1. Information We Collect
1.1 Information You Provide
- Account Registration: Name, email address, username, password (hashed), and optional profile photo.
- Profile Information: Bio, educational interests, institution name (optional).
- Content Submissions: Quizzes, articles, comments, discussion threads, and other content you create or upload.
- Payment Information: We do not store card details directly. Payments are processed by third-party gateways (see Section 9).
- Communications: Messages sent to us via email or contact forms.
- Reports: Information submitted when you report a quiz or creator.
1.2 Information Collected Automatically
- Usage Data: Pages visited, quizzes attempted, time spent, scores, and interaction patterns.
- Device Information: IP address, browser type, operating system, device identifiers.
- Log Data: Server access logs, error logs, and authentication logs.
- Cookies & Session Data: As described in Section 3.
2. How We Use Your Information
| Purpose | Legal Basis |
|---|
| Providing and operating the Platform | Contract performance |
| Authentication and account security | Contract performance / Legitimate interest |
| Displaying your quiz scores and progress | Contract performance |
| Sending service notifications and alerts | Contract performance |
| Investigating reported violations and enforcing Terms | Legitimate interest / Legal obligation |
| Improving Platform features and performance | Legitimate interest |
| Compliance with legal obligations and court orders | Legal obligation |
| Responding to DMCA / copyright takedown requests | Legal obligation |
| Analytics and Platform usage statistics | Legitimate interest |
| Communicating policy updates (rare) | Legitimate interest |
We do not use your personal data for targeted advertising or sell it to third parties for marketing purposes.
3. Cookies & Tracking Technologies
3.1 Essential Cookies
We use session cookies that are strictly necessary for the Platform to function — including authentication sessions and CSRF security tokens. These cannot be disabled without breaking the Platform.
3.2 Preference Cookies
We store your theme preference (light/dark), language settings, and navigation state in browser local storage and cookies.
3.3 Analytics
We may use privacy-friendly analytics tools to understand Platform usage patterns. These tools do not track you across websites and do not use personally identifiable information.
3.4 No Third-Party Ad Tracking
We do not use Facebook Pixel, Google Ads tracking, or any cross-site advertising trackers.
4. Data Sharing & Disclosure
We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:
- Service Providers: Trusted third-party services that help us operate the Platform (hosting, email delivery, payment processing). These parties are contractually bound to protect your data.
- Legal Requirements: When required by law, court order, or a government authority with proper jurisdiction, including in response to intellectual property enforcement proceedings.
- Copyright Enforcement: If a valid DMCA or copyright complaint identifies your content as infringing, we may share account information with the complainant or their legal representatives as part of the enforcement process.
- Safety: To protect the safety of users or the public, or to prevent fraud or illegal activity.
- Business Transfer: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction, subject to the same privacy protections.
5. Data Storage & Security
All data is stored on servers located in India (Hostinger). We implement appropriate technical and organisational security measures including:
- Bcrypt password hashing with a work factor of 12.
- HTTPS/TLS encryption for all data in transit.
- CSRF token protection on all state-changing requests.
- Rate limiting and brute-force protection on login and API endpoints.
- Encrypted storage of sensitive API keys.
- Regular database backups.
While we implement strong security measures, no system is completely immune to unauthorised access. In the event of a data breach that poses a risk to your rights, we will notify affected users as required by applicable law.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide services. Specifically:
- Account data: Retained until account deletion request or Platform termination.
- Quiz attempts & scores: Retained indefinitely unless you request deletion.
- Deleted accounts: Core identifying data is deleted within 30 days. Anonymised aggregate usage data may be retained for analytics.
- Suspended accounts: Data retained for up to 2 years to support investigations or legal proceedings.
- Log files: Retained for 90 days for security purposes.
- Legal holds: Data subject to a legal hold or court order is retained for the duration required by law.
7. Your Rights
👁️ Access
Request a copy of the personal data we hold about you.
✏️ Correction
Request correction of inaccurate or incomplete data.
🗑️ Deletion
Request deletion of your account and personal data (subject to legal retention requirements).
📦 Portability
Request your data in a structured, machine-readable format.
🚫 Objection
Object to processing based on legitimate interest.
📵 Withdraw Consent
Withdraw consent for optional processing at any time.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. Identity verification may be required before processing your request.
8. Children's Privacy
The Platform is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete it. If you are a parent or guardian and believe your child has created an account, please contact us immediately at [email protected].
9. Third-Party Services
The Platform integrates with the following third-party services, each with their own privacy policies:
- Cloudflare Turnstile — Bot detection on registration/login (Privacy: cloudflare.com/privacypolicy)
- Google Fonts — Font delivery via Google CDN
- Google Gemini AI / Mistral AI — AI content generation for creators (query text is sent to these APIs; see Section 10)
- Hostinger — Server hosting and database infrastructure
- Telegram — Optional Telegram account linking for notifications
We are not responsible for the privacy practices of third-party services. We encourage you to review their respective privacy policies.
10. AI Features & Data Processing
When creators use the AI content generation feature (powered by Google Gemini or Mistral AI), the following applies:
- The topic or prompt entered by the creator is transmitted to the relevant AI provider's API.
- No personal user data from learners is transmitted to AI providers.
- AI-generated content is stored on our servers and is subject to the same terms as all other content.
- Creator AI API keys (if provided) are stored in encrypted form and are never logged in plain text.
- Creators are responsible for ensuring that prompts they submit do not contain third-party confidential or copyrighted material.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The updated policy will be posted on this page with a revised Effective Date. For material changes, we will provide notice via email or a prominent Platform notification. Your continued use of the Platform after the effective date constitutes acceptance of the updated policy.
12. Contact & Data Grievance
For any privacy-related queries, data requests, or concerns: