Privacy Policy

1. Information We Collect

2. How We Use Your Information

• Provide and maintain the continuing education platform
• Process course enrollments and payments
• Issue and verify CE certificates
• Track course progress and completion
• Send transactional emails (enrollment confirmations, certificates, password resets)
• Respond to support requests
• Improve our courses and platform

3. Legal Basis for Processing

We process your data based on: (a) contractual necessity to provide CE services, (b) legitimate interests in improving our platform, (c) your consent where required, and (d) legal obligations including CE record retention requirements.

4. Data Sharing & Third Parties

We share data only with service providers essential to operating the platform:

• Stripe — Payment processing
• Supabase (AWS) — Database and authentication hosting
• Resend (Amazon SES) — Transactional and marketing email delivery
• Netlify — Website hosting and serverless functions

We do not sell your personal information. We do not share data with advertisers or data brokers.

5. Data Retention

6. Data Security

We protect your data with: TLS/SSL encryption in transit, row-level security in our database, rate limiting on sensitive endpoints, security headers on all pages, and multi-factor authentication on administrative accounts.

7. Your Privacy Rights

You have the right to: access your personal data, correct inaccurate data, request deletion of your data, request data portability, opt out of marketing communications, and restrict or object to certain processing.

To exercise any of these rights, contact us at support@drtroy.com.

8. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the CCPA/CPRA including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.

9. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights under GDPR including the right to lodge a complaint with a supervisory authority. Our data controller is located in Lubbock, Texas, United States.

10. Healthcare Information (HIPAA)

DrTroy CE is a continuing education platform, not a healthcare provider. We do not collect Protected Health Information (PHI) as defined by HIPAA. Course content is educational in nature and does not constitute medical records.

11. Cookies & Tracking

We use the following cookies:

• Authentication cookies (session/30 days) — maintain your login session
• Security cookies (session) — prevent cross-site request forgery
• Preference cookies (1 year) — remember your display settings
• Course progress cookies (session) — track progress during active course sessions

We do not use third-party tracking cookies, advertising cookies, or analytics services that track you across other websites.

12. Children's Privacy

Our platform is designed for licensed healthcare professionals and is not intended for individuals under 18 years of age. We do not knowingly collect data from children.

13. International Data Transfers

Your data is processed and stored in the United States. By using our platform, you consent to the transfer of your data to the United States.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the platform. Your continued use after changes constitutes acceptance.

15. Contact Us

For privacy questions or to exercise your rights:

DrTroy Continuing Education
Email: support@drtroy.com
Lubbock, Texas, United States