Legal
Privacy Policy
How we collect, use, and protect your information.
1. Introduction
The Satoshi Institute Inc., a Virginia corporation ("we," "our," or "us"), is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our educational platform, simulation tools, webinars, and related services (collectively, the "Services").
This policy complies with the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), the California Consumer Privacy Act (CCPA) as amended by the CPRA, the Virginia Consumer Data Protection Act (VCDPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable privacy laws.
2. Data Controller
Satoshi Institute Inc. is the data controller responsible for your personal data. If you are located in the European Economic Area (EEA) or the United Kingdom, our designated Data Rights Officer serves as your point of contact for all privacy matters:
Data Rights Officer
Email: dro@satoshiinstitute.com
As we are established outside the EEA/UK, we are in the process of appointing a representative in the EU and UK in accordance with Article 27 of the GDPR and UK GDPR respectively. Details will be published here once confirmed.
3. Information We Collect
Personal Information
We collect information you provide directly, including: name, email address, phone number, company information, professional title, payment information, and preferences for communications and content.
Usage Information
We automatically collect information about your interactions with our Services, including: pages visited, time spent, features used, simulation inputs and results, webinar attendance, and device and browser information.
Cookies and Tracking
We use cookies, web beacons, and similar technologies to enhance your experience, analyze usage patterns, and provide personalized content. For full details, please refer to our Cookie Policy.
4. Lawful Basis for Processing (GDPR / UK GDPR)
We process your personal data only where we have a lawful basis to do so under Article 6 of the GDPR and UK GDPR. The lawful bases we rely on are:
- Consent (Art. 6(1)(a)): Where you have given clear consent for us to process your data for a specific purpose, such as subscribing to our newsletter or accepting non-essential cookies.
- Contract (Art. 6(1)(b)): Where processing is necessary for the performance of a contract with you, including providing access to courses, webinars, and simulation tools you have registered for.
- Legitimate Interests (Art. 6(1)(f)): Where processing is necessary for our legitimate interests (or those of a third party), such as improving our Services, conducting analytics, ensuring platform security, and sending relevant communications about our programs. We balance these interests against your rights and freedoms.
- Legal Obligation (Art. 6(1)(c)): Where we need to process your data to comply with a legal obligation, such as maintaining tax and billing records.
Where we rely on consent, you may withdraw that consent at any time by contacting us at dro@satoshiinstitute.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
5. How We Use Your Information
We use collected information to:
- Provide and improve our educational services and platform
- Process registrations and manage your account
- Deliver webinars, courses, and personalized content
- Process payments and maintain billing records
- Send educational content, updates, and promotional materials (with your consent where required)
- Analyze usage patterns and improve user experience
- Ensure platform security and prevent fraud
- Comply with legal obligations and industry standards
6. Information Sharing
We may share your information with:
- Service Providers: Third-party vendors who assist with platform operations, payment processing, email delivery, and analytics, acting as data processors under appropriate data processing agreements
- Educational Partners: Authorized partners who help deliver our programs, subject to confidentiality and data processing agreements
- Legal Requirements: When required by law, court order, or to protect our rights and safety
- Business Transfers: In connection with mergers, acquisitions, or asset sales, with notice to affected users
We do not sell personal information to third parties for commercial purposes. We do not share personal information for cross-context behavioral advertising.
7. Your Rights
Rights Under GDPR / UK GDPR
If you are located in the EEA or UK, you have the following rights under the GDPR and UK GDPR:
- Right of Access (Art. 15): Obtain confirmation of whether we process your data and request a copy
- Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data
- Right to Erasure (Art. 17): Request deletion of your data in certain circumstances
- Right to Restriction (Art. 18): Request restriction of processing in certain circumstances
- Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing
- Right to Withdraw Consent: Where processing is based on consent, withdraw at any time
Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority. For UK residents, this is the Information Commissioner's Office (ICO) at ico.org.uk. For EU residents, you may contact the supervisory authority in your member state of residence.
Rights Under CCPA / CPRA (California Residents)
If you are a California resident, the CCPA and CPRA provide you with the following rights:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt Out: We do not sell your personal information or share it for cross-context behavioral advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
To exercise your California privacy rights, contact us at dro@satoshiinstitute.com. We will respond within 45 days as required by law.
Rights Under VCDPA (Virginia Residents)
Virginia residents have rights under the Virginia Consumer Data Protection Act, including the right to access, correct, delete, and obtain a copy of personal data, as well as the right to opt out of targeted advertising, the sale of personal data, and profiling.
Rights Under PIPEDA (Canadian Residents)
Canadian residents have the right to access, correct, and challenge compliance regarding their personal information under PIPEDA. You may file a complaint with the Office of the Privacy Commissioner of Canada.
How to Exercise Your Rights
To exercise any of the above rights, contact our Data Rights Officer at dro@satoshiinstitute.com. We will verify your identity before processing requests and respond within the timeframes required by applicable law.
8. Data Security
We implement industry-standard security measures including encryption in transit and at rest, secure data transmission (TLS), regular security assessments, role-based access controls, and incident response procedures. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
9. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy. Specific retention periods include:
- Account data: For the duration of your account plus 30 days after closure, unless longer retention is required
- Billing and transaction records: 7 years to comply with tax and financial regulations
- Marketing consent records: For the duration of the consent plus 3 years
- Analytics data: Aggregated and anonymized within 26 months
- Support correspondence: 3 years from the date of resolution
When data is no longer needed, it is securely deleted or anonymized.
10. International Transfers
Your information may be transferred to and processed in the United States and other countries outside the EEA and UK. When we transfer personal data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Agreement (IDTA), or other lawful transfer mechanisms under applicable privacy laws.
11. Children's Privacy
Our Services are not intended for individuals under 18 years of age (or 16 in the UK/EEA where applicable). We do not knowingly collect personal information from children. If we become aware that we have collected such information, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at dro@satoshiinstitute.com.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify users of material changes through email, platform notifications, or by posting the updated policy on our website at least 30 days before changes take effect. Continued use of our Services after the effective date of changes constitutes acceptance of the updated policy, except where consent is required by law.
13. Contact Information
For questions about this Privacy Policy or to exercise your data rights, contact us at:
Satoshi Institute Inc.
Incorporated in the Commonwealth of Virginia, USA
Data Rights Officer: dro@satoshiinstitute.com
General Privacy Inquiries: privacy@satoshiinstitute.com
Effective Date: July 1, 2025
Last Updated: March 15, 2026
