Security Awareness for Busy People

5-minute weekly lessons, from the comfort of your inbox, for US$52.

Privacy Policy

JustPlainSimple is firmly committed to preserving your privacy. To better protect your privacy we provide this privacy statement (“Statement”) explaining our online information practices and the choices you can make about the way your information is collected and used. We reserve the right to amend this Statement from time to time and will update the Website with the most recent version of this Statement. It is your responsibility to review this Statement to ensure that you are familiar with the most current provisions. If any major changes are made that impact this spirit of this policy, we may provide additional notice and/or opportunity to “opt-in” as appropriate.

This Statement applies to the securityawareness.email website, including all sub-pages and any amendments to the site (the “Website”). This Statement also applies to all software and services we offer through our Website, including free trials of our software, review our products and receive materials (collectively referred to as the “Services”).

This Statement does not apply to any website, product or service of any third-party company even if the website links to or from our Website. We do not operate or control those websites, products or services and are not responsible for the privacy policies or the content of these other websites. You should check the policy statement of these other websites to determine whether you wish to share your personal information with them.

By using our Website, you are accepting our practices as described in this Statement. Your continued use of the Website will signify acceptance of this Statement.

By providing this website with your information, you consent to us using it for the purposes set out in this Statement.

While this list is subject to change without notice, the following pieces of data are collected for legitimate business purposes. How these pieces of information are shared, processed or used is described in later sections.

This must match the information on the credit card to combat fraud. The country and province is also processed to determine if taxes must be applied to the payment. This must match the name on the credit card being used to combat fraud. These details are used to pay for the course. To maintain PCI compliance and the security of your credit card information, these details are never transmitted, stored, or processed by this website and only ever are sent to the payment processor. This is used by the course to send the welcome email and weekly lessons. This is used by the payment processor to send an electronic copy of the receipt after payment succeeds. This is used by this webiste for troubleshooting, diagnostics and analyzing web traffic or usage. It is captured by Web servers during the normal course of interacting with this website. This is used by the course as a way of identifying the student in correspondence or when awarding a certificate for completing the course. It does not need to be the person's real name, but chances are reduced that the course's emails are considered spam if a real name is used.

We never collect or maintain information at our website from those we actually know are under 18, and no part of our website is structured to attract anyone under 18. If we learn that we have inadvertently collected personal information for a child under 18, we will delete that information as quickly as possible.

JustPlainSimple will never sell or rent your Personal Information to marketers or unauthorized third parties.

We employ third party companies and individuals to facilitate our Website ("Service Providers"), to provide our Website on our behalf, to perform Website-related services or to assist us in analyzing how our Website is used. These third-parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

We may share your Personal Information with trusted third parties who are integral to the operation of our Website and Services including JustPlainSimple partners, payment processors, verification services, as well as any third parties that you have directly authorized to receive your Personal Information.

We may store your Personal Information in locations outside the direct control of JustPlainSimple, for instance, on servers or databases co-located with hosting providers.

We may disclose your Personal Information to law enforcement, government officials, or other third parties if we are compelled to do so by subpoena, court order or other legal process, we must do so to comply with laws, statutes, rules or regulations, or we believe in good faith that the disclosure is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our terms and conditions.

In the event of a merger, acquisition, reorganization, bankruptcy, or other similar events, certain information in our possession may be transferred to our successor or assignee.

We never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses.

Information collected via this website is never sold or shared with commercial third-parties, with the following notable exceptions:

The Web hosting provider for this website and course. All data held on Amazon Web Services (AWS) servers is encrypted in transit and at rest using an encryption key owned and managed by Heroku. While the data is technically shared with AWS, they cannot access this data. The payment processor for credit card transactions when a customer pays for the course from this website. In order to prevent fraud they check the credit card holder's name and billing address against the credit card company. That information is never held outside of Stripe and is provided directly to Stripe whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council.

We believe in giving people back the control of their own data. For that reason, unless otherwise instructed by you, the following data retention rules will apply to allow data collected by this website.

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The information you provide this website as a record of your payment and participation in the course. Log files containing IP addresses and other indirect forms of personal information. They are automatically and securely deleted by the Web hosting provider.

If you elect for the data to be deleted, a unique personal identifier is required to be kept by JustPlainSimple in order to show that the deletion request has succeeded. This information may include, but not be limited to, your full legal name and email address.

All data collected by this website and stored using Heroku and AWS servers is stored on servers located in Virginia, USA.

For data stored with Stripe, it is held according to their Privacy Policy.

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online. We only employ the use of modern encryption algorithms to protect the integrity and confidentiality of collected data, whether that data is in transit or at rest.

For the purpose of this Privacy Policy, we are a Data Controller of your personal information.

If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal information, as described in this Privacy Policy, depends on the information we collect and the specific context in which we collect it. We may process your personal information because:

  • We need to perform a contract with you, such as when you create a Policy with us
  • You have given us permission to do so
  • The processing is in our legitimate interests and it's not overridden by your rights
  • For payment processing purposes
  • To comply with the law

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. In certain circumstances, you have the following data protection rights:

  • The right to access, update or to delete the personal information we have on you
  • The right of rectification
  • The right to object
  • The right of restriction
  • The right to data portability
  • The right to withdraw consent

Please note that you may be asked to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your personal information. For more information, please contact your local data protection authority in the European Economic Area (EEA).

European Union (EU) law allows personal data to flow outside the EU only if there is an adequate level of protection in the country of destination or if a number of specific exceptions apply. For more information, please visit this page.

On December 20, 2001, the European Commission recognized that the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) provides adequate protection for certain personal data transferred from the EU to Canada. This will allow EU operators to send certain personal data to recipients in Canada subject to the Canadian Act, without additional safeguards being needed to meet the requirements of the EU Data Protection Directive.

Should you have other questions or concerns about the statements in this privacy policy, please .