Privacy Notice
This notice explains what personal information Nimbus Forge Academy collects from learners, prospective learners, and the people who book private engagements with us, why we collect it, and what choices you have.
1. What information we collect
When you enquire about a course we collect the contact details you give us, the messages you send, and basic technical information about your visit (such as device type and the page you arrived from).
When you enrol in a cohort we additionally collect your full name, billing details, and the messages you exchange with mentors and the Student Success team during the programme.
When you participate in a private engagement we collect the materials your team submits for review along with the discussion notes and written critique we produce. These are treated with stricter confidentiality than ordinary cohort materials.
2. Service providers we use
We use a small number of established processors to operate the studio: an email hosting provider, a cohort scheduling tool, a video meeting platform for live sessions, a payments processor for tuition, and a cloud sandbox provider for the lab environments.
We do not sell or rent personal information to anyone. The processors we use are bound by data protection terms that match the standards of the Personal Information Protection Act of Korea.
A current list of named processors is available on request to [email protected].
3. How we use your information
We use your information to run the courses and engagements you have signed up for, including communicating about schedules, handling payments and refunds, and producing your written feedback or critique.
We use a small amount of aggregated information to understand how the website is performing and which courses are attracting interest. This analysis is done in aggregate; we do not profile individual visitors.
We do not use your information for unrelated marketing without an explicit opt-in. The cohort newsletter is the only marketing channel we run, and you can unsubscribe from any email it sends.
4. How to contact us about your information
For any question about how we handle your information write to [email protected] with the subject line “Privacy request”. We aim to respond within five working days.
You can also write to our postal address in Seoul. The Student Success Manager handles privacy correspondence in the first instance.
If you are not satisfied with our response you have the right to complain to the Personal Information Protection Commission (PIPC) of Korea.
5. How long we keep your information
Enquiry information that does not become an enrolment is kept for up to 12 months and then deleted from our active systems.
Enrolment records — including your name, course, mentor notes, and final feedback — are kept for five years to support tax, audit, and continuity-of-care obligations.
Private engagement materials are kept for the duration of the engagement and then deleted on the schedule agreed in the statement of work, typically within 90 days of completion.
6. Scope of this notice
This notice covers the website fizeromoe.digital, our enrolment and learning systems, and the email and scheduling tools we use to communicate with you.
It does not cover external websites we link to. When you follow a link to a third-party site that site’s own privacy notice applies.
It does not cover materials you publish in your own workplace using what you learned with us. That is your organisation’s data, not ours.
7. Your rights
Under the Personal Information Protection Act you can request access to the personal information we hold about you, ask us to correct anything inaccurate, request deletion where we no longer need it, and ask us to stop processing in certain circumstances.
For deletion requests we will explain in writing where we are required to keep some information for tax, audit, or legal reasons, and we will tell you for how long.
You can withdraw consent for the cohort newsletter at any time without affecting any other use of your information.
8. Security and storage
Information we hold is stored on systems hosted within the Republic of Korea by reputable cloud providers. Access is restricted to staff who need it to do their job, with multi-factor authentication required for all internal tools.
We review access permissions every quarter and we run a small internal incident response checklist for any suspected data exposure. We are committed to notifying affected learners within 72 hours of confirming a notifiable incident.
No system is perfectly secure, and we ask that you also help us by keeping your account credentials safe and reporting any suspicious activity to [email protected].