1. Controller

RALK is operated by RALK / Regulight (founder-led initiative).
Until formal registration, communications may be handled under the project name “RALK”.
Email: info@ralk.io

2. What data we process

Depending on your interaction with RALK, we may process:

• Account data: first and last name, company email address, password or authentication token (if SSO is used), organization name (if provided).
• Usage data: course progress, quiz results, completion timestamps, and interactions needed to provide the learning experience.
• Device & log data: IP address, date/time of access, browser type/version, device identifiers, operating system, referrer URL, and similar technical identifiers.
• Support data: information you share when contacting us (e.g., via email or forms).

3. Purposes and legal bases

We process personal data for the following purposes and legal bases under the GDPR:

• Account creation and platform access (Art. 6(1)(b))
• Providing training, tracking completion, and generating evidence/audit-ready records (Art. 6(1)(b) and/or Art. 6(1)(f))
• Security, abuse prevention, and reliable operations (Art. 6(1)(f))
• Legal compliance (Art. 6(1)(c))
• Handling inquiries and support (Art. 6(1)(b) or Art. 6(1)(f))

4. Registration with corporate email addresses

RALK is intended for professional use. Users typically register with a company email address. Depending on your organization’s setup, your employer may have internal policies regarding the use of corporate email accounts and business tools. If your organization provides you access to RALK, it may act as the customer and may receive aggregated usage reports or completion evidence needed for compliance documentation.

5. Hosting, subprocessors and data transfers

We may use hosting and infrastructure providers to operate RALK. Where we use vendors (subprocessors), we aim to conclude appropriate data processing agreements and implement suitable safeguards. If transfers outside the EEA occur, we rely on appropriate safeguards (e.g., adequacy decisions and/or standard contractual clauses) where required.

6. Cookies

We use only technically necessary cookies to operate the website and platform, where required. We do not use marketing or tracking cookies without your consent.

7. Retention

We retain personal data only as long as necessary for the purposes described above and as required by applicable law. Account and training records may be retained for compliance documentation (evidence of completion) where relevant.

8. Your rights

You may have the following rights under the GDPR (subject to legal conditions):

• Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17)
• Restriction (Art. 18), Data portability (Art. 20), Objection (Art. 21)
• Right to lodge a complaint with a supervisory authority

To exercise your rights, contact us at info@ralk.io.

9. Updates

We may update this Privacy Policy to reflect changes in our processing activities. The current version is always published on this page.