Privacy Policy

Effective May 13, 2026

MyTrainingPros (“MyTrainingPros,” “we,” “us,” or “our”) provides a software platform that helps training companies schedule classes, manage students and instructors, issue certificates, post jobs, and run related operations (the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using the Service you agree to the practices described here and in our Terms of Service.

1. Information we collect

a. Information you give us

• Account information — name, email address, phone number, password (stored hashed), role (super admin, company admin, instructor, or student), and the company you belong to.
• Profile information — optional headline, bio, avatar image, address, signature, license/credential records, pay rate (for instructors), notification preferences, and calendar sync settings.
• Class and training data — classes, attendance, registrations, grades, completion status, certificate issuance, training assignments, incident reports, and uploaded forms.
• Job postings & applications — job listings, applicant name, email, phone, cover note, and resume files you upload.
• Social content — posts, comments, likes, follows, group memberships, and direct messages you create on the platform.
• Payment information — when you make or accept a payment, billing details are submitted directly to our payment processor (Stripe). We store only non-sensitive identifiers (Stripe customer / session / payment-intent IDs, amounts, and statuses); we do not store full card numbers.
• Communications — messages you send us by email or through the Service, including support requests.

b. Information we collect automatically

• Log data — IP address, browser type, pages viewed, referring URL, login attempts, and timestamps.
• Cookies & session storage — we use a session cookie (HttpOnly, SameSite) to keep you logged in. We do not use third-party advertising cookies.
• Email events — delivery, opens, and bounces reported by our email provider, recorded in an email_log for support and deliverability.

c. Information from third parties

• Stripe — payment status, subscription state, refund events, and webhook signatures.
• Calendar providers — if you opt in to calendar sync, we read iCal feeds you provide so the Service can mirror your schedule.

2. How we use information

• Operate, maintain, and secure the Service (authentication, session management, fraud prevention).
• Schedule classes, send reminders, generate completion certificates, and deliver them by email.
• Process payments, manage subscriptions, and (for tenants who connect their own Stripe account) collect class fees on their behalf.
• Power the social features you opt into (feed, messages, follows, groups, hashtags).
• Send transactional and operational emails (e.g., login alerts, due/past-due reminders, application notifications, receipts).
• Respond to support requests and enforce our Terms of Service.
• Comply with legal obligations.

3. Legal bases (EEA / UK users)

Where the GDPR or UK GDPR applies, we process personal information under one or more of these bases: performance of a contract, our legitimate interests in operating and improving the Service, your consent (which you can withdraw at any time), and compliance with legal obligations.

4. How we share information

We do not sell your personal information. We share it only as follows:

• Within your company / training organization — administrators and instructors at your company can see information necessary to run training programs (rosters, attendance, grades, certificates, license records).
• Service providers — vendors who help us run the Service under contract, including Stripe (payments), our SMTP/email provider (transactional email), and our hosting provider.
• Job applications — when you apply for a job posted on the platform, your application (including any resume you upload) is sent to the hiring company's chosen email address and to the user who posted the job.
• Legal & safety — if required by law, subpoena, or to protect rights, property, or safety of MyTrainingPros, our users, or the public.
• Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

5. How we protect information

• All traffic is served over HTTPS.
• Passwords are stored using a one-way hash; we never see your plaintext password.
• Third-party API keys (e.g., Stripe secrets, SMTP credentials) are encrypted at rest with AES-256-CBC.
• Sensitive cookies are marked HttpOnly and SameSite. Repeated failed logins lock the account temporarily.
• Direct web access is blocked to internal directories (includes/, vendor/, cron/, logs/) and PHP execution is disabled in uploads/.
• Stripe webhook signatures are verified before processing.

No system is perfectly secure, but we work to keep your information safe and to notify affected users if a breach occurs.

6. Data retention

We retain account, training, and payment records for as long as your account is active and as needed to provide the Service, comply with legal and tax obligations, resolve disputes, and enforce agreements. You can request deletion of your personal data as described below; some records (e.g., issued certificates, financial records) may be retained where law requires.

7. Your choices & rights

• Access & correction — you can view and update most of your information from Account → Profile and Account → Settings.
• Deletion — email us at admin@mytrainingpros.com to request deletion of your account and associated personal data.
• Email preferences — turn off non-essential reminders from Account → Settings → Notifications. Transactional messages (security alerts, receipts) cannot be disabled while your account is active.
• Two-factor authentication — recommended; you can enable TOTP from Account → Two-factor authentication.
• Calendar sync — you can disconnect at any time from Account → Settings → Calendar.
• Region-specific rights — if you are in the EEA, UK, California, or another jurisdiction with privacy rights, you may have additional rights (access, portability, restriction, objection, opt-out of “sale” / “sharing”). We honor those rights; contact us to exercise them.

8. Children

The Service is intended for adults age 18 and over and for training programs operated by businesses. It is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will delete it.

9. International transfers

The Service is hosted in the United States. If you access it from another country, you understand and consent to your information being processed in the U.S., which may have different data protection laws than your home country.

10. Third-party links

The Service may contain links to third-party websites (e.g., Stripe checkout, calendar providers). Their privacy practices are governed by their own policies, not this one.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email and/or a notice in the Service before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact us

Questions, requests, or complaints? Email admin@mytrainingpros.com.

By using MyTrainingPros you also agree to our Terms of Service.