Skip to main content

Privacy Policy

Privacy Policy

Qui Academy
Effective Date: 22 March 2026

This Privacy Policy explains how Global Passage LLC, trading as Qui Academy ("Qui Academy", "we", "us", or "our"), collects, uses, stores, and shares your personal information when you access or use our online learning platform and services (collectively, the "Platform").

By creating an account or purchasing a course, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Platform.

1. Who We Are (Data Controller)

The data controller responsible for your personal information is:

Global Passage LLC (trading as Qui Academy)
A limited liability company registered in New Mexico, USA
Privacy enquiries: privacy@qui.is

For users in the European Economic Area (EEA) or the United Kingdom, we act as the data controller as defined under the GDPR and UK GDPR respectively. For requests to exercise your data rights, please contact us at the address above.

2. Information We Collect

2.1 Account Information

When you register, we collect your name, email address, and password (stored in hashed form). You may optionally provide a profile photo and biographical information.

2.2 Course and Learning Activity

We collect data about your interactions with course content, including:

  • Courses enrolled in and completion status
  • Lesson progress and timestamps
  • Quiz and assessment results
  • Certificates issued

2.3 Payment Information

All payment transactions are processed by Stripe, Inc. We do not collect, store, or have access to your full card number, CVV, or bank account details. Stripe provides us with a transaction record including your name, billing address, the amount charged, and a transaction reference. Stripe's privacy policy is available at https://stripe.com/privacy.

2.4 Technical and Device Data

When you use the Platform, we automatically collect:

  • IP address and approximate geographic location
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent
  • Referring URLs

2.5 Communications

If you contact us via email or a support form, we retain the contents of that communication and your contact details in order to respond to you and maintain a support history.

3. How We Use Your Information

We use your personal information for the following purposes and on the following legal bases:

To provide and deliver the Platform (Legal basis: Contract performance)

  • Creating and managing your account
  • Delivering courses you have purchased
  • Issuing completion certificates
  • Processing payments via Stripe

To improve and secure the Platform (Legal basis: Legitimate interest)

  • Analysing usage patterns to improve content and user experience
  • Detecting, preventing, and responding to fraud or security incidents
  • Maintaining platform stability and performance

To communicate with you (Legal basis: Contract performance / Legitimate interest / Consent)

  • Sending transactional emails (purchase receipts, password resets)
  • Responding to support requests
  • Sending course updates and platform announcements (you may opt out at any time)
  • Sending marketing emails about new courses or offers — only with your consent

To comply with legal obligations (Legal basis: Legal obligation)

  • Maintaining financial records for tax and accounting purposes
  • Responding to lawful requests from authorities

4. Our Relationship with Stripe

Stripe, Inc. is our payment processor and acts as a data processor on our behalf. When you make a purchase, you will be interacting with Stripe's payment interface, which is governed by Stripe's own Privacy Policy and Terms of Service.

Stripe collects and processes your payment card details, billing address, and related information directly. Stripe is certified to PCI DSS Level 1, the highest level of payment security certification. We never receive or store your raw card details.

By making a purchase on the Platform, you agree to Stripe's Privacy Policy (https://stripe.com/privacy) and its Terms of Service (https://stripe.com/legal). You authorise us to instruct Stripe to process payments on your behalf.

In certain jurisdictions, Stripe may also act as an independent data controller for fraud prevention, identity verification, and financial regulation compliance purposes. Please review Stripe's privacy policy for full details.

5. Sharing Your Information

We do not sell your personal information. We share it only in the following circumstances:

Service providers (processors): We share data with trusted third-party services that help us operate the Platform, including:

  • Stripe, Inc. — payment processing
  • Email service providers — transactional and marketing emails
  • Cloud hosting providers — platform infrastructure
  • Analytics services — aggregated, anonymised usage analysis

All service providers are contractually bound to process your data only on our instructions and in accordance with applicable data protection law.

Legal requirements: We may disclose your information if required to do so by law, court order, or governmental authority, or where we believe disclosure is necessary to protect our rights or the safety of others.

Business transfers: If Qui Academy or Global Passage LLC is acquired, merged, or transfers its assets, your data may be transferred to the acquiring entity. We will notify you in advance via email or a prominent notice on the Platform.

6. International Data Transfers

Qui Academy operates globally. Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our LLC is registered, and other countries where our service providers operate.

For users in the EEA and UK, we ensure that any transfer of personal data to third countries is subject to appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs) or equivalent mechanisms. Stripe, for example, relies on SCCs for data transfers between the EU and the United States.

By using the Platform, you acknowledge that your data may be processed in countries that may not provide the same level of data protection as your home country.

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes set out in this policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account data: Retained while your account is active, and for up to 12 months after account closure to handle residual queries and disputes.
  • Course activity and certificates: Retained indefinitely so you can access proof of completion. You may request deletion (see Section 8).
  • Payment records: Retained for 7 years in accordance with financial record-keeping obligations.
  • Support communications: Retained for 3 years after the matter is resolved.
  • Marketing consent records: Retained until you withdraw consent, plus 12 months.

When data is no longer required, it is securely deleted or anonymised.

8. Your Data Rights

Depending on your location, you may have the following rights regarding your personal data:

Rights under GDPR (EEA and UK users)

  • Right of access: Request a copy of the data we hold about you.
  • Right to rectification: Correct inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
  • Right to restriction: Ask us to limit how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

Rights under CCPA (California residents)

  • Right to know what personal information we collect, use, disclose, or sell.
  • Right to delete your personal information, subject to exceptions.
  • Right to opt out of the sale of personal information. Note: we do not sell personal information.
  • Right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at privacy@qui.is. We will respond within 30 days (GDPR) or 45 days (CCPA) of receiving a verifiable request. We may need to verify your identity before processing the request.

If you are an EEA resident and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority. A list of EU supervisory authorities is available at https://edpb.europa.eu.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Platform. Cookies are small text files placed on your device.

We use the following types of cookies:

  • Strictly necessary cookies: Required for the Platform to function (e.g., session authentication, shopping cart). These cannot be disabled.
  • Functional cookies: Remember your preferences (e.g., language, display settings).
  • Analytics cookies: Help us understand how users interact with the Platform. Data is aggregated and anonymised where possible.
  • Marketing cookies: Used only with your consent to deliver relevant communications. You may opt out at any time.

EEA and UK users will be shown a cookie consent banner when they first visit the Platform. You may update your preferences at any time via the cookie settings link in the footer.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include encrypted data transmission (HTTPS), hashed password storage, access controls, and regular security reviews.

No method of transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee its absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant authorities as required by law.

11. Children's Privacy

The Platform is not directed at children under the age of 16 (or 13 in the United States). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information without parental consent, please contact us at privacy@qui.is and we will delete the data promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. We will notify you of material changes by email or by posting a prominent notice on the Platform at least 14 days before the changes take effect. The "Effective Date" at the top of this policy will be updated accordingly.

Continued use of the Platform after the effective date constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

Global Passage LLC (trading as Qui Academy)
Privacy Officer
Email: privacy@qui.is

We aim to respond to all privacy enquiries within 5 business days.

Disclaimer

Qui Academy is an approved education vendor of Qui Intelligent Systems LLC (Georgia, Tbilisi, Vake district, University Street, N 17a, Floor 10, 0186). Qui Academy is operated by Global Passage LLC and is in no way indicating the ownership of intellectual property, or acting as a legal distributor of QUI ecosystem products and services.

Membership of Qui Academy does not provide access to the QUI ecosystem. Access to QUI ecosystem products and services is provided separately by Qui Intelligent Systems LLC through qui.is.

QUI