← Back to STOA Institute

Privacy Policy

Last updated: April 2026

1. Who we are

This website at stoainstitute.com (the "Site") is operated by STO Enterprises LLC, a limited liability company organised under the laws of the State of Wyoming, United States of America, trading as STOA Institute ("STOA Institute," "we," "us," or "our"). STOA Institute provides practitioner-led AI training programmes and executive education to organisations globally.

For any privacy-related questions, data requests, or concerns, you can reach us at info@stoainstitute.com.

2. What this policy covers

This Privacy Policy explains what personal information we collect when you interact with stoainstitute.com or with STOA Institute directly through email, telephone, meetings, or programme delivery. It describes how we use that information, who we share it with, how long we keep it, and what rights you have over it.

This policy applies to:

• Visitors to stoainstitute.com who browse the site anonymously
• Individuals who submit a form on the site (for example, to book a Training Needs Analysis call, request a brochure, or register for a programme)
• Individuals who email us directly at any STOA Institute address
• Delegates who attend our training programmes, workshops, or webinars
• Individuals whose organisations have engaged STOA Institute for training or advisory services

This policy does not cover third-party websites linked from stoainstitute.com. When you click an external link, you leave the scope of this policy and enter the privacy terms of whichever site you land on.

3. What information we collect

3.1 Information you give us directly

When you submit a form, register for a programme, book a call, or engage us for training, you may share:

• Your name and job title
• Your work email address and phone number
• Your company name, size, and industry
• Your billing address, VAT number, and payment details (processed securely by our payment provider)
• A description of your training needs or objectives
• Any additional context you choose to share during discussions, needs analyses, or programme delivery

3.2 Information collected automatically

When you visit stoainstitute.com, our hosting and infrastructure providers automatically log:

• Your IP address and approximate geographic location
• The type of browser and device you are using
• The pages you visit on our site and the time you spent on each
• The referring website, if any
• Technical information required to deliver the site to you securely

This data is used to operate the site, prevent abuse, and understand how visitors use the site in aggregate. We do not use it to build advertising profiles.

3.3 Programme and delegate data

When you attend a STOA Institute programme, we collect information necessary to deliver the training and issue your certificate. This includes your name, job title, organisation, email address, programme attendance records, and any exercise outputs or feedback you provide during the session. Exercise outputs created during training (such as prompt libraries, action plans, or automation projects) belong to you or your organisation, not to STOA Institute.

4. How we use your information

We use personal information for the following purposes and no others:

• To respond to your enquiries, booking requests, and brochure requests
• To schedule and conduct Training Needs Analysis calls and meetings
• To deliver the training programmes and services you have engaged us for
• To process payments and issue invoices, receipts, and certificates
• To provide post-programme support as described in the programme terms
• To send occasional updates about our programmes, new courses, or relevant insights (only to people who have explicitly asked to receive them)
• To maintain records required for tax, accounting, audit, and legal purposes
• To protect the security of our site, our systems, and our clients
• To comply with legal obligations

We do not sell personal information to third parties. We do not rent email lists. We do not share your details with data brokers.

5. Cookies and similar technologies

Stoainstitute.com uses a minimal set of cookies and similar technologies, strictly for operational and analytical purposes:

• Essential cookies required to deliver the site and protect against abuse (set by our hosting provider, Cloudflare). These cannot be disabled without breaking the site.
• Analytics cookies or similar technologies used to understand how visitors use the site in aggregate. We aim to use privacy-friendly analytics that do not track individuals across sites.
• Payment processing cookies set by our payment provider (Stripe) when you interact with a checkout or payment form. These are necessary to process your transaction securely.
• Scheduling cookies set by our booking tool (TidyCal) when you interact with an embedded booking calendar. These are necessary to display available times and complete your booking.

We do not use cookies for cross-site behavioural advertising. We do not use retargeting pixels. We do not allow third-party advertising networks to place cookies on our site.

You can disable cookies in your browser at any time. The site will continue to work, though some features (such as payment processing and call booking) may require cookies to function.

Cookie list

The following table describes the cookies currently in use on stoainstitute.com:

• __cf_bm, cf_clearance, set by Cloudflare. Purpose: bot protection and security. Duration: 30 minutes to 24 hours. Essential.
• __stripe_mid, __stripe_sid, set by Stripe. Purpose: fraud prevention and payment processing. Duration: session to 1 year. Set only on checkout pages.
• tidycal_*, set by TidyCal. Purpose: scheduling functionality. Duration: session. Set only when interacting with a booking calendar.

We will update this list when material changes occur. If we add analytics cookies in the future, we will update this policy and, where required, request your consent before setting them.

6. Who we share information with

We share personal information only with the service providers we use to operate our business. Each of these is a reputable company with its own privacy obligations. The main categories are:

Infrastructure and operations

• Cloudflare, Inc., hosting, content delivery, DNS, and security
• GitHub, Inc. (Microsoft), source code management for site files
• Hostinger International, email hosting for our @stoainstitute.com addresses
• Google LLC, administrative email and office tools where used

Communication and scheduling

• TidyCal, scheduling and booking for Training Needs Analysis calls and webinars
• Tally, online forms used on our contact page for general enquiries and brochure requests
• Google Meet, video conferencing for virtual programme delivery and meetings
• Email delivery tools used to send booking confirmations, brochures, and programme-related communications

Payments

• Stripe, Inc., payment processing for programme registrations and course purchases
• Payoneer, where used for cross-border invoice settlement

Analytics (if enabled)

• Cloudflare Web Analytics, privacy-friendly, cookieless analytics provided by our hosting provider

Service providers are contractually required to process personal information only on our instructions and only for the purposes we have authorised.

We may also disclose personal information when required by law, court order, or legitimate legal process, or when necessary to protect the rights, property, or safety of STOA Institute, our delegates, our clients, or others.

7. International data transfers

STOA Institute operates globally and delivers programmes across EMEA, the GCC, and internationally. Depending on where you are located and where our service providers operate, your information may be transferred to and processed in the United States, the European Union, the United Kingdom, the Republic of North Macedonia, the United Arab Emirates, or other jurisdictions. When we transfer personal data across borders, we rely on appropriate legal mechanisms including standard contractual clauses or equivalent protections.

8. How long we keep your information

• Enquiry and form submission data: kept for up to 24 months after the last interaction, then deleted or anonymised
• Delegate and programme records: kept for the duration of any post-programme support period and for a reasonable retention period afterward to meet tax, audit, certification, and contractual obligations (typically 6 to 7 years)
• Payment records: kept for as long as required by applicable tax and accounting law (typically 6 to 7 years)
• Marketing communications data: kept until you unsubscribe or request deletion
• Technical and security logs: kept for a short rolling period as determined by our hosting providers (typically 30 to 90 days)

9. Your rights

Depending on where you live, you have certain rights over the personal information we hold about you. These include:

• Access, to ask what information we hold about you and receive a copy
• Correction, to ask us to fix information that is wrong or incomplete
• Deletion, to ask us to delete information we no longer have a legitimate reason to keep
• Restriction, to ask us to stop using information in certain ways
• Portability, to ask for a copy of your information in a structured, machine-readable format
• Objection, to object to how we process your information for certain purposes
• Withdrawal of consent, to withdraw any consent you previously gave us

To exercise any of these rights, email us at info@stoainstitute.com with "Privacy Request" in the subject line. We will respond within 30 days. If we cannot fulfil your request, we will explain why.

If you believe we have mishandled your personal information, you have the right to complain to a data protection authority in your country.

10. How we secure your information

We take reasonable technical and organisational measures to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit and, where appropriate, at rest
• Access controls that limit who can see personal information inside our team
• Regular review of our security practices and those of our service providers
• Secure development and deployment practices for all code we build and host

No method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we work to apply professional best practices.

11. Testimonials and delegate feedback

We sometimes publish testimonials, quotes, and feedback from delegates who have attended our programmes. The underlying content is always authentic and approved by the delegate or their organisation before publication.

In cases where a delegate has given us permission to share their feedback but has asked not to be named, we may replace names and identifying details with generalised descriptions (for example, "Senior Director, GCC Financial Services" instead of a specific name and company). The feedback described is always real and always approved.

If you have given a testimonial or been featured in a case study and you want it removed or amended, email info@stoainstitute.com with "Testimonial Request" in the subject line. We will remove or amend the content within 14 business days of receiving a verified request.

12. AI and data handling

Because AI is central to the programmes we deliver, we think it is important to be explicit about how we handle data in AI tools used during training:

• Delegate data and exercise outputs created during our programmes are never used to train public AI models
• When delegates use AI platforms during our sessions, we instruct the use of enterprise-grade accounts or sandboxed environments that prohibit training on submitted content
• Where clients require it, we deliver training using local AI models, clean devices, or sandboxed cloud labs that never transmit data to the public internet
• Exercise outputs, prompt libraries, and automation projects built during our programmes belong to the delegate or their organisation, not to STOA Institute

13. Children's privacy

STOA Institute is a B2B service directed at professionals and enterprise organisations. Our site and services are not directed at children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at info@stoainstitute.com and we will delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or the legal environment. When we make material changes, we will update the "Last updated" date at the top of this page. Your continued use of stoainstitute.com after changes take effect constitutes acceptance of the updated policy.

15. Contact us

If you have questions about this Privacy Policy, want to exercise any of your rights, or want to report a concern, email us at info@stoainstitute.com with "Privacy Request" in the subject line. We will respond within 30 days.

STO Enterprises LLC, trading as STOA Institute
Email: info@stoainstitute.com