Institutum Antiquitatis, Inc.

Privacy Policy

Effective Date: April 21, 2026

 

This Privacy Policy explains how Institutum Antiquitatis, Inc. collects, uses, and protects personal information gathered through institutumantiquitatis.com (the “Site”). By using the Site you agree to this policy.

1. About Us

Institutum Antiquitatis, Inc. ("Institutum," "we," "us," or "our") is a Pennsylvania nonprofit corporation pending recognition as a tax-exempt organization under IRC § 501(c)(3). We provide online classical education in Latin, Ancient Greek, ancient philosophy, ancient music, and classical texts. Our principal office is in Pennsylvania, United States.

2. Scope and Applicability

This policy applies to all visitors to the Site regardless of location. We serve a global audience, including students in the United States, the European Economic Area (EEA), the United Kingdom, Canada, and other jurisdictions. Specific provisions for these jurisdictions appear in §§ 10–12 below.

3. Age Restrictions and Minors

 

Our educational programs are open to individuals aged 14 and older. We do not knowingly enroll or collect personal information from children under the age of 14. Because our minimum enrollment age is 14, our programs are not subject to the United States Children's Online Privacy Protection Act (COPPA), which applies to children under 13.

3.2  Students Aged 14–17 (Minors)

If a prospective student is between 14 and 17 years of age, enrollment must be initiated by a parent or legal guardian (201cGuardian201d). By completing enrollment on behalf of a minor, the Guardian:

•       confirms they are the minor's parent or legal guardian;

•       consents to our collection and use of the minor's personal data as described in this policy; and

•       accepts responsibility for ensuring the minor understands and complies with our terms of use.

 

We collect only the personal data necessary to deliver educational services and do not use minors' data for marketing purposes. Guardians may request access to, correction of, or deletion of their minor's personal data at any time by contacting us at the address in § 13.

3.3  International Age of Digital Consent

The age at which an individual may provide independent consent to data processing varies by country. Where a student's country of residence sets a higher age of digital consent than 14 (for example, 16 in many EEA member states under GDPR Article 8, or 13 in the United Kingdom under the UK GDPR), Guardian consent is required until that threshold is met. The table below is illustrative; it is not exhaustive.

 

Representative age-of-consent thresholds:

•       European Union (most member states): 16 — Guardian consent required for students under 16

•       Germany, Austria, Luxembourg: 14 — aligns with our minimum age

•       United Kingdom: 13 — Guardian consent required for students under 13 (our minimum age of 14 satisfies this)

•       United States (COPPA): 13 — Guardian consent required for children under 13 (our minimum age of 14 satisfies this)

•       Canada (PIPEDA): 13 — Guardian consent required for children under 13

•       Australia (Privacy Act): 15 — Guardian consent required for students under 15

•       Brazil (LGPD): 18 — Guardian consent required for all minors; parental authorization required

•       South Korea (PIPA / COPPA-K): 14 — Guardian consent required for students under 14

 

We default to requiring Guardian enrollment for all students under 18, which satisfies the most protective thresholds across our operating jurisdictions.

4. Information We Collect

4.1  Information You Provide

Through the Site and enrollment process, we may collect:

•       Contact information: name, email address, country/region, and, for minor students, Guardian name and contact information.

•       Program inquiries: information submitted through contact or interest forms.

•       Communications: emails or messages you send to us.

 

4.2  Information Collected Automatically

When you visit the Site, our hosting platform (Squarespace) and analytics service (Google Analytics 4) automatically collect:

•       IP address (truncated for analytics purposes in many jurisdictions)

•       Browser type, operating system, and device category

•       Pages visited, time on Site, and referring URL

•       General geographic region (country or city-level; not precise location)

 

This information is collected through cookies as described in our Cookie Policy.

4.3  Information We Do Not Collect

We do not collect payment card numbers, government identification numbers, Social Security numbers, precise geolocation data, biometric data, or health information through this Site.

5. How We Use Your Information

We use personal information to:

•       respond to inquiries and communicate about our programs;

•       process enrollment and deliver educational services;

•       fulfill legal and regulatory obligations;

•       improve the Site and understand how visitors use it (analytics); and

•       maintain organizational records consistent with our nonprofit governance obligations.

 

We do not sell, rent, or trade personal information. We do not use personal information for targeted advertising.

6. Legal Bases for Processing (GDPR / UK GDPR)

For visitors in the EEA, the United Kingdom, and Switzerland, we rely on the following legal bases under the GDPR and UK GDPR:

•       Contract performance: processing necessary to respond to inquiries and deliver enrolled educational services.

•       Legitimate interests: Site security, fraud prevention, and aggregate analytics to improve our programs, where these interests are not overridden by your rights.

•       Consent: analytics cookies (see Cookie Policy). You may withdraw consent at any time without affecting prior lawful processing.

•       Legal obligation: record-keeping required by applicable law.

 

For minor students, Guardian consent substitutes for the minor's own consent where required under GDPR Article 8 or equivalent national law.

7. Sharing of Information

We share personal information only as follows:

•       Service providers: Squarespace (web hosting and platform), Google (Analytics 4), and other vendors who process data on our behalf under appropriate data-processing agreements. These processors are bound to use data only for the purposes we specify.

•       Legal compliance: when required by law, regulation, court order, or to protect our legal rights or the safety of individuals.

•       Organizational successors: in the event of a merger, acquisition, or dissolution, subject to equivalent privacy protections.

 

8. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy, or as required by law. Contact-form and inquiry data is retained for a reasonable period to respond to your inquiry and for follow-up communications. Enrollment records are retained for the duration of enrollment and for a period thereafter consistent with applicable legal and tax requirements. Analytics data is subject to Google Analytics' default retention settings (up to 14 months for event-level data).

9. Security

We implement reasonable administrative, technical, and physical safeguards to protect personal information from unauthorized access, use, or disclosure. Our Site uses HTTPS encryption. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.

10. Your Rights — EEA and United Kingdom

If you are located in the EEA or the United Kingdom, you have the following rights under the GDPR or UK GDPR, subject to applicable exemptions:

•       Access: request a copy of personal data we hold about you.

•       Rectification: request correction of inaccurate data.

•       Erasure ('right to be forgotten'): request deletion of your data in certain circumstances.

•       Restriction: request that we limit processing of your data.

•       Portability: receive your data in a structured, machine-readable format.

•       Objection: object to processing based on legitimate interests.

•       Withdrawal of consent: withdraw consent at any time where processing is consent-based.

 

To exercise any of these rights, contact us at the address in § 13. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

11. Additional Rights — California (CCPA / CPRA)

California residents have the right to know what personal information we collect and how it is used; to request deletion of personal information; to opt out of the sale or sharing of personal information (we do not sell or share personal information); and to non-discrimination for exercising privacy rights. To submit a request, contact us at the address in § 13.

12. Additional Rights — Other Jurisdictions

We respect and, to the extent required by applicable law, comply with privacy legislation in all jurisdictions in which we operate, including Brazil (LGPD), Canada (PIPEDA and applicable provincial statutes), South Korea (PIPA), Australia (Privacy Act 1988), and others. Contact us if you have questions about your rights in a specific jurisdiction.

13. Contact and Data Controller

Institutum Antiquitatis, Inc. is the data controller for personal information collected through this Site. To exercise your rights, withdraw consent, or ask questions about this policy:

 

Institutum Antiquitatis, Inc.

Email: privacy@institutumantiquitatis.org

Website: institutumantiquitatis.com

 

For EEA and UK data-subject requests, we will endeavor to respond within 30 days. We may need to verify your identity before processing a request.

14. Changes to This Policy

We may revise this Privacy Policy from time to time. The revised policy will be posted on this page with an updated effective date. For material changes, we will provide notice by a means reasonably calculated to reach affected individuals. Continued use of the Site after a revised policy is posted constitutes acceptance of the revised terms.