This Privacy Policy ("Policy") describes how VALUEMINT LLC, a Wyoming limited liability company, doing business as Diplomat Academy ("Company," "we," "us," or "our"), collects, uses, discloses, and protects personal data ("Personal Data") when you:

•     visit or use our website (the "Site")

•     purchase, access, or use any of our digital products or courses ("Products")

•     communicate with us by any means

Our Products are provided exclusively in English and are available to users globally. We are committed to protecting your Personal Data in accordance with applicable data protection laws, including, where applicable:

•     the General Data Protection Regulation (EU) 2016/679 ("GDPR") and its UK equivalent ("UK GDPR")

•     the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act ("CCPA/CPRA")

•     other applicable US state and federal privacy laws

By using our Site or purchasing our Products, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please do not use our services.

The entity responsible for the processing of your Personal Data is:

VALUEMINT LLC

Trading as: Diplomat Academy

30 N Gould St, Ste R

Sheridan, WY 82801

United States

Email: office@diplomat.academy

"Diplomat Academy" is a trade name operated by VALUEMINT LLC. All references to "Diplomat Academy" in this Policy refer to VALUEMINT LLC in its capacity as data controller.

Note for EEA/UK users: VALUEMINT LLC does not maintain a registered establishment in the EU or UK. To the extent we are subject to the GDPR or UK GDPR, we process your data as a controller established outside the EEA/UK. You may contact us directly using the details above. We are evaluating the appointment of an EU/UK representative as required under GDPR Art. 27.

a) Data You Provide Directly

•     full name

•     email address

•     billing name and address

•     account credentials (username and password, if applicable)

•     any information you submit via contact forms, support requests, or email correspondence

b) Data Collected Automatically

When you visit our Site, we may automatically collect:

•     IP address and approximate geolocation (country/region level)

•     device type, operating system, and browser information

•     pages visited, time spent, click behavior, and navigation paths

•     referring URLs and search terms

•     cookie identifiers and tracking pixel data (see Section 8)

c) Payment Data

Payments are processed exclusively by third-party payment processors (e.g., Stripe). We do not collect, store, or process full payment card numbers or sensitive financial data. Our payment processors are PCI-DSS compliant. We retain only transaction confirmation data (amount, date, and masked payment method) for accounting and legal purposes.

d) Data We Do Not Collect

We do not knowingly collect: special categories of Personal Data (e.g., health data, political opinions, biometric data); data from individuals under the age of 18; or data beyond what is necessary for the purposes described in this Policy.

We process your Personal Data only for the following specific, lawful purposes:

•     Service delivery: to provide, deliver, and support our Products and services

•     Payment processing: to process transactions and maintain billing records

•     Account management: to create and maintain user accounts where applicable

•     Communications: to send transactional emails (purchase confirmations, access credentials, support responses)

•     Marketing: to send educational and promotional content, subject to your consent where required by law

•     Analytics: to analyze Site usage, improve functionality, and optimize user experience

•     Security and fraud prevention: to detect, investigate, and prevent fraudulent activity, abuse, or security incidents

•     Legal compliance: to comply with applicable legal obligations, court orders, or government requests

a) EEA and UK Users (GDPR / UK GDPR)

If you are located in the European Economic Area or United Kingdom, we rely on the following legal bases under Art. 6 GDPR:

•     Contract performance (Art. 6(1)(b)): to deliver Products you have purchased and manage your account

•     Legitimate interests (Art. 6(1)(f)): for security, fraud prevention, Site analytics, and business operations, where these interests are not overridden by your rights

•     Consent (Art. 6(1)(a)): for non-essential cookies, marketing emails, and retargeting — you may withdraw consent at any time without affecting prior processing

•     Legal obligation (Art. 6(1)(c)): where processing is required by applicable law (e.g., tax and accounting obligations)

b) US Users

For users located in the United States (outside California), we process your Personal Data based on our legitimate business interests in providing our services, maintaining security, and complying with applicable law. California residents' rights are addressed separately in Section 13.

We send two categories of email:

•     Transactional emails: purchase confirmations, access credentials, account notices, and support responses. These are necessary for service delivery and are not subject to marketing opt-out.

•     Marketing emails: educational content, product updates, and promotional offers. Where required by law (including for EEA/UK users and under CAN-SPAM), these are sent only with your prior consent or where we have a legitimate interest based on an existing customer relationship.

You may unsubscribe from marketing emails at any time by clicking the unsubscribe link included in every marketing email, or by contacting us at office@diplomat.academy. Unsubscribe requests are processed within ten (10) business days.

Unsubscribing from marketing emails does not affect delivery of transactional communications necessary for your account or purchased Products.

We retain Personal Data only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. The following indicative retention periods apply:

•     Account and purchase data: retained for the duration of the customer relationship plus seven (7) years to comply with applicable tax, accounting, and commercial record-keeping obligations

•     Marketing consent records: retained for the duration of consent plus three (3) years following withdrawal

•     Support and correspondence: retained for three (3) years from the date of last communication

•     Automatically collected technical data (logs, IP addresses): retained for up to twelve (12) months unless a longer period is required for fraud investigation or legal proceedings

•     Cookie data: subject to individual cookie lifespans, as described in our Cookie Policy

Upon expiry of applicable retention periods, Personal Data is securely deleted or anonymized so that it can no longer be associated with an identified or identifiable individual.

We use cookies, web beacons, pixels, and similar tracking technologies on our Site. These fall into the following categories:

•     Strictly necessary cookies: required for the Site to function (e.g., session management, security). No consent required.

•     Analytical/performance cookies: used to understand how users interact with the Site (e.g., Google Analytics). Require consent in the EEA/UK.

•     Marketing and retargeting cookies: used to deliver targeted advertising and track campaign performance. Require consent in the EEA/UK.

Where required by applicable law, we will present a cookie consent banner and will not place non-essential cookies until consent is obtained. You may withdraw cookie consent at any time through our cookie settings or your browser settings.

For detailed information about the specific cookies we use, their purposes, and their lifespans, please refer to our Cookie Policy [www.diplomat.academy/cookie-policy].

a) Service Providers (Sub-Processors)

We share Personal Data with third-party service providers who process data on our behalf and under our instructions. These include:

•     payment processors (e.g., Stripe)

•     email marketing and communication platforms

•     website analytics providers (e.g., Google Analytics)

•     cloud hosting and infrastructure providers

•     customer support tools

All sub-processors are contractually required to implement appropriate security measures and to process Personal Data only on our documented instructions and in accordance with applicable data protection law. Where required by GDPR, we have executed Data Processing Agreements (DPAs) with each sub-processor.

b) Legal and Regulatory Disclosures

We may disclose Personal Data to courts, law enforcement agencies, regulators, or government authorities where required by applicable law, court order, or to protect our legal rights, prevent fraud, or ensure user safety.

c) Business Transfers

In the event of a merger, acquisition, sale of assets, or restructuring of VALUEMINT LLC, Personal Data may be transferred to the acquiring entity, subject to equivalent data protection obligations.

d) No Sale of Personal Data

We do not sell, rent, or trade your Personal Data to third parties for their independent marketing purposes. This applies to all users, including California residents under CCPA/CPRA.

VALUEMINT LLC is based in the United States. Your Personal Data may be transferred to, stored in, and processed in the United States and other countries in which our service providers operate. Data protection standards in these countries may differ from those in your jurisdiction.

For transfers of Personal Data from the EEA or UK to the United States or other third countries, we rely on the following transfer mechanisms where required by GDPR:

•     Standard Contractual Clauses (SCCs): the European Commission-approved SCCs incorporated into our Data Processing Agreements with sub-processors

•     UK International Data Transfer Agreements (IDTAs): for transfers from the United Kingdom

•     Adequacy decisions: where applicable

You may request a copy of the relevant transfer mechanism documentation by contacting us at office@diplomat.academy.

We implement appropriate technical and organizational security measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include:

•     encryption of data in transit (TLS/HTTPS)

•     access controls and authentication requirements for personnel

•     contractual security obligations imposed on sub-processors

•     regular review of security practices

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially reasonable means to protect your Personal Data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and, where required, relevant supervisory authorities, in accordance with applicable law.

If you are located in the European Economic Area or United Kingdom, you have the following rights under GDPR and UK GDPR:

•     Right of access (Art. 15): to obtain a copy of Personal Data we hold about you and information about how it is processed

•     Right to rectification (Art. 16): to request correction of inaccurate or incomplete Personal Data

•     Right to erasure (Art. 17): to request deletion of your Personal Data in certain circumstances ("right to be forgotten")

•     Right to restriction of processing (Art. 18): to request that we limit how we use your Personal Data in certain circumstances

•     Right to data portability (Art. 20): to receive your Personal Data in a structured, machine-readable format and transmit it to another controller

•     Right to object (Art. 21): to object to processing based on legitimate interests, including for direct marketing

•     Right to withdraw consent (Art. 7(3)): to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing

•     Right to lodge a complaint (Art. 77): to lodge a complaint with your national data protection supervisory authority if you believe we have processed your Personal Data in breach of applicable law. A list of EEA supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK users may contact the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, please contact us at: office@diplomat.academy. We will respond within the timeframe required by applicable law (generally within one (1) month for GDPR requests). We may request verification of your identity before processing your request.

If you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (CCPA/CPRA), grants you the following rights:

•     Right to know: to request disclosure of the categories and specific pieces of Personal Data we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it

•     Right to delete: to request deletion of Personal Data we have collected, subject to certain exceptions (e.g., where retention is required for legal compliance or to complete a transaction)

•     Right to correct: to request correction of inaccurate Personal Data we maintain about you

•     Right to opt out of sale or sharing: we do not sell or share Personal Data for cross-context behavioral advertising. You therefore have no need to opt out, but this right is available to you.

•     Right to limit use of sensitive Personal Data: we do not collect sensitive Personal Data as defined under CPRA.

•     Right to non-discrimination: we will not discriminate against you for exercising any CCPA/CPRA rights.

To submit a verifiable California consumer request, contact us at:

Email: office@diplomat.academy

We will acknowledge receipt within ten (10) business days and respond substantively within forty-five (45) days, with a possible extension of a further forty-five (45) days where reasonably necessary.

California's "Shine the Light" law (Cal. Civ. Code § 1798.83) permits California residents to request information about Personal Data shared with third parties for direct marketing purposes. We do not share Personal Data with third parties for their own direct marketing purposes.

With respect to Global Privacy Control (GPC) signals: our Site's current response to GPC signals is described in our Cookie Policy. We are actively evaluating full GPC compliance and will update this Policy accordingly.

Our Services are directed exclusively to individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose Personal Data from individuals under the age of 18 ("minors").

If you are a parent or guardian and believe that a minor has provided us with Personal Data without your consent, please contact us immediately at office@diplomat.academy. Upon verification, we will promptly delete such data from our records.

If you are under 18, please do not use our Services or provide any Personal Data to us.

Our Site does not currently alter its data collection or use practices in response to browser-based "Do Not Track" (DNT) signals, as there is no uniform standard for DNT signal interpretation. This is consistent with standard industry practice pending regulatory guidance.

With respect to Global Privacy Control (GPC) signals, please refer to our Cookie Policy for our current technical implementation status. We are actively working toward full GPC compliance.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

•     post the updated Policy on our Site with a revised effective date

•     notify registered users by email where required by applicable law or where changes materially affect your rights

Your continued use of our Site or Products after the effective date of any revised Policy constitutes your acceptance of the updated terms. If you do not agree with any update, you must discontinue use of our Services.

We encourage you to review this Policy periodically. Prior versions of this Policy are available upon request.

For any privacy-related questions, concerns, or to exercise your data subject rights, please contact our privacy team:

VALUEMINT LLC d/b/a Diplomat Academy

30 N Gould St, Ste R

Sheridan, WY 82801

United States

Email: office@diplomat.academy

We endeavor to respond to all legitimate privacy inquiries within the timeframes required by applicable law. To help us process your request efficiently, please include your full name, the email address associated with your account, and a clear description of your request.

Note for EEA users: If you are not satisfied with our response, you have the right to lodge a complaint with your competent data protection supervisory authority (see Section 12).

By using our Site or purchasing our Products, you acknowledge that you have read, understood, and agree to this Privacy Policy. Where applicable law requires explicit consent, your use of our services constitutes such consent to the extent permitted by law. You retain the right to withdraw consent at any time as described herein.