Information We Collect

When you use Shrktool's platform, we gather different types of information depending on how you interact with us. Let's break down what we collect and why it matters.

Account and Registration Data

When you sign up for our learning programs, we collect basic contact details: your name, email address, phone number, and mailing address. We need this information to communicate with you about course updates, send enrollment confirmations, and provide access to educational materials.

Educational Progress Information

As you work through our security courses, we track your progress—which modules you've completed, assessment scores, time spent on different topics, and areas where you might need additional support. This helps us personalize your learning experience and improve our curriculum based on what actually works for students.

Technical Usage Data

Our platform automatically collects certain technical information when you visit our site. This includes your IP address, browser type, device information, operating system details, and how you navigate through our content. We use this data to keep our platform running smoothly and to identify technical issues before they affect your experience.

Payment Information

When you enroll in paid programs, we collect payment details through secure third-party processors. We never store complete credit card numbers on our servers. Our payment partners handle the sensitive financial data according to PCI DSS standards, and we only retain transaction records for accounting purposes.

Communications You Send Us

If you reach out through our contact forms, email us directly, or participate in course forums, we keep records of those interactions. This helps us provide better support and track questions that come up frequently so we can address them in our curriculum.

How We Use Your Information

Data collection isn't much use if we don't do something meaningful with it. Here's what happens with the information you share with us.

Delivering Educational Services

The primary reason we collect your data is to provide you with quality education about operating system security. This means giving you access to course materials, tracking your progress so you can pick up where you left off, sending you relevant updates about new content, and providing technical support when something isn't working right.

Platform Improvement and Research

We analyze usage patterns to understand how students learn best. Which teaching methods lead to better retention? Where do people get stuck? What topics need more depth? We use aggregated, anonymized data to answer these questions and make our courses more effective.

Communication and Updates

We'll send you emails about your enrollment status, course updates, upcoming programs that might interest you based on what you're currently studying, and occasional security tips. You can adjust your communication preferences anytime, though some administrative emails are necessary for us to provide the service.

Legal Compliance and Security

Sometimes we need to use your information to comply with legal requirements, enforce our terms of service, or protect against fraudulent activity. We take security incidents seriously and may need to investigate unusual account activity to keep everyone's data safe.

Information Sharing and Disclosure

We're selective about who gets access to your data. Here's the complete picture of when and why we share information.

Service Providers

We work with third-party companies that help us run our platform—email delivery services, payment processors, cloud hosting providers, and analytics tools. These partners only get access to the data they need to perform their specific functions, and they're contractually obligated to protect your information.

• Cloud infrastructure providers that host our educational content
• Email service providers that deliver course notifications and updates
• Payment processors that handle financial transactions securely
• Analytics platforms that help us understand how students use our site
• Customer support tools that help us respond to your questions efficiently

Legal Requirements

We may disclose your information if required by law, such as responding to a valid subpoena or court order. We'll notify you about such requests unless we're legally prohibited from doing so. We also reserve the right to share information when we believe it's necessary to prevent fraud or protect someone's safety.

Business Transfers

If Shrktool is acquired by another company or merges with another organization, your information would likely be transferred as part of that transaction. We'd notify you before your data becomes subject to a different privacy policy.

Aggregated Data

We occasionally share aggregated statistics about our users with partners or the public—things like "75% of students complete Module 3 within two weeks." This data is anonymized and can't be traced back to individual users.

Data Storage and Security

Protecting your information is a top priority, especially since we're teaching people about security. We practice what we preach.

Where Your Data Lives

We store data on secure servers located in the United States. These facilities employ physical security measures, environmental controls, and multiple layers of network security. Our hosting providers maintain SOC 2 Type II compliance and undergo regular security audits.

Security Measures We Implement

All data transmitted between your device and our servers is encrypted using TLS 1.3 or higher. Sensitive information in our databases is encrypted at rest. We use secure password hashing algorithms, implement multi-factor authentication for administrative access, and regularly update our systems to patch security vulnerabilities.

• Transport layer encryption for all data in transit
• Database encryption for sensitive information at rest
• Regular security audits and penetration testing
• Access controls limiting who can view personal data
• Automated monitoring for suspicious activity
• Incident response procedures for potential breaches

Employee Access

Only employees who need access to personal data to do their jobs can view it. Our team members receive training on data protection practices and sign confidentiality agreements. We maintain detailed logs of who accesses what data and when.

Data Retention

We don't keep your information forever. Here's how long we retain different types of data and why.

Active Account Data

While your account is active, we retain all the information needed to provide our services—your profile, course progress, and communication history. This allows you to take breaks and come back to your studies without losing your place.

After Account Closure

When you close your account, we delete or anonymize most personal information within 90 days. However, we keep some records longer for legitimate business reasons:

• Financial records for tax and accounting purposes (7 years)
• Communications related to disputes or legal matters (duration of the issue plus applicable statute of limitations)
• Anonymized learning analytics that can't be traced back to you (indefinitely for research purposes)
• Basic transaction history to prevent fraud (3 years)

Backup Systems

Our backup systems may retain copies of deleted data for up to 90 additional days. These backups exist solely for disaster recovery purposes and aren't actively used or accessible for normal operations.

Your Privacy Rights

You have significant control over your personal information. Here's what you can do and how to do it.

Access Your Data

You can request a copy of all personal information we hold about you. We'll provide this in a structured, commonly used format (usually JSON or CSV) within 30 days of your request. You can make this request by emailing contact@shrktool.com with "Data Access Request" in the subject line.

Correct Inaccurate Information

If any of your personal data is incorrect or incomplete, you can update most of it directly through your account settings. For information you can't change yourself, contact us and we'll make the corrections within 10 business days.

Delete Your Data

You have the right to request deletion of your personal information. We'll process deletion requests within 30 days, subject to legal requirements that might require us to retain certain records. After deletion, you won't be able to access any paid courses or retrieve your learning progress.

Opt Out of Communications

You can unsubscribe from marketing emails using the link at the bottom of any promotional message. This won't affect essential service communications like enrollment confirmations or security alerts about your account.

Data Portability

You can request your data in a portable format that can be transferred to another service. This includes your profile information, course progress, and any content you've created on our platform.

California Privacy Rights

If you're a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). You can request information about what personal data we've collected, disclosed, or sold in the past 12 months. You can also request deletion of your data and opt out of any sale of personal information (though we don't sell personal data).

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to function properly and provide you with a better experience. Let's explain what these are and how you can control them.

Essential Cookies

These cookies are necessary for our website to work. They enable core functionality like security, account access, and remembering your preferences. You can't opt out of these without breaking the site's basic functions.

Analytics Cookies

We use analytics tools to understand how people use our site—which pages they visit, how long they stay, and where they encounter problems. This helps us improve the platform. These cookies collect anonymized data that can't identify you personally.

Functional Cookies

These remember your preferences and choices—things like your preferred language, text size, or whether you've watched our intro video. They make your experience more personalized without collecting sensitive information.

Managing Your Cookie Preferences

Most browsers let you control cookies through their settings. You can block all cookies, delete existing ones, or set preferences for different types. Keep in mind that blocking essential cookies will prevent you from using key features of our platform.

Third-Party Links and Services

Our educational content sometimes links to external resources, tools, or documentation. When you click these links, you're leaving our site and entering areas governed by other privacy policies.

We're not responsible for the privacy practices of external websites, even if we link to them as educational resources. Before providing personal information to any third-party site, review their privacy policy to understand how they handle data.

Some of our courses use third-party tools for hands-on practice—virtual lab environments, security testing platforms, or collaboration tools. These services have their own privacy policies and data handling practices. We try to partner with providers who maintain strong privacy standards, but you should review their policies independently.

Children's Privacy

Our platform is designed for adults pursuing professional education in operating system security. We don't knowingly collect personal information from anyone under 18 years old.

If you're under 18, please don't create an account or submit any personal information through our site. If we discover we've inadvertently collected data from someone under 18, we'll delete it promptly.

Parents or guardians who believe their child has provided us with personal information should contact us immediately at contact@shrktool.com.

International Data Transfers

Our servers are located in the United States, which means information collected from users in other countries is transferred to and stored in the U.S. Data protection laws in the United States may differ from those in your country.

By using our services, you understand and consent to the transfer of your information to the United States. We implement appropriate safeguards to protect your data during international transfers and ensure it receives adequate protection regardless of where it's processed.

For users in the European Economic Area, we rely on approved data transfer mechanisms and ensure our service providers comply with applicable data protection requirements.

Changes to This Privacy Policy

We update this privacy policy periodically to reflect changes in our practices, legal requirements, or new features we introduce. When we make significant changes, we'll notify you through email or a prominent notice on our website at least 30 days before the changes take effect.

The "Last Updated" date at the top of this policy indicates when we last revised it. We encourage you to review this policy periodically to stay informed about how we protect your information.

If you continue using our services after changes take effect, that indicates your acceptance of the updated policy. If you disagree with changes, you can close your account before they go into effect.

How We Handle Data Breaches

Despite our security measures, no system is completely immune to breaches. Here's what happens if we detect unauthorized access to your personal information.

We have incident response procedures in place to identify, contain, and investigate security incidents quickly. If we discover a breach that affects your personal data, we'll notify you within 72 hours of becoming aware of the incident.

Our notification will explain what happened, what data was affected, what we're doing to address the situation, and what steps you should take to protect yourself. We'll also report the breach to relevant authorities as required by law.