Last updated: February 2026
Institutes: Email address, password (hashed), institute name, address, contact details and any content you submit. Visitors: Name, email and phone when submitting an enquiry or popup form. Technical: IP address (for security/audit), browser session data.
We use your data to: operate the directory and display institute profiles; send transactional emails (verification, approval, reset); pass enquiry details to the relevant institute; and detect abuse or fraud.
We do not sell your personal data. Enquiry details (name, email, phone, message) are shared with the institute you enquire about. We use Brevo (Sendinblue) for email delivery.
We use a session cookie (essential) to keep you logged in and store form state. No tracking cookies are set without consent. Google Analytics may be active if configured; it uses its own cookies subject to Google's privacy policy.
You can request deletion of your account and associated data at any time by contacting us. Institute listing data will be removed within 30 days of request.
Passwords are hashed using Argon2id. All data is stored on secured servers. We apply rate-limiting and CSRF protection to prevent abuse.
For privacy enquiries, email admin@cfapoint.com.