Policy

Privacy Policy

How IESF Academy collects, uses, and protects your personal information.

Last updated: 28 April 2026← Back to academy

Overview

IESF Academy ("the Academy", "we", "our") is the official education platform of the International Esports Federation (IESF). This Privacy Policy explains what personal information we collect when you use the Academy, how we use it, who we share it with, and the rights you have over it.

This policy applies only to the Academy. The IESF main site at iesf.org has its own privacy policy that covers federation membership and competition data.

What We Collect

Account information

When you register, we collect your name, email address, password (hashed), country, and date of birth (so we can check whether you are a minor and apply the additional protections below).

Learning activity

We collect data about how you use the Academy: courses you enrol in, lessons you complete, quizzes and exam results, assignments you submit, certificates you earn, badges you unlock, your learning streak, and discussion posts you make.

Payment information

For paid courses, payment is processed by Stripe. We do not store your full card number — Stripe sends us a token plus the last 4 digits, the brand, and the country of the card for receipts.

Technical information

IP address, browser type, device type, and pages visited. We use this to keep the platform secure, debug issues, and understand how the Academy is used.

How We Use It

  • To deliver the courses, certificates, and live sessions you sign up for.
  • To verify your identity and protect your account.
  • To send transactional emails — welcome, password reset, course updates, certificate issuance, payment receipts.
  • To provide instructors with the analytics they need to grade your work and improve their courses.
  • To comply with applicable laws (including esports federation regulations and tax/accounting rules).
  • To investigate fraud, abuse, or violations of our Terms of Service.

We do not sell your personal information. We do not use it for advertising on third-party platforms.

Sharing & Partner Academies

The Academy hosts multiple partner academies(member federations, universities, training centres) that run their own programmes. When you enrol in a course operated by a partner academy, that academy's instructors receive your enrolment data and your coursework — they need this to teach you and grade you.

We share with these third-party processors: Stripe (payments), Resend (transactional email), and our hosting provider. Each is contractually obligated to keep your data confidential and only use it to provide their service to us.

We do not share your data with anyone else without your explicit consent, unless required by law.

Cookies

We use a small number of cookies and similar technologies to keep you signed in, remember your preferences, and measure platform health. See our Cookie Policy for full details.

Your Rights

Depending on where you live (GDPR for EU/UK, CCPA for California, POPIA for South Africa, equivalents elsewhere), you have the right to:

  • Access a copy of the data we hold about you.
  • Correct any data that is wrong or out of date.
  • Delete your account and the personal data tied to it.
  • Restrict or object to certain processing.
  • Port your data to another service.
  • Withdraw consent for any processing that relies on it.

You can exercise most of these rights directly from your dashboard. For anything you can't self-serve, email [email protected].

Retention

We keep account data for as long as your account is active. If you delete your account, we anonymise your learning activity (so aggregate course statistics remain meaningful) and remove your personal identifiers within 30 days.

Certificates we have issued are retained indefinitely for verification purposes — anyone with the certificate's QR code can confirm you earned it. You can request that we revoke a certificate.

Transactional records (payments, refunds, tax invoices) are kept for 7 years to meet accounting and tax obligations.

Security

We hash passwords with bcrypt, encrypt traffic with TLS, store data in a secured database with restricted network access, and rate-limit authentication endpoints. No system is perfectly secure — if you believe an account has been compromised, email [email protected] immediately.

Minors

The Academy is open to anyone aged 13 or older. If we detect that an account belongs to a minor (under 18 in most jurisdictions), we apply additional restrictions: we don't process payments without verified parental consent, marketing communications are disabled, and certain social features (like public discussion replies) require a guardian-supervised account.

Changes to this Policy

We will email you if we make material changes that affect what we collect or how we use your data. The date at the top of this page shows when this version was published.

Contact

Questions about this Privacy Policy or about your data? Email [email protected] or write to:

International Esports Federation
Data Protection Officer
(postal address forthcoming — please use email for the moment)