Skip to main content
Home

Privacy Policy

Last updated: March 14, 2026

1. Data Controller

ESSAI is a personal, non-commercial educational project. The data controller for personal data collected through this website is the individual operator of the ESSAI platform.

For any data protection enquiries, please contact: privacy@essaiapp.com

2. Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, role, and industry when you create an account or request access.
  • Assessment data: your answers to the ESSAI knowledge assessment, your assessed level, and associated scores.
  • Learning progress: which courses, modules, and lessons you have completed, and quiz results.
  • Access request data: first name, last name, email, country, industry, position, company, years of experience, referral source, and motivation text.
  • Analytics data: pages visited, session duration, device type, and approximate location via Google Analytics 4. This data is collected automatically to help improve the platform.
  • Technical data: IP address, browser type, and operating system transmitted automatically by your browser.

3. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR): to provide the ESSAI platform, deliver courses, and manage your account.
  • Legitimate interest (Art. 6(1)(f) GDPR): for analytics to improve the platform, prevent fraud, and ensure security.

4. Analytics

We use Google Analytics 4 (measurement ID: G-ZHSGGXQ9SV) to understand how visitors interact with the platform. This helps us improve content and user experience. Data is processed by Google; see Google's Privacy Policy.

Essential cookies for authentication and session management (Supabase auth) are set automatically as they are required for the platform to function.

5. How We Use Your Data

  • Provide and personalise the ESSAI learning experience.
  • Assess your marketing knowledge level and recommend courses.
  • Track your learning progress across courses and quizzes.
  • Process and review access requests.
  • Analyse website usage to improve content and experience.
  • Communicate service-related updates to your account email.

6. Data Sharing

We do not sell your personal data. We share data only with:

  • Supabase (database and authentication hosting) — data stored in the EU.
  • Vercel (website hosting) — servers in the EU and US.
  • Google Analytics (analytics) — data may be processed in the US under Google's EU-US Data Privacy Framework certification.

7. Data Retention

  • Account data: retained for as long as your account is active. Deleted within 30 days of account deletion request.
  • Access request data: retained for up to 12 months after the request is processed, then deleted.
  • Analytics data: retained by Google Analytics for 14 months, then automatically deleted.

8. Your Rights Under GDPR

As a data subject in the EU, you have the following rights under the GDPR:

  • Right of access (Art. 15): request a copy of your personal data.
  • Right to rectification (Art. 16): request correction of inaccurate data.
  • Right to erasure (Art. 17): request deletion of your data (“right to be forgotten”).
  • Right to restriction (Art. 18): request limited processing of your data.
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): object to processing based on legitimate interest.

To exercise any of these rights, email us at privacy@essaiapp.com. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • HTTPS encryption for all data in transit.
  • Row-level security policies on our database.
  • Strict Content Security Policy headers.
  • Rate limiting on all API endpoints.
  • Input validation and HTML sanitisation.
  • Admin access restricted to authorised email addresses.

10. International Data Transfers

Your data may be transferred to countries outside the EU/EEA (specifically the US for Vercel hosting and Google Analytics). These transfers are protected by:

  • The EU-US Data Privacy Framework (for Google).
  • Standard Contractual Clauses (SCCs) where applicable.

11. Children's Privacy

ESSAI is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the French data protection authority:

  • CNIL (Commission Nationale de l'Informatique et des Libertés)
  • Website: www.cnil.fr

13. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when the most recent changes were made.

14. Contact Us

For any questions about this Privacy Policy or your personal data, contact us at: privacy@essaiapp.com