Polaris Institute

Version 2026-07-10

Privacy Policy

This describes what personal information Polaris Institute collects, why, and how we protect it — in line with PIPEDA.

1. What we collect

When you register, apply, or enrol, we collect your name, email, and phone number. If you pay for a course, Stripe processes your payment directly — we never see or store your full card details, only a payment reference and the amount. If you sign in with Google, we receive your name, email, and profile photo from Google; if you are a tutor linking Google Classroom, we store an encrypted access token so we can create and manage your classroom on your behalf.

2. Why we collect it

We use your information to create and manage your account, process enrolments and payments, send enrolment confirmations, receipts, and schedule updates, verify your email address, issue certificates, and respond to support requests. We do not use your information for advertising, and we do not sell your information to anyone.

3. Who we share it with

We share the minimum necessary information with the services that make the Institute run: Stripe (payment processing), Google (sign-in and Classroom, only if you use those features), our email provider (sending you account and course emails), and our hosting and database providers (MongoDB Atlas, Contentful) who store the data on our behalf under their own security commitments. None of these providers may use your information for their own purposes.

4. Cookies & sessions

We use a single, essential session cookie to keep you signed in. We do not use advertising or tracking cookies, and at this time we do not run third-party analytics on this site.

5. How long we keep it

We keep account and enrolment records for as long as your account is active and for a reasonable period afterward to meet financial record-keeping obligations and to honour certificate verification. You can ask us to delete your account at any time; see "Your rights" below.

6. How we protect it

Passwords are hashed, never stored in plain text. Sensitive tokens (such as Google Classroom access tokens) are encrypted at rest. Access to student records in our staff portals is role-gated and limited to what each role needs to do its job.

7. Your rights

Under PIPEDA, you can ask us what personal information we hold about you, correct anything that is inaccurate, and request that we delete your account and associated data (subject to what we are required to retain for legal or financial reasons). Email us and we will respond within a reasonable time.

Questions about your data, or want to exercise your rights above? Email hello@polarisinstitute.ca.