Global Privacy
Policy
We are committed to protecting your personal data with the highest standards of privacy, transparency, and respect — regardless of where you are in the world.
We collect personal data that you provide directly to us, data generated through your use of our platform, and in some cases, data from third-party sources. We collect only what is necessary to provide our services.
| Data Category | Specific Data Points | How Collected | Required? |
|---|---|---|---|
| Identity Data | First name, last name, professional title, company name | Registration forms, waitlist signup, profile setup | Yes — for enrollment |
| Contact Data | Email address, LinkedIn profile URL (optional) | Registration, waitlist, contact forms | Email required; LinkedIn optional |
| Payment Data | Payment method details (processed by Square — we do not store card numbers), billing address, transaction history | Checkout process via Square | Yes — for paid enrollment |
| Course Data | Lesson completion, quiz scores, capstone submissions, time spent on platform, module progress | LearnWorlds platform activity | Automatic upon enrollment |
| AI Interaction Data | Responses provided to the CoS Career Agent, readiness assessment scores, profile type (Aspiring/Practicing/Senior), identified challenges | Career Agent conversations | Optional — only if you use the tool |
| Technical Data | IP address, browser type and version, device type, operating system, time zone, referring URL | Automatic collection via cookies and server logs | Automatic |
| Marketing Data | Email open rates, click rates, unsubscribe actions, marketing preferences | ConvertKit email platform | Automatic for enrolled users |
| Communications Data | Emails and messages sent to support@coscertified.com, support ticket history | Direct communication | Only if you contact us |
Special Category Data: We do not intentionally collect sensitive personal data including racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or sexual orientation. Please do not share this type of information through our platform.
| Purpose | Data Used | Legal Basis (GDPR) | Legal Basis (US/Other) |
|---|---|---|---|
| Deliver course content and certification | Identity, Contact, Course Data | Contract performance | Contract performance |
| Process payments | Payment Data, Identity Data | Contract performance | Contract performance |
| Send enrollment confirmations and course updates | Contact, Course Data | Contract performance | Contract performance |
| Send marketing emails (waitlist, promotions, new modules) | Contact, Marketing Data | Consent (opt-in required) | CAN-SPAM / CASL compliance |
| Personalize email communications by profile type | AI Interaction Data, Contact | Consent / Legitimate interests | Legitimate business purpose |
| Improve the CoS Career Agent and curriculum | AI Interaction Data (anonymized) | Legitimate interests | Legitimate business purpose |
| Detect and prevent fraud and abuse | Technical Data, Identity Data | Legitimate interests / Legal obligation | Legitimate business purpose |
| Comply with legal obligations | All applicable data | Legal obligation | Legal obligation |
| Issue credentials and certificates | Identity Data, Course Data | Contract performance | Contract performance |
| Analytics and platform improvement | Technical Data, Course Data (aggregated) | Legitimate interests | Legitimate business purpose |
Marketing Communications: We will only send you marketing emails if you have explicitly opted in — either by joining our waitlist, enrolling in a program, or checking an opt-in box. Every marketing email includes an unsubscribe link. You can unsubscribe at any time and we will honor your request within 10 business days.
We retain your personal data for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention periods are:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account and enrollment data | Duration of account + 3 years after closure | Credential verification, legal disputes |
| Payment records | 7 years from transaction date | Tax and accounting legal requirements |
| Course completion and credential records | Indefinitely (or until credential revocation) | Credential verification for employers |
| Marketing email data | Until unsubscribe + 1 year | Suppression list maintenance |
| AI Career Agent interactions | 12 months (anonymized for analytics) | Platform improvement |
| Support communications | 3 years from last interaction | Service quality and dispute resolution |
| Technical / log data | 90 days | Security and fraud detection |
| Waitlist data (non-enrolled) | 24 months from signup or until unsubscribe | Marketing with consent |
When data is no longer needed for any applicable purpose, we securely delete or anonymize it. You may request earlier deletion subject to the conditions described in Section 5 (Your Rights).
Depending on where you are located, you may have the following rights regarding your personal data. We honor all applicable rights regardless of jurisdiction — you do not need to prove your location to exercise these rights.
How to Exercise Your Rights: Email support@coscertified.com with the subject line "Privacy Rights Request — [Right You Are Exercising]." Include your name, email address associated with your account, and a description of your request. We will respond within 30 days. We may need to verify your identity before processing the request.
No Discrimination: We will not discriminate against you for exercising any privacy rights. You will continue to receive the same quality of service regardless of privacy requests made.
We use cookies and similar tracking technologies to operate our platform, remember your preferences, and understand how you use our services. You can control cookies through your browser settings and, where required by law, through our cookie consent banner.
| Cookie Type | Purpose | Duration | Can You Opt Out? |
|---|---|---|---|
| Strictly Necessary | Platform login, session management, security. Required for the platform to function. | Session / up to 1 year | No — essential for service |
| Functional | Remembering your preferences, language settings, and course progress position | Up to 1 year | Yes — with reduced functionality |
| Analytics | Understanding how users interact with the platform to improve user experience (anonymized) | Up to 2 years | Yes — via cookie banner |
| Marketing | Tracking email campaign performance, retargeting (if applicable in future) | Up to 1 year | Yes — via cookie banner or unsubscribe |
The CoS Career Agent is powered by the Claude API (Anthropic). When you interact with the Career Agent, your inputs are processed by Anthropic's systems to generate responses. We have configured our API usage consistent with Anthropic's data usage policies.
What happens to your Career Agent data: Your conversation inputs are sent to Anthropic's API to generate responses in real time. We capture your name, email, profile type, and identified challenges when you submit the lead capture form within the agent. We store this data in Google Sheets and ConvertKit tagged by profile type for personalized follow-up. Conversation content is stored for 12 months and then anonymized for platform improvement analytics.
What Anthropic does with API data: By default, Anthropic does not use API inputs to train their models. See Anthropic's Privacy Policy at anthropic.com/privacy for full details on their data practices.
AI Assessment Limitations: The Career Agent's readiness assessments are algorithmic in nature and are not clinical, psychological, or professional assessments. They are educational tools only. You should not make major career decisions based solely on AI-generated assessments without also consulting qualified human advisors.
Automated Decision-Making: The Career Agent uses automated processing to determine your CoS profile type and recommend a certification track. This automated assessment does not produce legal effects or significantly affect you in a similar way — it is a recommendation tool only. You have the right to contest this assessment and request human review by contacting support@coscertified.com.
CoS Certified is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age. By using our platform, you represent that you are at least 18 years old.
If we become aware that we have collected personal data from a child under 18 without verifiable parental consent, we will delete that data as quickly as practicable. If you believe we may have collected data from a child, please contact us immediately at support@coscertified.com.
For users in the EU, this policy complies with GDPR requirements regarding children's data. For US users, this policy complies with the Children's Online Privacy Protection Act (COPPA).
CoS Certified is operated from the United States. If you are accessing our platform from outside the US, your personal data will be transferred to and processed in the United States, which may not provide the same level of data protection as your home country.
EU / UK Transfers: When transferring personal data from the EU or UK to the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the UK International Data Transfer Agreement. Our service providers who receive EU/UK personal data maintain appropriate safeguards including SCCs and data processing agreements.
Other International Transfers: For transfers from other jurisdictions with data transfer restrictions, we implement appropriate safeguards consistent with applicable local law including contractual protections with our service providers.
By using CoS Certified, you acknowledge and consent to the transfer of your data to the United States and other countries where our service providers operate, subject to the protections described in this policy.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will: update the "Last Updated" date at the top of this policy; send an email notification to enrolled students at least 30 days before the changes take effect; and display a notice on our website.
Your continued use of CoS Certified after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the updated policy, you must stop using our platform and may request account deletion.
We encourage you to review this policy periodically. You can always find the current version at coscertified.com/privacy.
Data Controller:
When The World Sees LLC d/b/a CoS Certified
Virginia, United States
Email: support@coscertified.com
Website: coscertified.com
Privacy Requests: For all privacy-related requests — including data access, deletion, correction, portability, and objection — email support@coscertified.com with the subject line "Privacy Request — [Type of Request]." We will respond within 30 days (45 days for CCPA/VCDPA requests).
EU / UK Representative: As we currently operate without a formal EU/UK establishment, EU and UK data subjects may contact us directly at support@coscertified.com for all GDPR and UK GDPR related matters. We will designate an EU representative as required when our EU processing activities reach applicable thresholds.
Security Concerns: If you believe your data has been compromised or you have identified a security vulnerability, please report it immediately to support@coscertified.com with the subject line "Security Report." We take all security reports seriously and will respond within 24 hours.