Privacy Policy

Food Safety Academy is committed to protecting the privacy, confidentiality, and security of personal information in accordance with Canadian privacy law, including the Personal Information Protection and Electronic Documents Act (PIPEDA). This Privacy Policy explains how Food Safety Academy collects, uses, discloses, retains, and protects personal information in connection with its online Food Handler certification program and BC FOODSAFE Level 1 equivalency application materials.

We collect only the personal information that is reasonably necessary for identified educational, certification, examination, identity verification, administrative, legal, and quality improvement purposes. We use safeguards appropriate to the sensitivity of the information, including heightened protections for government-issued identification and biometric identity verification images.

Food Safety Academy (FSA) is an online food safety education provider located in Whitehorse, Yukon, Canada. FSA delivers online learning, examination, certificate issuance, and certificate verification services for students and business clients seeking Food Handler certification.

For the purpose of this Privacy Policy, "FSA," "we," "our," and "us" refer to Food Safety Academy. "Student," "user," "you," and "your" refer to individuals who register for, access, purchase, complete, or otherwise interact with the Food Safety Academy platform.

FSA's Food Handler certification program is designed as a 6+ hour course. The final examination uses a 70% passing score, equal to 35/50 correct answers. Students have a maximum of 3 attempts, with a 24-hour wait between attempts, and retakes within that limit are included in enrollment at no additional cost. Certificates are valid for 5 years and remain available for free certificate access from the student dashboard during the validity period.

FSA may collect the following categories of information:

Personal Identification Information

We may collect your full name, email address, mailing address, telephone number, account credentials, business affiliation, employer name, and other information required to register for and administer the course.

Government-Issued Identification

For proctored examinations, we may collect an image of a valid government-issued photo identification document to verify identity before certificate issuance.

Biometric Data and Identity Verification Images

We may collect a selfie, photo, or other image used to verify that the person taking the examination matches the identity document submitted. These images may be used for identity verification, proctoring review, fraud prevention, and examination integrity.

Automated Proctoring Captures

During the final examination, the FSA platform may capture random webcam images and related session data through its automated AI-assisted proctoring service. These records support student presence verification, identity consistency review, and examination integrity where flags are present.

Course Progress and Completion Data

We collect information about module access, lesson completion, course progress, learning activity participation, timestamps, and course completion status.

Examination Results and Scores

We collect examination attempt records, answers submitted, scores, pass/fail status, attempt history, proctoring flags, and certification eligibility data.

Payment Information

Payment transactions may be processed through Stripe or another authorized payment processor. FSA does not store full credit card numbers. Payment processors may collect and process payment card details, billing information, transaction identifiers, and fraud prevention information in accordance with their own privacy and security practices.

Technical Data

We may collect IP address, device information, browser type, operating system, login records, session data, security logs, approximate location derived from technical data, and other diagnostic information necessary for security, fraud prevention, platform operation, and technical support.

Under PIPEDA, FSA identifies the purposes for collection before or at the time personal information is collected. We collect personal information for the following specific purposes:

• To deliver the online course and provide access to course materials.
• To administer accounts, student profiles, learning progress, and course completion.
• To verify student identity for proctored examinations.
• To protect examination integrity and prevent impersonation, cheating, fraud, and unauthorized certificate issuance.
• To evaluate examination submissions and determine pass/fail status.
• To issue, maintain, and verify certificates.
• To communicate with students about registration, course progress, examination requirements, certificates, support requests, policy updates, and account matters.
• To process payments, refunds, invoices, receipts, and related financial records.
• To meet legal, regulatory, tax, audit, recordkeeping, and equivalency review obligations.
• To improve course quality, student support, platform reliability, accessibility, and learning outcomes.
• To generate anonymized or aggregated reporting for course administration, equivalency monitoring, and regulatory review.

FSA collects, uses, and discloses personal information with consent as required by PIPEDA. Consent may be express, such as when you register, accept policies, submit identity verification materials, complete an examination, or purchase a course. Consent may also be implied where the purpose is obvious and the information is reasonably necessary to provide the requested service.

Certain information is required to deliver the course, verify identity, administer secure examinations, issue certificates, and comply with applicable legal or regulatory requirements. If you decline to provide required information, FSA may be unable to provide course access, examination access, certificate issuance, certificate verification, or related services.

You may withdraw consent, subject to legal, contractual, regulatory, educational integrity, and recordkeeping limitations. Withdrawal of consent may affect your ability to use the platform or maintain certification records.

FSA uses personal information to:

• Create, authenticate, and manage student accounts.
• Provide access to course content, learning activities, examinations, and certificates.
• Track course progress and completion.
• Verify identity before and during examinations.
• Review proctoring events and suspected violations.
• Score examinations and determine certification eligibility.
• Issue certificates and support public certificate verification.
• Provide customer support, administrative assistance, and technical troubleshooting.
• Send transactional emails, course reminders, certificate notices, and policy communications.
• Process payments, refunds, invoices, and financial records.
• Maintain accurate student and certification records.
• Improve course content, platform functionality, security, and student experience.
• Comply with law, regulatory requests, equivalency review, audit requirements, and dispute resolution.

FSA does not sell personal information.

We may share personal information only where reasonably necessary for the purposes described in this Privacy Policy, where required or permitted by law, or with your consent.

Service Providers

We may use trusted third-party service providers to support platform operations. These providers are authorized to use information only as necessary to provide services to FSA and are expected to maintain appropriate safeguards. Examples include:

• Stripe, for payment processing, fraud prevention, receipts, and related financial services.
• Resend, for transactional email delivery and communication logs.
• Hosting, database, storage, security, analytics, and technical infrastructure providers used to operate the learning management system.

Regulatory and Health Authority Review

If requested for equivalency verification, compliance review, certificate validation, investigation, or audit purposes, FSA may provide relevant records to a British Columbia health authority or other authorized regulatory body.

The BC Centre for Disease Control may receive anonymized aggregate data for equivalency monitoring, course quality review, reporting, or program oversight. Where possible, aggregate reporting will not identify individual students.

Legal Requirements

We may disclose personal information where required or permitted by law, including in response to lawful requests, court orders, regulatory inquiries, fraud investigations, certificate integrity matters, tax requirements, or to protect the rights, safety, and security of FSA, students, the public, or regulatory bodies.

FSA retains personal information only for as long as necessary to fulfill the purposes identified in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Student records: Retained for the 5-year certificate validity period plus 3 years.
• Exam records: Retained for the 5-year certificate validity period plus 3 years.
• Biometric data, selfie images, and government-issued ID images: Retained for 90 days after exam completion, unless a longer period is required for an active investigation, appeal, suspected fraud, legal obligation, or regulatory request.
• Payment data and financial records: Retained for 7 years to support Canadian tax, accounting, audit, and business recordkeeping requirements.
• Technical security logs: Retained as reasonably necessary for security, fraud prevention, diagnostics, and legal compliance.

When information is no longer required, FSA will securely delete, anonymize, or archive it in accordance with applicable policies and legal requirements.

Subject to legal and regulatory limitations, you have the right to:

• Request access to personal information FSA holds about you.
• Request correction of inaccurate or incomplete personal information.
• Withdraw consent for certain uses or disclosures.
• Ask questions about FSA privacy practices.
• File a complaint with FSA's Privacy Officer.
• File a complaint with the Office of the Privacy Commissioner of Canada if you are not satisfied with FSA's response.

FSA will respond to access and correction requests within a reasonable period and generally within 30 days, unless an extension is permitted by law.

FSA uses administrative, technical, and physical safeguards appropriate to the sensitivity of personal information. Security measures may include:

• Encryption at rest using AES-256 or equivalent industry-standard encryption.
• Encryption in transit using TLS 1.2 or higher.
• Role-based access controls and least-privilege administrative access.
• Authentication controls for student and administrative accounts.
• Logging, monitoring, and audit trails for sensitive operations.
• Regular backups and recovery procedures.
• Secure hosting and managed infrastructure.
• Segregated access to sensitive identity verification and proctoring records.
• Limited retention of government ID and biometric verification images.
• Internal policies and procedures for privacy, security, support, and incident handling.

No system can be guaranteed to be completely secure. FSA continuously works to protect personal information and reduce foreseeable privacy and security risks.

FSA may use cookies and similar technologies to operate the platform, maintain secure login sessions, remember preferences, support checkout, monitor performance, improve usability, and protect against fraud or abuse.

Some cookies are necessary for authentication and platform functionality. Other limited analytics or diagnostic tools may be used to understand platform performance and improve the student experience. Users may adjust browser settings to block or delete cookies, but doing so may affect course access, login, checkout, examination, or certificate functionality.

The Food Safety Academy Food Handler certification course is intended for adults aged 18 years and older. FSA does not knowingly provide the course to children or knowingly collect personal information from children for this program. If FSA becomes aware that personal information has been collected from a child in error, FSA will take appropriate steps to delete or restrict the information, subject to legal and recordkeeping requirements.

FSA may update this Privacy Policy from time to time to reflect changes in legal requirements, platform functionality, certification procedures, service providers, or business practices. The updated version will indicate the effective date and version number. Material changes may be communicated through the platform, email, or another appropriate method.

Continued use of the platform after a policy update means you acknowledge the updated Privacy Policy, subject to any consent requirements under applicable law.

Privacy Officer: Dr. Belissa Estaniza Cochachin Carrera

Food Safety Academy

Unit 115, 113 Mallard Way, Whitehorse, Yukon, Y1A 0J6, Canada

Email: privacy@foodsafetyacademy.ca

Phone: (867) 687-8227

Response Time: FSA aims to respond to privacy inquiries within 30 days.

Students may also contact the Office of the Privacy Commissioner of Canada for information about privacy rights under PIPEDA.

Food Safety Academy | Whitehorse, Yukon | Version 1.0 | May 2026