Privacy Policy
Effective date: June 2026
CyberLab Ghana is operated by ParoCyber, a cybersecurity education company based in Ghana. This policy explains what personal information we collect when you use CyberLab Ghana, why we collect it, and how we protect it.
We collect the minimum data necessary to provide our service. We do not sell your data, share it with advertisers, or track you across other websites.
1. What We Collect
| Data | When | Why |
|---|---|---|
| Full name | Required at registration | To personalise your dashboard and certificates |
| Email address | Required at registration | To identify your account, send confirmation emails, and issue certificates |
| Password | Required at registration | Stored as a secure hash — we cannot read your password |
| Course and lab progress | As you use the platform | To show you where you left off and to generate your completion certificates |
| Lab session timestamps | When you run a practice lab | To enforce your daily usage quota and prevent abuse of cloud resources |
2. What We Do Not Collect
- Card numbers or bank details — payments are processed by Paystack, who handle all card data securely
- Government ID, national ID, or passport information
- Biometric data
- Location data beyond what Cloudflare logs from your IP address
- Information about your activity on other websites
3. How We Use Your Information
- To create and manage your account
- To give you access to courses, labs, and practice tests you have enrolled in
- To verify your payments and record your enrollments
- To issue completion certificates with your name
- To send you transactional emails (account confirmation, enrollment receipts, renewal reminders)
- To protect the platform from fraud and abuse
We do not send marketing emails without your separate consent. Transactional emails (receipts, confirmations) are part of the service and cannot be opted out of while your account is active.
4. Who We Share Your Data With
We share your data only with the third-party services required to operate the platform:
| Data | When | Why |
|---|---|---|
| Supabase | Database and authentication | Your account data and progress are stored on Supabase servers (hosted on AWS) |
| Paystack | Payment processing | Your email is shared with Paystack to verify payments. Card data never reaches us. |
| Cloudflare | Hosting and security | All web traffic passes through Cloudflare. They log IP addresses for DDoS protection. |
| Resend | Transactional email | Your name and email are used to send confirmation and receipt emails. |
| Amazon Web Services | Practice lab infrastructure | Lab sessions run on AWS EC2 instances. No personal data is stored on lab VMs. |
We do not sell, rent, or share your data with any other parties.
5. How Long We Keep Your Data
- Account data — kept for as long as your account is active
- Payment records — kept for 7 years as required by Ghanaian financial regulations
- Certificates — kept indefinitely so your achievements remain verifiable
- Lab session logs — kept for 90 days for quota tracking, then deleted
- Cloudflare logs — retained by Cloudflare per their own policy (typically 30 days)
6. Your Rights
Under the Ghana Data Protection Act, 2012 (Act 843), you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate or incomplete data
- Deletion — ask us to delete your account and associated data (except payment records required by law)
- Objection — object to how we process your data
To exercise any of these rights, email us at privacy@parocyber.com. We will respond within 30 days.
7. Security
We apply industry-standard security practices: all data is transmitted over HTTPS, passwords are hashed and never stored in readable form, access to your data is restricted by role-based controls, and our infrastructure is protected against common attack vectors.
No system is perfectly secure. If you believe your account has been compromised, contact us immediately at security@parocyber.com.
8. Children
CyberLab Ghana is intended for users aged 16 and above. If you are under 16, please ask a parent or guardian to register on your behalf. We do not knowingly collect personal data from children under 13.
9. Changes to This Policy
If we make significant changes to this policy, we will notify registered users by email at least 14 days before the changes take effect. Continued use of the platform after that date constitutes acceptance of the updated policy.
10. Contact
For any privacy-related questions or requests: