such as the Standard Contractual Clauses (SCCs) approved by the European Commission.

10) Changes to these Terms

We may update these Terms from time to time. Material changes will be communicated on the Platform or by email. Continued use of the Platform after changes means you accept the updated Terms.

11) Acceptable use and access restrictions

You agree not to misuse the Platform. Without limitation, you must not:

  • Attempt to bypass, probe, or violate security or access controls;
  • Interfere with or disrupt the Platform, including attempting to overload (e.g., DoS) or degrade service;
  • Use automated tools (bots/scrapers) without our written permission;
  • Submit spam, abusive, or fraudulent content, including mass posting of comments or messages;
  • Share your credentials or otherwise allow unauthorized access;
  • Engage in any activity that could harm the Platform, other users, or our infrastructure.

We reserve the right, at our sole discretion, to suspend or terminate access to the Platform immediately if we reasonably suspect abuse, attempted security circumvention, service disruption, non-payment, or other violations of these Terms.

12) Content usage and intellectual property

All course materials, including videos, text, and images, are proprietary or licensed content. We grant you a limited, non-exclusive, non-transferable license to access course content solely for your own learning purposes. You may stream videos solely through the Platform's user interface for your personal or authorized company training use. Downloading, copying, redistributing, re-uploading, publicly posting, or otherwise making the video files available on the internet or elsewhere is strictly prohibited unless you have our prior written permission.

13) Inactive account lifecycle

To keep the Platform secure and responsive, we apply an automated lifecycle to accounts that have not reached a course certificate and remain inactive:

  • 10 and 30-day reminders: after 10 days without a login you will receive a reminder email with a direct link to the next video below 85% progress. After 30 days we send a second warning that archiving is planned.
  • 60-day archive: if there is still no login, the account is archived. Access is paused, approval status is set back to pending, and video progress for courses without a certificate is reset. We send an archive notification with instructions on how to return.
  • 90-day removal: after 90 days of inactivity the account is removed. A final email explains that the user must submit a new registration to regain access.

Accounts that have already earned certificates for all enrolled courses are excluded from the archive workflow until the user enrolls in a new course without a certificate. Re-registration is allowed with the same email address once the previous account has been archived or deleted; the old record is purged during the new registration process so that past progress cannot be restored automatically.

By using the Platform, you acknowledge that you have read and understood these Terms.