Privacy Policy

Omni Finance Academy is the data controller for personal information collected through omnifinacademy.com and our learning applications.

Account information (name, email, password hash), payment information (processed by Stripe — we do not store card numbers), study activity (which readings, questions, and mocks you complete, your answers, and time spent), device and log data (IP address, browser, operating system, crash diagnostics), and any messages you send us.

To provide and personalise the learning platform (e.g., adaptive practice, spaced repetition), to process payments and refunds, to send transactional and (with consent) marketing emails, to detect fraud and abuse, to improve our content and product, and to comply with legal obligations.

We process personal data under one of: contract performance (delivering the service you paid for), legitimate interests (product analytics, fraud prevention), consent (marketing emails, non-essential cookies), or legal obligation (tax, accounting).

Processors that help us run the service: Stripe (payments), our cloud hosting and database providers, transactional email providers, error and analytics tooling, and AI providers powering the Socratic Tutor (prompts and responses are sent for inference; we do not allow training on your data). We do not sell personal data.

Some processors are located outside your country. Where required, we rely on Standard Contractual Clauses or equivalent safeguards to protect your data in transit and at rest.

Account and study data are kept while your account is active. After deletion we remove personal data within 30 days, except records we are legally required to retain (e.g., invoices for tax purposes, kept up to 7 years).

Depending on your region (GDPR, UK GDPR, CCPA, PIPEDA, Hong Kong PDPO, and similar), you have the right to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent. You can exercise any of these by emailing [email protected]. You can also lodge a complaint with your local data protection authority.

You can delete your account at any time from Profile → Account, or by emailing [email protected]. See our Account Deletion page for the step-by-step process and what data is removed vs retained.

Our services are intended for users aged 16 and above. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, contact [email protected] and we will delete it.

We use industry-standard encryption in transit (TLS) and at rest, hashed passwords, access controls, and regular dependency and security review. No system is perfectly secure, but we treat your data carefully.

We use essential cookies to keep you signed in and to remember preferences, and (with your consent where required) analytics cookies to improve the platform. See our Cookie Policy for the full list and how to opt out.

We sometimes link to external sites (e.g., CFA Institute, GARP). We are not responsible for their content or privacy practices.

We may update this policy. Material changes will be announced on the platform or by email. The 'Last updated' date above reflects the most recent revision.