Legal

Privacy Policy

Last updated: June 2026. This policy explains what data the Academy collects, why, and the choices you have.

Who we are

Engineering Management Academy (“EMA”, “the Academy”, “we”) operates www.engineeringmanagement.academy, an independent certification platform for engineering management. For any privacy matter, contact us via the details on the Contact page.

What we collect

  • Account data — when you sign in with Google, we receive your name, email address, and profile photo from your identity provider. We do not receive or store your password.
  • Profile data — information you choose to add, such as a username, headline, or public profile settings.
  • Examination records — your scheduled sittings, examination answers, scores, and outcomes. These form the basis of any credential we issue and are retained as part of the certification record.
  • Credential data — issued certificates, including the holder name printed on them, credential IDs, dates, and status.
  • Waitlist data — your email address, if you join a certification waitlist.
  • Research survey data — answers to the State of Engineering Management survey are anonymous; an email address is stored only if you choose to provide one to receive the report, and is never linked to your answers in published analysis. Only aggregated results are published, with small segments suppressed.

We do not run advertising trackers or sell personal data. Cookies are used solely for authentication and session management.

How we use it

  • To operate the platform: scheduling, delivering, and scoring examinations, and issuing credentials.
  • To provide public credential verification — by design, anyone with your credential ID can confirm your name, certification, dates, and status. This is the purpose of a verifiable credential.
  • To send transactional email about your account, sittings, and credentials.
  • To protect examination integrity, including investigating suspected misconduct.

Public information

Credential verification responses are public for anyone holding your credential ID. Your public profile page is visible to anyone with the link; you control whether your certifications appear on it from your profile settings. Note that disabling profile visibility does not disable credential verification — verification exists for third parties relying on the credential.

Where your data lives

The platform is hosted on Vercel, with data stored in Supabase (Postgres) and transactional email delivered via Resend. Authentication is provided by Google OAuth through Supabase Auth. Each processor handles data under its own security and compliance programs.

Retention

Examination and credential records are retained for as long as the credential may need to be verified — including after expiry, so that historical verification remains possible. Account data is retained while your account is active.

Your rights

You may request access to, correction of, or deletion of your personal data by contacting us. Deletion requests are honored except where records must be retained to preserve the integrity of issued credentials (for example, the certification record behind a credential that third parties may still verify).

Changes

We will update this policy as the platform evolves and revise the “last updated” date above. Material changes will be communicated to account holders by email.