Privacy Policy · Kernel Harbor Academy

Processors and third parties

We use infrastructure vendors for hosting, email delivery, analytics (if consented), and support ticketing. Each vendor processes data under written agreements that require confidentiality and security measures. We do not sell personal information. If we add a vendor that materially changes risk, we will update this policy and, where required, seek fresh consent. You may request a current list of categories of recipients by emailing our privacy contact.

Data we collect

Account data: name, email, organization, and billing references provided by you. Technical data: IP address, device type, coarse location derived from IP, and logs of lab actions for security. Support data: messages you send and attachments you choose to upload. Marketing data: preferences and webinar registrations when you opt in. We avoid collecting government identifiers unless a specific enterprise engagement requires it under a separate data processing agreement.

How we use data

We use data to deliver labs, authenticate users, improve reliability, schedule mentors, and comply with law. With consent, we measure site analytics in aggregate. We do not use learner lab traffic to train third-party models. Automated decisions are limited to fraud prevention signals; you may request human review where applicable law requires it. Communications about service changes are sent as necessary notices even if marketing is opted out.

Your rights

Depending on your residency, you may have rights to access, correct, delete, restrict, or export personal data, and to withdraw consent without affecting prior lawful processing. Korean residents may request confirmation of processing and cessation of processing that violates the Personal Information Protection Act. We respond within reasonable timelines, typically within thirty days, unless complexity requires an extension we will explain. You may lodge a complaint with the Personal Information Protection Commission (PIPC) in Korea.

Retention

Account data is kept for the life of the relationship plus a period necessary for tax, dispute, and security purposes, generally not exceeding seven years for billing artifacts. Lab logs with security relevance may be kept on a shorter rolling basis unless an incident investigation requires longer retention. Marketing consents are refreshed periodically; stale consents are deleted. Backups may persist for a technical window after deletion requests until overwritten.

Contacting us about privacy

Email hello@reason-system.one with the subject line “Privacy request” and describe your question or rights request. We may verify identity before disclosing records. If you are represented by an agent, include signed authorization unless obvious corporate channels apply. For enterprise customers, your administrator may submit bulk requests coordinated with your legal team.

Scope and children

This policy applies to the reason-system.one site and related services operated by Kernel Harbor Academy. The site is not directed to children under 14, and we do not knowingly collect their data. If you believe a child provided data, contact us for prompt deletion. External sites linked from our pages have their own policies; review them before submitting information.