Legal

Privacy Policy

Last Updated: April 28, 2026

1. Introduction

The Institute of Business AI (“IBAI,” “we,” “us,” or “our”) operates the website instituteofbusinessai.org and related services, including online courses, membership programs, certification programs, consulting services, and educational tools (collectively, the “Services”).

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our website, enroll in our programs, or otherwise interact with our Services. We are committed to transparency and protecting your privacy in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and other relevant U.S. state privacy laws.

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

  • Account Registration: Name, email address, and password when you create an account on our learning platform.
  • Course Enrollment: Information provided during enrollment in our programs, including professional background, business details, and areas of interest.
  • Payment Information: Billing details necessary to process payments for our courses and membership programs. Payment processing is handled by third-party payment processors. We do not store full credit card numbers on our servers.
  • Course Participation: Homework submissions, quiz responses, project submissions, feedback forms, and forum posts submitted as part of your learning experience.
  • Communications: Information you provide when contacting us via email, contact forms, or other communication channels.
  • Event Registration: Details provided when registering for webinars, masterclasses, or live events.

2.2 Information Collected Automatically

When you visit our website or use our platform, we may automatically collect:

  • Device and Browser Information: IP address, browser type and version, operating system, device type, and screen resolution.
  • Usage Data: Pages visited, time spent on pages, links clicked, course progress, and navigation patterns.
  • Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies. See our Cookie Policy for details.
  • Referral Data: The website or source that referred you to our Services.

2.3 Information from Third Parties

We may receive information about you from third-party services that you connect to or that we use to deliver our Services, including CRM platforms, email marketing tools, payment processors, and analytics providers.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Delivering Our Services: To provide access to courses, process enrollments, track your learning progress, issue certificates, and manage your account.
  • Communication: To send you course updates, program announcements, account notifications, and responses to your inquiries.
  • Marketing: To send you information about new courses, events, and offerings that may be relevant to you. You can opt out of marketing communications at any time.
  • Improvement: To analyze usage patterns and feedback to improve our courses, platform, and overall user experience.
  • Accreditation and Compliance: To fulfill requirements of our CPD accreditation and other professional certifications, including maintaining records of learner completion and assessment.
  • Security: To protect our Services, detect fraud, and ensure the security of our platform and users.
  • Legal Obligations: To comply with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing (For Users in the UK, EU, and EEA)

If you are located in the United Kingdom, European Union, or European Economic Area, we process your personal data on the following legal bases:

  • Performance of a Contract: Processing necessary to deliver the courses and services you have enrolled in.
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services, marketing our programs, and ensuring platform security, provided these interests do not override your rights.
  • Consent: Where you have given us specific consent to process your data for a particular purpose, such as receiving marketing emails. You may withdraw consent at any time.
  • Legal Obligation: Processing necessary to comply with a legal obligation to which we are subject.

5. How We Share Your Information

We do not sell your personal information. We may share your information with the following categories of recipients:

  • Service Providers: Third-party companies that help us operate our Services, including our CRM and learning management platform provider, payment processors, email delivery services, analytics providers, and hosting providers. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • Accreditation Bodies: We may share aggregated or anonymized learner data with accreditation bodies (such as the CPD Certification Service) as required for program accreditation. Individual learner data is shared only with your consent or as required for certification verification.
  • Professional Obligations: If required by law, regulation, legal process, or governmental request, we may disclose your information to the extent necessary to comply.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy, including:

  • Active account data is retained for the duration of your account and membership.
  • Course completion records and certification data are retained for a minimum of five years to support accreditation requirements and professional verification.
  • Payment records are retained as required by applicable tax and financial regulations.
  • Marketing preferences and consent records are retained until you withdraw consent or request deletion.

When personal data is no longer needed, we securely delete or anonymize it.

7. Your Rights

7.1 All Users

Regardless of your location, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Opt out of marketing communications at any time by clicking the unsubscribe link in any email or contacting us directly.
  • Request deletion of your account and associated data, subject to our retention obligations.

7.2 UK, EU, and EEA Residents

Under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), you have additional rights, including:

  • The right to data portability (receiving your data in a structured, commonly used format).
  • The right to restrict processing of your personal data.
  • The right to object to processing based on legitimate interests.
  • The right to lodge a complaint with a supervisory authority (in the UK, this is the Information Commissioner’s Office at ico.org.uk).

7.3 California Residents

Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have the right to:

  • Know what personal information we collect and how it is used.
  • Request deletion of personal information.
  • Opt out of the sale or sharing of personal information. We do not sell personal information.
  • Non-discrimination for exercising your privacy rights.

7.4 Other U.S. State Privacy Laws

Residents of states with comprehensive privacy laws (including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Montana) may have similar rights under their respective state laws. To exercise these rights, please contact us using the information below.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit, secure access controls, and regular security reviews.

No method of transmission over the internet or method of electronic storage is completely secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.

9. International Data Transfers

Our Services are operated from the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate.

For users in the UK, EU, or EEA, we ensure that any international data transfers are conducted in compliance with applicable data protection laws, including the use of Standard Contractual Clauses or other approved transfer mechanisms.

10. Children’s Privacy

Our Services are designed for business professionals and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete that information promptly.

11. Third-Party Links

Our website may contain links to third-party websites, tools, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this policy and, where appropriate, notify you through our website or by email.

We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how your information is handled, please contact us at:

Institute of Business AI
Email: [email protected]
Website: instituteofbusinessai.org

For UK/EU data protection inquiries, you may also contact the Information Commissioner’s Office (ICO) at ico.org.uk or your local supervisory authority.