Privacy
Policy

The National AML Learning Center ("NAMLC," "we," "our," or "us") is committed to protecting the privacy of individuals who interact with our website and certification verification system. This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with the NAMLC website located at namlc.org (the "Site") and the services we provide.

NAMLC is an independent certification authority. We are not a government entity, and our services are limited to certificate verification, registry maintenance, and standards information. This Privacy Policy applies to all visitors, users, and others who access the Site.

By using the Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please do not use the Site.

2.1 Information You Provide Directly. We may collect information you voluntarily provide when you:

• Submit a certificate verification inquiry, including the Certificate ID you enter into the verification system

• Subscribe to NAMLC updates or communications by providing your email address

• Contact us with questions, feedback, or requests

2.2 Certification Registry Data. The NAMLC certification registry contains information about individuals who have completed NAMLC-endorsed AML/BSA training programs. This information is provided to NAMLC by authorized training partners and includes: the certified individual's full name, a unique Certificate ID, the name of the training program completed, the date of certification, and the certification expiration date (if applicable).

2.3 Automatically Collected Information. When you visit the Site, we may automatically collect certain technical information, including: IP address, browser type and version, operating system, referring URLs, pages visited, and the date and time of your visit. This information is collected through standard web server logs and, where applicable, cookies or similar technologies.

2.4 Verification Query Logs. When a party uses the NAMLC verification system to look up a certificate, we may log the Certificate ID queried and the date and time of the query. We do not collect or store information about the identity of the party conducting the verification unless they voluntarily provide it.

NAMLC uses the information we collect for the following purposes:

3.1 Certificate Verification. To operate and maintain the public certificate verification system, allowing authorized parties to confirm the validity of AML/BSA training certifications.

3.2 Registry Maintenance. To maintain an accurate and up-to-date registry of certifications issued through NAMLC-endorsed training programs.

3.3 Communications. To respond to inquiries, send requested information, and, where you have opted in, deliver updates regarding NAMLC standards, certification changes, or regulatory developments.

3.4 Site Operations. To monitor and improve the performance, security, and functionality of the Site.

3.5 Legal and Compliance. To comply with applicable legal obligations, respond to lawful requests from government authorities, and enforce our Terms of Service.

We do not use personal information for advertising, marketing profiling, or sale to third parties.

The NAMLC certification registry is a public record maintained for the purpose of enabling certificate verification. The following terms apply to registry data:

4.1 Public Accessibility. Certification records including the certified individual's name, Certificate ID, training program, and certification date are accessible to any party who queries the verification system with a valid Certificate ID. This public accessibility is a core function of the NAMLC verification system and is necessary for its purpose.

4.2 Consent Through Enrollment. Individuals who complete NAMLC-endorsed training programs consent to the inclusion of their certification information in the public registry as a condition of receiving NAMLC certification. This consent is communicated through the training provider's enrollment process.

4.3 Correction Requests. If a certified individual believes that their registry information is inaccurate, they may submit a correction request to NAMLC. Correction requests must include the Certificate ID and documentation supporting the requested change. NAMLC will review and respond to correction requests within a reasonable time.

4.4 Retention. Certification records are retained in the registry for the duration of the certification's validity period and for a reasonable period thereafter to support audit and historical verification needs. Records associated with revoked or expired certifications are retained but marked accordingly.

NAMLC does not sell personal information. We may disclose information in the following limited circumstances:

5.1 Training Partners. We share certification data with authorized training partners, including Soflo Consulting, for the purpose of maintaining accurate registry records and coordinating certification issuance. Training partners are required to handle this data in accordance with applicable privacy standards.

5.2 Legal Requirements. We may disclose information when required by law, court order, or lawful request from a government authority, or when we believe disclosure is necessary to protect the rights, property, or safety of NAMLC, our users, or the public.

5.3 Business Transfers. In the event of a merger, acquisition, or transfer of NAMLC's operations, certification registry data and related information may be transferred to the successor entity, subject to the same privacy protections described in this Policy.

5.4 Service Providers. We may engage third-party service providers to assist with Site operations, hosting, or technical maintenance. These providers are authorized to use information only as necessary to perform services on our behalf and are bound by confidentiality obligations.

NAMLC implements reasonable technical and organizational measures to protect the information we maintain against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Secure hosting infrastructure with access controls

• Encryption of data in transit using industry-standard protocols

• Restricted access to certification registry data on a need-to-know basis

• Regular review of security practices and procedures

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify affected individuals as required by applicable law.

The Site may use cookies and similar tracking technologies to enhance your experience and collect usage information. Cookies are small text files stored on your device by your browser.

7.1 Essential Cookies. Some cookies are necessary for the Site to function properly, such as session management and security features. These cookies cannot be disabled without affecting Site functionality.

7.2 Analytics Cookies. We may use analytics tools to understand how visitors use the Site, including which pages are visited most frequently and how users navigate the verification system. This information is used in aggregate form to improve the Site.

7.3 Your Choices. Most browsers allow you to control cookies through their settings. You may choose to disable cookies, but doing so may affect your ability to use certain features of the Site. We do not respond to "Do Not Track" signals at this time.

The Site may contain links to third-party websites, including training providers, regulatory agencies, and other resources. NAMLC is not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

The NAMLC verification system is operated in association with Soflo Consulting. Soflo Consulting's privacy practices are governed by their own privacy policy, available at sofloconsulting.com. NAMLC and Soflo Consulting maintain separate data practices consistent with their respective roles.

Depending on your jurisdiction, you may have certain rights regarding your personal information. NAMLC respects these rights to the extent applicable:

9.1 Access. You may request information about what personal data NAMLC holds about you, including your certification registry entry.

9.2 Correction. You may request correction of inaccurate information in the certification registry. See Section 4.3 for the correction request process.

9.3 Deletion. You may request deletion of personal information that NAMLC holds about you, subject to our legal obligations and the public record nature of the certification registry. Note that deletion of registry entries may affect the verifiability of your certification.

9.4 Opt-Out of Communications. If you have subscribed to NAMLC communications, you may opt out at any time by following the unsubscribe instructions in any communication or by contacting us directly.

To exercise any of these rights, please contact NAMLC through the information provided on the About page. We will respond to requests within a reasonable time and in accordance with applicable law.

The NAMLC Site and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. AML/BSA training programs endorsed by NAMLC are professional compliance training programs intended for adults in regulated industries.

If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information promptly.

NAMLC reserves the right to update or modify this Privacy Policy at any time. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this Policy periodically.

Your continued use of the Site following any changes to this Privacy Policy constitutes your acceptance of the revised Policy. If you do not agree with the changes, you should discontinue use of the Site.

If you have questions, concerns, or requests regarding this Privacy Policy or NAMLC's data practices, please contact us through the information provided on the About page.

For matters related to certification registry corrections or data access requests, please include your Certificate ID and a description of your request to ensure prompt handling.

NAMLC is operated in association with Soflo Consulting. For training-related privacy inquiries, please contact Soflo Consulting directly at sofloconsulting.com.