Effective Date: July 15, 2025

This Privacy Policy outlines SSB Future Officers' commitment to protecting your personal information. We maintain the highest standards of data protection in accordance with global privacy best practices. Our policy applies to all interactions with our platform and services.

1. Our Privacy Philosophy

At SSB Future Officers, we believe privacy is fundamental to trust. As an organization dedicated to developing future military leaders, we uphold principles of transparency, security, and minimal data collection. We collect only essential information required for legitimate business purposes and maintain strict controls over its use.

2. Information Collection Scope

We maintain a minimal data collection policy. Personal information is collected only in specific circumstances:

• Institutional License Applications: Full organizational details, primary contact information, and intended usage parameters.
• Customer Support: Contact details provided when you voluntarily reach out for assistance.
• Payment Processing: Handled exclusively by certified third-party processors (Razorpay, Stripe).
• Anonymous Analytics: Non-identifiable usage data for service improvement.

Important: We do not collect personal information from general website visitors or users of our free practice modules. Our platform is designed to respect your privacy while delivering exceptional training value.

3. Purpose & Use of Information

Collected information serves specific, legitimate purposes:

• License Verification: Validating institutional credentials and authorized usage.
• Compliance Management: Ensuring adherence to licensing terms and intellectual property protection.
• Service Delivery: Providing purchased materials and support services.
• Legal Obligations: Meeting regulatory requirements and protecting against unauthorized use.
• Platform Improvement: Enhancing user experience through anonymized analytics.

We do not use personal information for marketing communications unless explicitly requested.

4. Data Security Standards

We implement enterprise-grade security measures:

• Encryption: All data transmissions use TLS 1.3 encryption.
• Access Controls: Strict role-based access with multi-factor authentication.
• Infrastructure Security: SOC 2 compliant cloud infrastructure with regular security audits.
• Data Minimization: Retention only for legally required periods.
• Incident Response: 24/7 monitoring and rapid response protocols.

While we implement robust security measures, no electronic transmission or storage method is 100% secure. We continuously update our security practices to address evolving threats.

5. Third-Party Service Providers

We engage trusted, certified partners for specific functions:

• Payment Processing: Razorpay and Stripe (PCI-DSS compliant)
• Cloud Infrastructure: AWS (ISO 27001 certified)
• Communication Platforms: Enterprise-grade email services

All third-party providers undergo rigorous security assessments and maintain data protection standards equal to or exceeding our own. We never share personal information for marketing purposes.

6. Data Retention & Deletion

We retain information only as long as necessary:

• Active Accounts: Data retained while services are active
• Legal Requirements: Retention as required by applicable laws
• License Records: Maintained for compliance verification
• Deletion Requests: Processed within 30 days of verified request

7. International Data Transfers

As a global service, data may be processed in multiple jurisdictions. All transfers comply with international data protection standards including GDPR adequacy decisions and standard contractual clauses where applicable.

8. Policy Updates & Notifications

We regularly review and update this policy to reflect evolving standards and regulations. Significant changes will be communicated via email to registered users and through platform notifications. The "Effective Date" at the top of this page indicates the last revision.

9. Your Rights & Choices

You maintain control over your information:

• Access: Request copies of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request removal of your data (subject to legal requirements)
• Restriction: Limit processing of your information
• Objection: Object to certain processing activities
• Portability: Request data transfer to another service