Privacy Policy
This is a plain-English explanation of how the EMPO website (empomm.com) handles information. The short version: we don't track you, we don't run ads, and we only ever see the few details you choose to send us.
Who we are and what this policy covers
We are EMPO Training & Consultancy Services ("EMPO", "we", "us"), a humanitarian-sector capacity-building organisation based in Yangon, Myanmar. We provide training, consultancy and digital products for NGOs, CSOs, INGOs and humanitarian professionals across Myanmar.
This policy explains how we handle personal data in connection with our website, empomm.com. It is written for ordinary visitors, people who contact us, and people who buy one of our digital products.
It covers empomm.com only. The other platforms in our ecosystem — EMPO Academy (academy.empomm.com), where you create an account and take online courses, and EMPO Base (empobase.com) — are separate services with their own accounts, terms and privacy policies. Our online store also runs on a separate platform; we explain that below. When you follow a link to any of these, the privacy policy of that destination applies.
Our simple promise
We believe a marketing website should not spy on the people who visit it. So we have built empomm.com to collect as little as possible. In plain terms:
- No tracking. We do not follow you around the web or build a profile of you.
- No advertising. We run no ad networks and no advertising cookies.
- No analytics. We have not installed Google Analytics, a Meta pixel, or any other analytics or measurement tool. None.
- No selling. We never sell, rent or trade your personal data to anyone.
- Minimal data. The only personal details we receive are the ones you deliberately choose to send us — for example, when you email us through the contact form.
These are statements of fact about how the site is built today, not aspirations. If that ever changes, we will update this policy first and say so clearly.
What personal data we actually receive, and how
On the marketing pages of empomm.com, only three things send any information about you through the website. (Our separate online store also collects order and checkout details when you buy something — see "The online store and payments" below.)
1. Information you volunteer when you contact us
Our contact form is deliberately simple. When you fill it in and submit, the website does not send your details to any EMPO server or database — it has none. Instead, it opens your own email app with a message pre-addressed to contact@empomm.com, already filled in with what you typed. You then choose to press send.
That means the personal data we receive is simply whatever you put in that email: typically your name, your email address, your phone number and your message. The message arrives in our inbox like any ordinary email. You can edit or delete anything before sending it, and you are always free to email us directly instead.
2. Standard server logs (via our host, Hostinger)
Like virtually every website, ours runs on a web server — provided by our hosting company, Hostinger. To deliver pages and keep the service running and secure, that server automatically records standard technical logs. These can include your IP address, the type of browser and device you are using, the pages you requested, and the date and time. This is generated by the hosting infrastructure, not by any tracking code we added, and we use it only for security and to keep the site working.
3. Your IP address is disclosed to Google when fonts load
One technical detail worth flagging: to display our typefaces, the site loads fonts from Google Fonts (fonts.googleapis.com and fonts.gstatic.com). When your browser fetches those fonts, your IP address is necessarily disclosed to Google as part of that request. We do not control what Google does with it; please see Google's own privacy policy. We use Google Fonts only to render text properly — not to identify or track you.
What we do NOT do
It is just as important to be clear about what does not happen on this site.
- We do not use analytics or measurement tools of any kind.
- We do not set tracking or advertising cookies, and we do not run advertising.
- We do not sell, rent, share or trade your personal data for marketing.
- We do not run an active newsletter from this site. The "Join" email field in the footer is currently a placeholder that is not connected to anything — it does not submit, send or store your email, and there is no subscriber list behind it. If we ever launch a real newsletter, we will make the consent clear and update this policy.
- We do not collect sensitive personal information through this website (such as health, religion or identity details), and we ask that you do not send sensitive details about yourself or others by email.
Why we use the little data we receive
We only use the small amount of information described above for clear, limited purposes:
- To respond to your enquiry and answer your questions when you contact us.
- To follow up and arrange the training, consultancy or product you have asked about (the actual delivery happens through the relevant service or store platform, under its own terms).
- To keep the website available, stable and secure, and to prevent abuse — this is the role of the server logs.
- To keep basic records where the law requires it — for example, a record of a sale.
We follow the principle of using as little data as possible: we do not gather data "just in case", and we do not repurpose your message for anything you did not intend.
Legal basis and your consent
When you email us or send the contact form, you are choosing to share your details so that we can reply — that is the basis on which we use them. We also keep standard server logs because we have a genuine, everyday need to keep the site secure and working.
Myanmar does not currently have a single comprehensive data-protection statute. We commit to good data-protection practice and to following applicable Myanmar law. To be clear, we do not claim GDPR, ISO or any other formal certification; the standards below are principles we choose to follow, not certifications we hold.
Our wider data-protection commitments
This website itself receives almost nothing — usually just the email you choose to send us. But EMPO handles personal data across all of its humanitarian work, and the same commitments guide everything we do, online and offline.
Where we work with international donors and partners, we are guided by widely recognised data-protection principles: being lawful, fair and transparent; only using data for the purpose you gave it; collecting as little as possible; keeping it accurate; not holding it longer than needed; and keeping it secure and confidential.
As a humanitarian actor, our handling of any personal data about affected people is also guided by humanitarian data-protection norms, including the principles in the ICRC Handbook on Data Protection in Humanitarian Action, "Do No Harm", and Accountability to Affected Populations (AAP).
The online store and payments
Our digital products are sold through a separate online store (empomm.com/sell-empo-products), which runs on a Hostinger store platform. Browsing, checkout and payment all happen there, not on these marketing pages.
Payment is made locally in Myanmar Kyat (MMK) using the methods offered at checkout, such as bank transfer or mobile wallet. These marketing pages never see or handle card numbers or payment details. Any personal or order information you provide at checkout is handled within the store platform under its own terms. If you have a question about a purchase, you can always email us at contact@empomm.com.
Third parties, service providers and outbound links
Because the site has no backend of our own, only a small number of third parties are involved in running it:
- Hostinger — our hosting and email provider. Hostinger serves the website, processes the standard server logs described above, and stores the email inbox that your messages arrive in.
- Google Fonts — used to load our typefaces. As noted above, this discloses your IP address to Google when fonts are fetched.
The site also links out to other places: our YouTube channel (youtube.com/@empomm), EMPO Academy, EMPO Base, our online store, and our social media profiles on Facebook, Telegram and LinkedIn. We link to YouTube rather than embedding videos, so YouTube does not set cookies through this site — but as soon as you follow any outbound link, you leave empomm.com.
We are not responsible for the privacy practices, content or cookies of websites we link to. Once you arrive on a third-party site, that site's own privacy policy governs your visit. We encourage you to read it.
Cookies
The empomm.com marketing pages do not set any cookies of their own — no tracking cookies, no advertising cookies, no analytics cookies. We do not show a cookie banner because there is nothing to consent to.
Your browser may, on its own, cache some files (such as images, fonts and stylesheets) to make the site load faster on your next visit. That is normal browser behaviour, stored on your device and under your control — you can clear it at any time through your browser settings. Separately, our online store and the other ecosystem platforms may use their own cookies, which are covered by their own policies.
How long we keep your emails
We keep the emails you send us for as long as we need them to handle your enquiry and maintain a reasonable record of our correspondence — for example, to follow up on a consultancy request or a product question. As a guide, we typically keep enquiry emails for around 24 months unless an ongoing relationship means we need them for longer, and we delete them once they are no longer needed.
Standard server logs are generated and retained by our host, Hostinger, as part of its normal hosting operations and under Hostinger's own retention practices; we do not control how long Hostinger keeps them. If you would like us to delete an email you sent us, just ask — see "Your rights" below.
How we protect your data
The website is served over a secure, encrypted connection (HTTPS). Because the marketing site has no database and no logins, there is no store of visitor accounts or passwords that could be breached here.
The emails you send us are held in our inbox, hosted by Hostinger, and access is limited to the EMPO team members who need it to respond to you. We take reasonable, good-practice steps to keep that information confidential. No method of transmitting information over the internet is ever completely secure, so please avoid sending highly sensitive details by email.
Your rights
Because we only hold the information you have chosen to send us, exercising your rights is straightforward. You can ask us to:
- Access — tell you what personal data of yours we hold (in practice, the emails you have sent us).
- Correct — fix anything that is inaccurate or out of date.
- Delete — remove the emails and details you have sent us, where we are not required to keep them.
To make a request, just email contact@empomm.com and tell us what you would like. We will respond within a reasonable time and may need to confirm your identity to protect your data before we act.
If you have bought a digital product, your order and personal details live in the separate store platform and are handled under its own policy. You can still email contact@empomm.com and we will help you route or action the request.
There is currently no national data-protection regulator in Myanmar to appeal to. If you are not satisfied with how we have handled your request, you can ask us to escalate it to our founder and CEO, who will review it personally.
Children
EMPO's website, training, consultancy and products are aimed at adult humanitarian professionals and organisations. The site is not directed at children, and we do not knowingly collect personal data from children. If you believe a child has sent us personal information, please contact us and we will delete it.
EMPO Academy and EMPO Base have their own policies
EMPO Academy (academy.empomm.com) and EMPO Base (empobase.com) are separate platforms. They have their own accounts, their own terms and their own privacy policies, which govern any data you provide there — including, on EMPO Academy, your account details, course activity, certificates and local Kyat payments.
This policy does not cover those platforms. When you use them, please refer to the privacy policy published on each one.
Changes to this policy
We may update this policy from time to time — for example, if we add a feature or change a service provider. When we do, we will revise the "Last updated" date at the top of the page. If a change is significant, we will make a point of saying so clearly. We encourage you to check back occasionally.
How to contact us about privacy
If you have any question about this policy, about how we handle your information, or if you would like to access, correct or delete data you have sent us, we are happy to help.
- Email: contact@empomm.com
- Phone: +95 9 250 326 876
- EMPO Training & Consultancy Services, Yangon, Myanmar
This privacy policy was last updated on 1 July 2026 and takes effect from that date.
