Privacy Policy
Last updated: April 8, 2026
1. Introduction
At Digital Edge Consulting LLC (hereinafter, "we", "our" or "the Company"), operator of the online educational platform programando.io (hereinafter, "the Platform"), we are firmly committed to protecting the privacy and personal data of all our users.
This Privacy Policy aims to inform clearly, completely and transparently about how we collect, use, store, share and protect the personal data that users provide to us through the Platform, as well as the rights they have in relation to the processing of such data.
This policy has been prepared in compliance with the European Union General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter "GDPR"), the California Consumer Privacy Act (hereinafter "CCPA"), and other applicable legislation on the protection of personal data.
By accessing and using the Platform, the user accepts the data processing practices described in this Privacy Policy. If you do not agree with any of the provisions contained herein, we ask that you refrain from using our services.
2. Data controller
The controller of the personal data collected through the Platform is:
- Legal name: Digital Edge Consulting LLC
- Address: Albuquerque, New Mexico, United States of America
- Email: [email protected]
- Website: programando.io
For any question related to the processing of your personal data or the exercise of your rights, you may contact us through the email indicated above. We undertake to address your request in the shortest possible time and, in any case, within the legally established deadlines.
3. Personal data we collect
In the course of providing our educational services, we collect and process the following categories of personal data:
3.1. Data provided directly by the user
- Registration data: full name, email address, country of residence, password (stored encrypted), preferred language and, optionally, profile picture.
- Billing data: cardholder name or payment method, billing address, and payment data processed by our payment service provider (Stripe). Under no circumstances do we directly store complete credit or debit card data on our servers.
- Communication data: the content of messages, queries or requests that the user sends us via email, contact forms or the support system.
- Community participation data: forum messages, course comments, shared projects and any other content that the user voluntarily posts in the community areas of the Platform.
3.2. Data collected automatically
- Platform usage data: courses started and completed, lessons viewed, exercises done, scores obtained, study time, overall progress, certificates issued and use of the integrated code editor.
- Technical data: IP address, browser type and version, operating system, screen resolution, device identifiers, pages visited, time spent on each page, referring URL, date and time of access.
- Cookie and similar technology data: information collected through cookies, pixel tags, web beacons and other tracking technologies, as described in section 10 of this policy.
4. Purposes of processing
The personal data collected is processed for the following purposes:
- Provision of the educational service: managing the user account, providing access to the contracted courses and content, tracking learning progress, issuing completion certificates and offering personalized features such as course recommendations based on the user's interests and progress.
- Payment and billing management: processing subscription payments, managing automatic renewals, issuing and sending electronic invoices, and handling refund requests.
- Communication with the user: responding to queries, requests and complaints; sending service-related notifications, such as course reminders, content updates, changes to the terms of service or security notices.
- Platform improvement: analyzing use of the Platform to identify areas for improvement, optimize the user experience, develop new features, and carry out testing and statistical analysis.
- Analytics and statistics: preparing aggregated and anonymized statistical reports on Platform usage, learning trends, and the effectiveness of the educational content.
- Marketing and commercial communications: sending information about new courses, offers, promotions and Platform news, only when the user has given express consent to do so. The user may withdraw their consent at any time through the unsubscribe link included in each communication.
- Security and fraud prevention: detecting and preventing fraudulent activities, unauthorized use, cyberattacks and other threats to the security of the Platform and user data.
- Legal compliance: complying with applicable legal, tax and regulatory obligations, as well as responding to requests from competent authorities.
5. Legal basis for processing
The processing of personal data is based on the following legal bases, in accordance with Article 6 of the GDPR:
- Performance of a contract (Art. 6.1.b GDPR): processing is necessary for the performance of the educational services contract entered into when registering on the Platform and accepting the Terms & Conditions, including account management, provision of access to courses, payment processing and the issuance of certificates.
- Consent of the data subject (Art. 6.1.a GDPR): for sending commercial and marketing communications, as well as for the installation of non-essential cookies (analytics and marketing), processing is based on the user's free, specific, informed and unambiguous consent, which may be withdrawn at any time.
- Legitimate interest of the controller (Art. 6.1.f GDPR): certain processing is based on the legitimate interest of Digital Edge Consulting LLC, such as improving the Platform and user experience, conducting internal statistical analysis, preventing fraud and ensuring IT security. In all cases, we have carried out the corresponding balancing of interests to ensure that our legitimate interest does not override the fundamental rights and freedoms of users.
- Compliance with a legal obligation (Art. 6.1.c GDPR): processing is necessary to comply with legal obligations to which the Company is subject, such as the retention of billing data in accordance with applicable tax regulations.
6. Retention periods
Personal data will be retained for the time strictly necessary to fulfill the purposes for which it was collected, and in any case according to the following criteria:
| Data category | Retention period |
|---|---|
| User account data (name, email, profile) | While the account remains active, and up to 3 years after its cancellation or deletion |
| Learning progress data and certificates | While the account remains active, and up to 3 years after its cancellation |
| Billing data and payment transactions | 5 years from the transaction date, in accordance with applicable tax and accounting obligations |
| Communications and support data | 2 years from the last communication |
| Usage and analytics data | 26 months from collection, after which it is irreversibly anonymized |
| Marketing data (consent) | Until the user withdraws consent |
Once the indicated periods have elapsed, the data will be securely deleted or irreversibly anonymized for exclusive use for statistical purposes. Likewise, the data may be retained for additional periods when necessary to comply with legal obligations or for the formulation, exercise or defense of claims.
7. Recipients and data processors
For the proper provision of our services, your personal data may be disclosed to the following recipients or categories of recipients, acting as data processors:
- Payment processor (Stripe, Inc.): payment and billing data is processed by Stripe, which acts as a data processor in accordance with the PCI DSS (Payment Card Industry Data Security Standard) security standards. You can consult Stripe's privacy policy at stripe.com/privacy.
- Hosting provider (EscalateFlow): the Platform is hosted on EscalateFlow's infrastructure, which provides hosting, storage and content distribution services. EscalateFlow acts as a data processor and complies with appropriate technical and organizational security measures.
- Email marketing services: to manage the sending of commercial communications and newsletters, we use email marketing providers that act as data processors. We only share the data strictly necessary (name and email address) to perform this service.
- Analytics services: we use web analytics tools to understand how users interact with the Platform. The data collected by these tools is used in an aggregated and, as far as possible, anonymized manner.
All the data processors we work with have been carefully selected and offer sufficient guarantees to apply appropriate technical and organizational measures so that processing complies with the requirements of the GDPR and ensures the protection of data subjects' rights. Formal Data Processing Agreements are in place with each of them.
We do not sell, rent or transfer our users' personal data to third parties for their own commercial purposes. We only share personal data in the cases described above or when required by law, court order or request from a competent authority.
8. International data transfers
Since Digital Edge Consulting LLC is headquartered in Albuquerque, New Mexico, United States of America, users' personal data may be transferred to and processed in U.S. territory. Likewise, some of our service providers may process data in other countries outside the European Economic Area (EEA).
For users residing in the European Union or the European Economic Area, any transfer of personal data outside the EEA will be carried out with the appropriate safeguards provided for in the GDPR, including:
- Standard Contractual Clauses (SCCs): we use the Standard Contractual Clauses approved by the European Commission under Implementing Decision (EU) 2021/914 as the main mechanism for international data transfers to the United States and any other country that does not have an adequacy decision from the European Commission.
- EU-U.S. Data Privacy Framework: when our service providers are certified under the EU-U.S. Data Privacy Framework, transfers will additionally be covered by that certification.
- Supplementary measures: in addition to the above safeguards, we apply supplementary technical and organizational measures, such as encryption of data in transit and at rest, pseudonymization where possible, and the implementation of strict access controls.
The user may request additional information about the safeguards applied to international transfers of their personal data by contacting [email protected].
9. User rights
9.1. Rights under the GDPR (EU/EEA users)
In accordance with the General Data Protection Regulation, users residing in the European Union or the European Economic Area are granted the following rights in relation to their personal data:
- Right of access (Art. 15 GDPR): the right to obtain confirmation of whether your personal data is being processed and, if so, to access it and certain information related to the processing.
- Right of rectification (Art. 16 GDPR): the right to obtain without undue delay the rectification of inaccurate personal data concerning you, as well as to complete personal data that is incomplete.
- Right to erasure (Art. 17 GDPR): the right to obtain the erasure of your personal data when any of the circumstances provided for in the regulations apply, such as the data no longer being necessary for the purpose for which it was collected.
- Right to restriction of processing (Art. 18 GDPR): the right to obtain the restriction of the processing of your data in certain circumstances.
- Right to data portability (Art. 20 GDPR): the right to receive the personal data you have provided in a structured, commonly used and machine-readable format, and to transmit it to another controller.
- Right to object (Art. 21 GDPR): the right to object to the processing of your personal data based on legitimate interest, including profiling.
- Right not to be subject to automated decisions (Art. 22 GDPR): the right not to be subject to a decision based solely on automated processing that produces legal effects or significantly affects you.
- Right to withdraw consent: when processing is based on consent, the user has the right to withdraw it at any time, without this affecting the lawfulness of the processing based on the consent prior to its withdrawal.
To exercise any of these rights, the user may contact [email protected] indicating the right you wish to exercise and attaching, where applicable, a copy of an identification document. We will address your request within a maximum period of one (1) month from receipt, which may be extended by two (2) additional months in the case of complex or numerous requests, with prior notice to the user.
The user also has the right to lodge a complaint with the competent data protection supervisory authority in their country of residence if they consider that the processing of their personal data does not comply with current regulations.
9.2. Rights under the CCPA (California residents)
In accordance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), residents of the State of California are granted the following additional rights:
- Right to Know: the right to request information about the categories and specific pieces of personal information we have collected, the purposes of processing, the categories of sources from which the data is collected, and the categories of third parties with whom it is shared.
- Right to Delete: the right to request the deletion of the personal information we have collected, subject to certain exceptions provided for by law.
- Right to Opt-Out of Sale: the right to opt out of the "sale" of personal information. We state that Digital Edge Consulting LLC does not sell its users' personal information within the meaning defined by the CCPA.
- Right to Non-Discrimination: the right not to receive discriminatory treatment for exercising any of the rights recognized by the CCPA.
- Right to Correct: the right to request the correction of inaccurate personal information.
- Right to Limit Use of Sensitive Personal Information: the right to limit the use and disclosure of sensitive personal information.
To exercise these rights, California residents may contact us at [email protected]. We will verify your identity before processing the request and will respond within the deadlines established by the CCPA (45 business days).
10. Cookie policy
The Platform uses cookies and similar local storage technologies to improve the user experience, analyze use of the site and, where applicable, offer personalized content. The types of cookies we use are detailed below:
10.1. Strictly necessary cookies (functional)
These are essential for the proper functioning of the Platform. They enable navigation and the use of basic functions, such as login, user session management, access to secure areas, language preference selection and loading of course content. These cookies do not require the user's consent, as they are necessary for the provision of the requested service.
10.2. Analytics cookies
They allow us to collect information about how users interact with the Platform, such as the most visited pages, time spent, the most popular courses, completion rates and possible operating errors. This information is used in aggregate to improve the Platform's performance and user experience. Analytics cookies are only installed with the user's prior consent.
10.3. Marketing cookies
They are used to deliver relevant advertising content and measure the effectiveness of our marketing campaigns. They may be set by us or by third-party partners. These cookies track user activity across different websites and allow an interest profile to be created to show more relevant ads. Marketing cookies are only installed with the user's prior express consent.
10.4. Cookie management
On first access to the Platform, the user will be shown an informational banner about the use of cookies that will allow them to accept or reject non-essential cookies (analytics and marketing). The user may modify their cookie preferences at any time through the cookie settings panel accessible from the footer of the Platform.
Additionally, the user can manage and delete cookies through their browser settings. Please note that disabling certain cookies may affect the proper functioning of some Platform features.
11. Security measures
Digital Edge Consulting LLC implements appropriate technical and organizational security measures to protect users' personal data against unauthorized or unlawful processing, accidental loss, destruction or damage. The security measures implemented include:
- SSL/TLS encryption: all communications between the user's browser and our servers are carried out through encrypted connections using SSL/TLS protocols, ensuring the confidentiality and integrity of data in transit.
- Encryption of data at rest: personal data stored in our systems is encrypted using industry-standard encryption algorithms.
- Secure password storage: user passwords are stored using robust cryptographic hash functions with salting, which prevents their recovery in plain text.
- Access controls: access to personal data is restricted exclusively to authorized personnel who need to access it to perform their duties, through authentication and authorization systems based on the principle of least privilege.
- Access monitoring and logging: audit logs of access to systems containing personal data are maintained, allowing the detection of unauthorized access.
- Backups: periodic and encrypted backups of the data are made, stored in secure and separate locations, to ensure the recovery of information in the event of an incident.
- Security updates: systems and applications are kept up to date with the latest available security patches.
- Payment protection: payment processing is carried out entirely through Stripe, which complies with PCI DSS Level 1 standards, the highest level of security certification in the payments industry.
Despite the security measures implemented, no data transmission or storage system is completely secure. In the event of a security breach that may affect users' personal data, Digital Edge Consulting LLC will notify such breach to the competent supervisory authority and, where appropriate, to the affected users, within the deadlines and in accordance with the procedures established in applicable regulations.
12. Minors
The Platform's services are intended for persons over sixteen (16) years of age. Digital Edge Consulting LLC does not intentionally collect or process personal data of minors under 16 years of age.
If you become aware that a minor under 16 years of age has provided us with personal data without the consent of their parents or legal guardians, we ask that you notify us through [email protected] so that we can proceed to delete such data from our systems immediately.
For users between 16 and 18 years of age, it is recommended that registration and use of the Platform be carried out with the knowledge and supervision of their parents or legal guardians.
13. Modifications to the Privacy Policy
Digital Edge Consulting LLC reserves the right to modify this Privacy Policy at any time to adapt it to legislative or case-law developments or to changes in our data processing practices.
Any modification will be published on this page indicating the date of the last update. In the event that the modifications are substantial or significantly affect users' rights, we will make reasonable efforts to notify them through the following means:
- Sending a communication to the email registered in the user's account.
- Publication of a prominent notice on the Platform.
- Request for new consent when the modification affects processing based on the user's consent.
Users are advised to periodically review this Privacy Policy. Continued use of the Platform after the publication of the modifications shall constitute acceptance of the changes made.
14. Contact
For any question, query, complaint or request related to this Privacy Policy or the processing of your personal data, you may contact us through the following means:
- Email: [email protected]
- Website: programando.io
- Postal address: Digital Edge Consulting LLC, Albuquerque, New Mexico, USA
We undertake to address your request diligently and in the shortest possible time. For requests to exercise rights, the maximum response period will be one (1) month from receipt of the request, extendable by two (2) additional months in the case of particularly complex requests, with prior reasoned notice to the data subject.