Privacy Policy
Your privacy is fundamental to how we build and operate PD World. This policy explains what data we collect, why, and how we protect it.
Encrypted at Rest & Transit
Infrastructure providers (Supabase, Vercel) encrypt data at rest and enforce TLS in transit.
No Ad Tracking
We never sell your data or use third-party advertising trackers.
Full Data Portability
Export or delete all your data at any time from account settings.
Enterprise Infrastructure
Hosted on Supabase (SOC 2 Type II certified) and Vercel with security headers.
Effective date: March 1, 2026 · Last updated: March 28, 2026
This Privacy Policy (“Policy”) describes how PD World (“we,” “us,” or “our”) collects, uses, discloses, and safeguards your personal information when you use our platform at pd-world.com and related services (collectively, the “Platform”). By accessing or using the Platform, you agree to the terms of this Policy.
01Overview
PD World is a marketplace and management platform connecting independent professional development trainers with organizations seeking training services. We process personal data across several user roles:
- Trainers — independent professionals who create profiles, market services, manage engagements, and deliver training content.
- Organizations — companies and institutions that discover, book, and manage training engagements with trainers.
- Learners — individuals who access courses, learning paths, and educational content through the platform's LMS.
- Visitors — users who browse the platform, read blog content, or access public-facing pages without an account.
This Policy applies equally to all users regardless of role. Where data practices differ by role, we call this out explicitly.
02Information We Collect
2.1 Information You Provide
- Account registration: name, email address, password (hashed), account type (trainer/organization).
- Profile information: professional bio, specialties, certifications, rates, location, profile photo, portfolio content, and social links.
- Organization details: company name, size, industry, address, and billing contact information.
- Content you create: proposals, engagement notes, training materials, blog posts, course content, quizzes, and AI-generated content.
- Communications: messages exchanged through the platform, support requests, and feedback submissions.
- Payment information: billing details processed through Stripe — we do not store full card numbers on our servers.
2.2 Information Collected Automatically
- Device and browser information: browser type, operating system, device type, and screen resolution.
- Usage data: pages visited, features used, time spent on pages, click patterns, and navigation paths.
- Log data: IP address, access timestamps, referring URLs, and error logs.
- Learning analytics: course progress, quiz scores, time spent on lessons, completion rates, and engagement metrics.
- Performance data: page load times and interaction metrics used to improve platform reliability.
2.3 Information from Third Parties
- Authentication and integrations: if you connect via Google, Zoom, or Microsoft Teams OAuth, we receive your name, email, and profile picture as needed for the integration.
- Payment processor: Stripe provides transaction status, payment method type, and billing country.
- Public directories: we may supplement trainer profiles with publicly available professional information to improve search accuracy.
03How We Use Your Information
We process your personal data for the following purposes:
3.1 Platform Operations
- Create and manage user accounts, profiles, and preferences.
- Facilitate discovery, matching, and booking between trainers and organizations.
- Process engagements, proposals, contracts, and scheduling.
- Deliver course content, track learning progress, and issue certifications.
- Process payments, generate invoices, and manage subscription billing.
3.2 Communications
- Send transactional notifications: booking confirmations, engagement updates, payment receipts.
- Deliver platform announcements and feature updates (opt-out available).
- Send newsletter content to subscribed users (opt-out available).
- Facilitate in-platform messaging between trainers and organizations.
3.3 AI-Powered Features
- Generate content suggestions, proposals, and training materials using AI models (Anthropic Claude).
- Produce engagement recaps, evaluation summaries, and coaching insights.
- Power content recommendations and search relevance.
- Your prompts and inputs to AI features are processed in real-time and are not stored by our AI providers for training purposes.
3.4 Analytics & Improvement
- Analyze usage patterns to improve platform features and user experience.
- Generate aggregated, anonymized insights about platform trends.
- Conduct A/B testing to optimize feature design and functionality.
- Monitor platform performance, uptime, and error rates.
04Legal Basis for Processing
We process your personal data under the following legal bases, as applicable under GDPR and similar frameworks:
| Legal Basis | Purpose |
|---|---|
| Contractual necessity | Account management, engagement facilitation, payment processing, service delivery |
| Legitimate interest | Platform improvement, analytics, security monitoring, fraud prevention |
| Consent | Newsletter subscriptions, optional AI features, marketing communications |
| Legal obligation | Tax reporting, regulatory compliance, law enforcement requests |
05Information Sharing
We do not sell your personal data. We share information only in the following circumstances:
5.1 With Other Platform Users
- Trainer profiles are visible to organizations for discovery and booking purposes.
- Organization details are shared with trainers during engagement workflows.
- Learner progress data is visible to course creators and assigned trainers.
- Public profile information is visible to other authenticated users.
5.2 With Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database & authentication | All platform data (encrypted) |
| Stripe | Payment processing | Billing name, email, payment method |
| Anthropic (Claude) | AI content generation | Prompt inputs (not stored for training) |
| Vercel | Hosting & CDN | Request logs, IP addresses |
| SendGrid | Transactional email | Email address, message content |
5.3 Legal & Safety Disclosures
- To comply with applicable law, regulation, or legal process.
- To protect the rights, safety, or property of PD World, our users, or the public.
- In connection with a merger, acquisition, or sale of assets (with prior notice to affected users).
06Data Security
We implement comprehensive security measures to protect your data:
Encryption
Our infrastructure providers (Supabase, Vercel) encrypt data at rest and enforce TLS for all data in transit. Passwords are hashed by Supabase Auth before storage.
Access Control
Row-level security (RLS) policies on all database tables. Role-based access control for admin functions.
Infrastructure
Hosted on Supabase (SOC 2 Type II certified) and Vercel. Security headers enforced via vercel.json (X-Frame-Options, X-Content-Type-Options, Referrer-Policy).
Route Protection
Server-side proxy middleware validates authentication on all protected routes. Dashboard and admin areas require verified sessions.
In the event of a data breach that affects your personal information, we will notify affected users and report to relevant supervisory authorities as required by applicable law.
07Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. When your account is closed, we delete or anonymize your data within a reasonable timeframe, except where retention is required by law (e.g., tax and financial records). You may request deletion of your data at any time through your account settings or by contacting us.
08Your Rights
Depending on your jurisdiction, you have the following rights regarding your personal data:
Access
Request a copy of all personal data we hold about you.
Rectification
Correct inaccurate or incomplete personal data.
Erasure
Request deletion of your personal data ("right to be forgotten").
Portability
Export your data in a machine-readable format (CSV).
Restriction
Request we limit processing of your data.
Objection
Object to processing based on legitimate interest.
Withdraw Consent
Revoke consent for optional data processing at any time.
Non-Discrimination
Exercise your rights without adverse impact on service.
Most rights can be exercised directly through your account settings. For formal requests, contact us via our contact page or email support@pd-world.com.
09Cookies & Tracking
We use cookies and browser storage strictly necessary for platform operation:
| Cookie | Type | Duration | Purpose |
|---|---|---|---|
| supabase-auth-token | Essential | Session | Authentication & session management (managed by Supabase) |
| theme (localStorage) | Functional | Persistent | Dark/light mode preference (stored in browser localStorage, not a cookie) |
No advertising or third-party tracking
We do not use Google Analytics, Facebook Pixel, or any third-party advertising or behavioral tracking cookies. We do not participate in ad networks or sell data to data brokers.
10International Transfers
Your data may be processed in countries outside your jurisdiction. Our service providers operate primarily in the United States and European Union. Where transfers occur, we ensure appropriate safeguards are in place:
- Our primary infrastructure providers — Supabase (SOC 2 Type II) and Vercel — operate data centers in the United States.
- Stripe, our payment processor, is PCI DSS Level 1 certified and maintains its own data protection standards.
- SendGrid, our email provider, processes email delivery data in the United States.
- Anthropic processes AI prompts in the United States — inputs are not stored for model training.
11Children's Privacy
PD World is designed for professional development and is not intended for children. We do not knowingly collect personal information from minors. If we learn that we have inadvertently collected data from a minor, we will promptly delete that information. If you believe a minor has provided us with personal data, please contact us at support@pd-world.com.
12Third-Party Links
The Platform may contain links to third-party websites, services, or content (e.g., trainer portfolios, external training resources). We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party service before providing personal information.
13AI & Data Practices
PD World integrates AI-powered features to enhance the platform experience. We are committed to responsible and transparent AI usage:
- AI-generated content (proposals, recaps, blog posts, training materials) is clearly labeled as AI-assisted.
- Your inputs to AI features are sent to Anthropic's Claude API for real-time processing only — they are not retained by Anthropic for model training.
- We do not use your personal data to train or fine-tune AI models.
- AI outputs are tools for your use — you retain full ownership and editorial control over all generated content.
- Automated decisions that significantly affect you (e.g., account standing) always include human review.
Our AI data commitment
We believe AI should enhance professional development without compromising privacy. Your training content, engagement data, and personal information are never used as training data for any AI model — internal or third-party.
14Policy Changes
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes:
- We will notify registered users via email before material changes take effect.
- A notice will appear on the Platform highlighting the update.
- The "Last updated" date at the top of this page will be revised.
15Contact
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
See also: Terms of Service
© 2026 PD World. All rights reserved.