Privacy Policy

Last Updated: February 5, 2026

1. INTRODUCTION

Welcome to Sidenum ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our career development platform and AI-powered learning services (the "Service").

Important: By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

This policy complies with GDPR, CCPA, Ukrainian law, and other applicable data protection regulations.

2. INFORMATION WE COLLECT

2.1 Information You Provide to Us

Account Information:

  • Email address (required for registration)
  • Username
  • Password (encrypted and never stored in plain text)
  • Full name
  • Role type (Student, Teacher, Employer, or Admin)

Profile Information:

  • Biography
  • Avatar/profile photo URL
  • Location and country
  • Preferred language (English, Ukrainian, Polish, Spanish, German)
  • Teacher-specific data (specialization, experience years, rank, certifications)
  • Employer-specific data (company affiliation, admin rights)

Career and Learning Data:

  • Professional goals and desired career paths
  • Current experience level
  • Selected specializations and industries
  • Competency self-assessments
  • Learning history and progress
  • Simulation results and performance analytics
  • Exam scores and test results
  • Course enrollments and completion status

LinkedIn Integration (Optional):

  • LinkedIn user ID
  • LinkedIn profile name
  • LinkedIn profile photo URL
  • LinkedIn public profile URL

Company Information (For Enterprise Users):

  • Company name, industry, size, and description
  • Organizational structure (departments, regions, countries)
  • Team member assignments and roles
  • Job vacancy postings
  • Candidate evaluations and recruitment data

Communications:

  • Support messages and chat history
  • Feedback and survey responses
  • Email correspondence with our team

2.2 Information Collected Automatically

Usage Data:

  • Browser type and version
  • Operating system
  • IP address
  • Pages visited and features used
  • Time spent on pages
  • Referral sources
  • Device identifiers

Cookies and Tracking Technologies:

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

Session Data:

  • Authentication tokens
  • Login/logout timestamps
  • Session duration

2.3 Information from Third-Party Services

Payment Processing (Paddle):

  • Payment transaction data is processed by our payment provider Paddle.com
  • We do not store your full credit card details
  • We receive confirmation of successful payments and billing information

AI Service Providers:

  • We use third-party AI services to generate personalized roadmaps, questionnaires, and simulations
  • Your career data and learning preferences may be processed by our AI service providers for content generation
  • These providers process data according to their respective privacy policies
  • We do not share personally identifiable information beyond what is necessary for AI generation

Email Services:

  • We use email service providers (Gmail SMTP/SendGrid) to send verification emails, notifications, and updates

Storage Services:

  • Media files may be stored on AWS S3 or Supabase Storage
  • These providers have their own security and privacy measures

3. HOW WE USE YOUR INFORMATION

We use collected information for the following purposes:

3.1 Service Delivery:

  • Create and manage your account
  • Generate personalized learning roadmaps and career paths using AI
  • Provide simulations, exams, and interactive learning experiences
  • Track your learning progress and achievements
  • Enable teacher-student and employer-candidate interactions
  • Process payments through Paddle

3.2 Communication:

  • Send email verification links
  • Notify you about account activities
  • Send learning progress updates
  • Respond to support inquiries
  • Send important service announcements

3.3 Personalization:

  • Customize content based on your language and country preferences
  • Recommend relevant courses, simulations, and career paths
  • Adapt AI-generated content to your experience level
  • Display content in your preferred language

3.4 Platform Improvement:

  • Analyze usage patterns to improve features
  • Monitor and prevent technical issues
  • Conduct research and development
  • Test new features and functionality

3.5 Security and Compliance:

  • Verify your identity
  • Detect and prevent fraud or abuse
  • Enforce our Terms and Conditions
  • Comply with legal obligations

3.6 Business Operations (For Enterprise Features):

  • Enable company account management
  • Facilitate team collaboration
  • Support recruitment and candidate evaluation
  • Generate analytics and reports for company administrators

3.7 AI-Powered Features:

We use artificial intelligence to enhance your learning experience:

  • Generate personalized learning roadmaps based on your goals and experience
  • Create adaptive questionnaires tailored to your profession
  • Provide skill assessments and competency recommendations
  • Generate interactive simulations and scenarios

Important Information About AI:

  • AI provides recommendations and suggestions, not binding decisions
  • You have the right to request human review of any AI-generated content
  • You can correct inaccurate AI assessments through your profile
  • Our AI systems are designed to avoid bias, but may not be perfect
  • AI service providers process your data solely for service delivery and do not use it to train their models

To request human review: symonenko.m@sidenum.com

4. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers:

We share your information with trusted third-party service providers who assist us in operating our platform. We have Data Processing Agreements (DPAs) with all processors to ensure compliance with GDPR and applicable data protection laws.

  • Paddle.com - Payment processing (Merchant of Record)
  • AI Service Providers - AI-powered roadmap and content generation (data used only for service delivery, not for training AI models)
  • AWS/Supabase - File storage and hosting
  • Email providers - Transactional emails (Gmail SMTP/SendGrid)
  • Redis/Celery - Background task processing and caching

A complete list of our data sub-processors is available upon request by contacting symonenko.m@sidenum.com.

4.2 Public Profile Features (Optional):

  • If you enable "Public Profile," employers can view your profile in candidate search
  • Your public achievements portfolio can be shared via unique URL
  • LinkedIn integration data (if connected) may be displayed on your public portfolio

4.3 Company Administrators (Enterprise Features):

  • If you are affiliated with a company, company administrators may view your learning progress, test results, and performance data
  • Regional owners and recruiters may access data relevant to their organizational scope

4.4 Legal Requirements:

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies).

4.5 Business Transfers:

If we are involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your information is transferred and becomes subject to a different Privacy Policy.

5. DATA RETENTION

We retain your personal information only as long as necessary for the purposes outlined in this Privacy Policy:

  • Active Accounts: We retain your information as long as your account is active or as needed to provide you services
  • Closed Accounts: After account deletion, we may retain certain information for legal compliance, fraud prevention, and legitimate business purposes
  • Learning Data: Progress, roadmaps, and simulation results are retained to maintain your learning history (as long as account is active)
  • Financial Records: Payment and billing information retained for 7 years to comply with tax and accounting regulations
  • Support Communications: Support tickets and correspondence retained for 3 years for quality assurance and legal purposes
  • Backup Systems: Data in backup systems may persist for up to 90 days after deletion from production systems
  • Legal Holds: If involved in litigation or legal investigation, data may be retained longer as required by law

You may request deletion of your account and data at any time by contacting us at symonenko.m@sidenum.com. We will process your request within 30 days, subject to legal retention requirements.

6. DATA SECURITY

We implement appropriate technical and organizational security measures to protect your personal information:

  • Encryption: Passwords are hashed using industry-standard algorithms (bcrypt/Argon2)
  • HTTPS: All data transmission is encrypted via SSL/TLS (TLS 1.2+)
  • Authentication: Token-based authentication system with secure session management
  • Access Controls: Role-based access control (RBAC) limits data access to authorized personnel only
  • Regular Audits: We conduct security reviews, vulnerability assessments, and penetration testing
  • Data Minimization: We collect only the data necessary for service delivery
  • Secure Storage: All databases are encrypted at rest
  • Employee Training: Our team is trained on data protection and security best practices

Data Breach Notification:

In the event of a data breach that affects your personal information, we will:

  • Notify you within 72 hours of discovering the breach (as required by GDPR and applicable laws)
  • Inform you about the nature of the breach, the data affected, and potential consequences
  • Describe the measures we have taken to address the breach and prevent future incidents
  • Notify relevant data protection authorities as required by law
  • Provide guidance on steps you can take to protect yourself

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

7. YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights:

7.1 Access and Portability:

  • Request access to your personal information
  • Receive a copy of your data in a portable format

7.2 Correction:

  • Update or correct inaccurate information
  • Complete incomplete information

7.3 Deletion:

  • Request deletion of your account and personal data
  • Note: Some data may be retained for legal compliance

7.4 Objection and Restriction:

  • Object to certain processing of your information
  • Request restriction of processing under certain circumstances

7.5 Withdraw Consent:

  • Withdraw consent for data processing where consent was the legal basis

7.6 Opt-Out:

  • Unsubscribe from marketing emails (transactional emails will still be sent)
  • Disable cookies via browser settings

7.7 Right to Human Review:

  • Right to challenge automated decisions made by AI systems (GDPR Article 22)
  • Right to request human review of AI-generated content (roadmaps, assessments, recommendations)
  • Right to not be subject to decisions based solely on automated processing that significantly affect you

To exercise these rights, please contact us at symonenko.m@sidenum.com. We will respond to your request within 30 days (45 days for US residents).

8. CHILDREN'S PRIVACY

Our Service is not intended for children under 16 years of age (under 13 in the United States per COPPA - Children's Online Privacy Protection Act).

Age Verification:

  • Users must confirm they are at least 16 years old (or 13 in the US with parental consent) during registration
  • We rely on user self-declaration for age verification
  • We do not knowingly collect personal information from children below the minimum age

If We Discover Child Data:

If you are a parent or guardian and believe your child has provided us with personal information without your consent:

  • Contact us immediately at symonenko.m@sidenum.com
  • We will delete such information within 30 days
  • We will terminate the child's account

Parental Rights:

Parents or guardians may request to:

  • Review information collected from their child
  • Request deletion of their child's information
  • Refuse further collection of their child's information

9. INTERNATIONAL DATA TRANSFERS

We are based in Ukraine. Your information may be transferred to and processed in countries other than your country of residence, including:

  • United States: AI service providers, AWS S3 services
  • European Union: Some hosting and backup services
  • United Kingdom: Paddle payment processing

Legal Safeguards for International Transfers:

We ensure that international data transfers comply with applicable data protection laws through:

  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses for transfers from the EU/EEA to countries without adequacy decisions
  • Data Processing Agreements: All third-party processors have signed DPAs ensuring GDPR compliance
  • Transfer Impact Assessments: We conduct assessments to ensure adequate protection in destination countries
  • Schrems II Compliance: We have implemented supplementary measures following the invalidation of Privacy Shield

For US Residents:

Your data may be stored and processed in Ukraine and other countries. Please be aware that:

  • Data stored outside the US may have different legal protections
  • Under the US CLOUD Act, US-based service providers may be required to disclose data to US authorities
  • We comply with all applicable international data transfer requirements and implement security measures to protect your data

For EU/EEA Residents:

Transfers to countries outside the EU/EEA (including Ukraine and the United States) are conducted using appropriate safeguards as required by GDPR Article 46.

10. THIRD-PARTY LINKS

Our Service may contain links to third-party websites, services, or applications that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Key Third-Party Services:

  • Paddle.com - Payment processing (see their Privacy Policy)
  • AI Service Providers - AI-powered content generation
  • LinkedIn - Social login (see LinkedIn Privacy Policy)

11. COOKIES POLICY

What are cookies?

Cookies are small text files stored on your device that help us provide and improve our Service.

Types of cookies we use:

Cookie Type Purpose Duration
Essential Cookies Authentication, session management Session/24h
Functional Cookies Language preferences, UI settings 1 year
Analytics Cookies Usage statistics, performance monitoring 1 year
Third-Party Cookies Payment processing, LinkedIn integration Varies

Managing cookies:

You can configure your browser to refuse cookies or alert you when cookies are being sent. However, some parts of our Service may not function properly without cookies.

Cookie Consent:

  • Upon your first visit to our Service, we display a cookie consent banner
  • You can accept or reject non-essential cookies (functional, analytics, third-party)
  • Essential cookies necessary for authentication and security are always enabled
  • You can change your cookie preferences at any time through your browser settings or by contacting us

We do not use cookies for cross-site tracking or targeted advertising.

12. US STATE PRIVACY RIGHTS

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Florida, Texas, Oregon, Montana, or other US states with comprehensive privacy laws, you have the following rights:

12.1 Your Rights:

  • Right to Know: Access categories and specific pieces of personal information we collect about you
  • Right to Delete: Request deletion of your personal information (subject to legal exceptions)
  • Right to Correct: Update or correct inaccurate personal information
  • Right to Data Portability: Receive a copy of your personal information in a portable, machine-readable format
  • Right to Opt-Out: Opt-out of sale or sharing of personal information (Note: We do not sell or share your personal information for advertising purposes)
  • Right to Opt-Out of Automated Decision-Making: Opt-out of decisions based solely on automated processing (where applicable)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

12.2 California-Specific Rights (CCPA/CPRA):

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to limit use of sensitive personal information
  • Right to know what personal information is sold or shared
  • Enhanced opt-out rights for minors under 16

12.3 How to Exercise Your Rights:

To exercise these rights:

  1. Email us at symonenko.m@sidenum.com with subject line "[State] Privacy Request" (e.g., "California Privacy Request" or "Virginia Privacy Request")
  2. Include your full name, email address, and state of residence
  3. Specify which right(s) you wish to exercise

Response Timeline:

  • We will acknowledge your request within 10 business days
  • We will respond substantively within 45 days (may extend to 90 days for complex requests with notice)
  • We may request additional information to verify your identity

Authorized Agents:
You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

13. GDPR COMPLIANCE (European Users)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and UK GDPR:

Legal Basis for Processing:

  • Consent: For optional features like LinkedIn integration, public profile, cookie preferences
  • Contract Performance: To provide our Service (account management, roadmap generation, learning progress tracking)
  • Legitimate Interests: To improve and secure our platform, prevent fraud, conduct analytics
  • Legal Obligations: To comply with applicable laws (tax records, legal requests)

Your GDPR Rights:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing (including profiling and automated decision-making)
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

Automated Decision-Making:

We use AI for personalized recommendations, but not for decisions that produce legal or similarly significant effects. You have the right to:

  • Request human intervention
  • Express your point of view
  • Contest the decision

Data Protection Officer:
For GDPR-related inquiries, contact: symonenko.m@sidenum.com

Supervisory Authority:
You have the right to lodge a complaint with your local data protection authority. For EEA residents, find your authority at: https://edpb.europa.eu/about-edpb/board/members_en

14. UKRAINIAN PRIVACY LAW COMPLIANCE

As a company based in Ukraine, we comply with the Law of Ukraine "On Personal Data Protection" (2010) and regulations of the Ukrainian Parliament Commissioner for Human Rights.

Your Rights Under Ukrainian Law:

  • Right to know what personal data is being processed
  • Right to access your personal data
  • Right to correction of inaccurate data
  • Right to deletion of data processed unlawfully
  • Right to object to data processing
  • Right to withdraw consent

Data Processing Principles:

We process personal data in accordance with Ukrainian law principles:

  • Lawfulness and fairness
  • Processing for specified, explicit, and legitimate purposes
  • Data minimization
  • Accuracy and up-to-dateness
  • Storage limitation
  • Integrity and confidentiality

Ukrainian Data Protection Authority:

For questions about your rights under Ukrainian law or to file a complaint:

  • Уповноважений Верховної Ради України з прав людини (Ukrainian Parliament Commissioner for Human Rights)
  • Website: www.ombudsman.gov.ua
  • Our contact for Ukrainian privacy matters: symonenko.m@sidenum.com

Cross-Border Transfers:
We ensure that transfers of personal data outside Ukraine comply with Ukrainian law requirements and provide adequate protection.

15. AUTOMATED DECISION-MAKING AND AI TRANSPARENCY

How We Use Automated Systems:

We use artificial intelligence and automated systems to:

  • Generate personalized learning roadmaps
  • Create adaptive questionnaires
  • Assess competencies and skill levels
  • Recommend courses and learning paths
  • Match candidates with job vacancies (for employers)

Your Rights Regarding Automated Decisions:

Under GDPR Article 22 and similar provisions in other laws, you have the right to:

  • Not be subject to automated decisions that produce legal or similarly significant effects without human involvement
  • Request human review of any automated decision
  • Challenge automated assessments or recommendations
  • Receive an explanation of how automated decisions are made

How Our AI Works:

Our AI systems:

  • Analyze your profile, goals, and assessment responses
  • Use pattern matching and machine learning models to generate recommendations
  • Do not make binding decisions about your education or employment
  • Provide suggestions that you are free to accept, modify, or reject

Important: All AI-generated content (roadmaps, assessments, recommendations) is advisory only. You retain full control over your learning path and career decisions.

To Request Human Review:

If you believe an AI-generated recommendation is inaccurate or wish to challenge an automated assessment, contact symonenko.m@sidenum.com with:

  • Your account email
  • The specific content you wish to review
  • Your concerns or corrections

We will respond within 15 business days with a human-reviewed assessment.

16. CHANGES TO THIS PRIVACY POLICY

We may update our Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date at the top
  • Sending an email notification for significant changes (if you have opted in)

You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.

17. YOUR CONSENT

By using the Sidenum Service, you consent to:

Mandatory Processing (Required for Service):

  • Collection and processing of account information for registration and authentication
  • Processing of learning data to provide personalized roadmaps and track progress
  • Use of cookies necessary for security and authentication
  • Processing of payment information by our payment processor (Paddle)

Optional Processing (Requires Separate Consent):

  • LinkedIn integration for social login and profile enhancement
  • Public profile visibility for employer candidate search
  • Non-essential cookies (analytics, functional)
  • Marketing communications (we do not currently send marketing emails)

International Data Transfers:

You consent to the transfer of your data to countries outside your country of residence, including Ukraine, United States, and European Union, with appropriate safeguards in place.

AI-Powered Features:

You consent to the use of AI services to generate personalized content, with the understanding that:

  • AI provides recommendations, not binding decisions
  • You can request human review at any time
  • You can correct inaccurate AI-generated content

Withdrawal of Consent:

You may withdraw your consent at any time by:

  • Adjusting your account settings
  • Contacting us at symonenko.m@sidenum.com
  • Deleting your account

Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

18. CONTACT US

If you have any questions about this Privacy Policy, please contact us:

General Inquiries:

Email: symonenko.m@sidenum.com

Website: https://sidenum.com

Address: Ukraine

Specific Privacy Requests:

  • GDPR inquiries (EU/EEA): symonenko.m@sidenum.com (subject: "GDPR Request")
  • CCPA/US State Privacy requests: symonenko.m@sidenum.com (subject: "[State] Privacy Request")
  • Ukrainian privacy matters: symonenko.m@sidenum.com (subject: "Ukraine Privacy Request")
  • Data breach reports: symonenko.m@sidenum.com (subject: "Security Concern")
  • AI/Automated decision review: symonenko.m@sidenum.com (subject: "AI Review Request")

Response Times:

  • General inquiries: 5 business days
  • Privacy rights requests: 30 days (45 days for US state requests)
  • Data breach notifications: Within 72 hours of discovery
  • AI review requests: 15 business days

Data Protection Officer:
For matters requiring escalation or formal GDPR inquiries: symonenko.m@sidenum.com

19. ACKNOWLEDGMENT

By using the Sidenum Service, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Effective Date: February 5, 2026