1. Introduction

Overview of Privacy Commitment: At Librainian, we take user privacy seriously and prioritize the security of your personal data.

Scope: This privacy policy applies to registered users of our platform.

Definitions: In this privacy policy, the term "personal data" refers to any information related to an identified or identifiable person. "Service" refers to the Librainian platform, including its web and mobile applications. "Third-party analytical tools" refer to external services such as Google Analytics that help us understand user behavior.

2. Data Collection

a. Types of Data Collected

• Personal Information: Full name, email address, contact information, father’s name, address, age, gender, location, locality, city, state, image (optional), and course.
• Financial Information: Payment details, processed through Razorpay and PhonePe, including payment mode.
• Behavioral Data: Clickstream data, browsing patterns within the application, collected via third-party tools such as Google Analytics and Microsoft Clarity.
• Sensitive Data: No sensitive data such as health or biometric data is collected.
• Data from Devices: Metadata such as device IDs, mobile carrier, time zone, etc. This data is not collected directly but may be inferred from browser usage (Chrome is used for web access).

b. Collection Methods

• Registration Forms: Data is collected through registration forms where users provide their personal details such as full name, email, contact information, etc.
• Automated Tracking: We use cookies, pixels, and other analytics tracking technologies to collect usage data.
• Surveys and Feedback: Optional data collected through user feedback or surveys.
• Customer Support: Information provided by users when submitting support tickets.

c. Third-Party Data

• Social Media Login: Information obtained from third-party social media logins will be implemented in the future.
• Third-Party APIs: Data obtained from integrated third-party services.

3. Purpose of Data Collection

a. Service Functionality

• Account Creation and Management: Using personal information to create and manage user accounts, activate packages, and render services.
• Service Personalization: Tailoring content and features based on user preferences and activity.

b. Performance and Analytics

• Internal Analytics: Using data to analyze and improve service performance (e.g., monitoring load times, feature usage).

c. Communication and Notifications

• Transactional Emails: Emails for order confirmations, password resets, or account-related messages.
• Marketing: Users may receive marketing emails and notifications.
• Push Notifications: Under development for mobile app users.

d. Security and Fraud Detection

• Account Security: Personal data helps prevent unauthorized access. Security features are handled by Cloudflare, including a Zone-level Web Application Firewall (WAF) and SSL/TLS encryption.
• Monitoring for Suspicious Activity: Malicious activities, fraud attempts, or data breaches are monitored by Cloudflare.

4. Data Sharing

a. Sharing with Third-Party Services

• Purpose of Sharing: Data is shared with third-party services for payment processing (Razorpay), security (Cloudflare), analytics (Google Analytics), and communication (BulkSMS, Gmail).
• Vendor Agreements: All third-party providers are contractually bound to protect user data.
• List of Third-Party Partners: Google Analytics, Cloudflare, Microsoft Clarity, Razorpay, BulkSMS, Gmail.

b. Sharing for Legal Compliance

• Government Requests: We comply with government or law enforcement requests where required by law. We will disclose user data when requested by authorized bodies for legal or regulatory purposes.
• Legal Disputes: Data may be shared in the event of legal proceedings or disputes, to protect our rights, comply with a subpoena, or respond to a legal claim.

5. Data Security

a. Security Measures

• Encryption: All data is encrypted during transmission via SSL/TLS protocols.
• Access Control: Data is accessible only by authorized personnel.
• Monitoring and Audits: Regular systems audits are conducted to detect unauthorized access or breaches.

b. Data Breach Protocol

• Breach Notification: Users will be notified of a data breach in a timely manner.
• Mitigation Measures: Steps will be taken to limit damage, such as disabling accounts or resetting passwords.

6. Data Retention

a. Retention Period

• Account Activity: Data will be retained as long as the account is active.
• Legal Obligations: We may retain data to comply with legal obligations, such as tax or audit requirements.

b. Deletion Requests

• Process for Deletion: Users may request data deletion by contacting us.
• Retention Exceptions: Some data may not be deleted due to legal or technical reasons.

7. User Rights

a. Access and Transparency

• Right to Access: Users can view the data we hold about them.
• Requesting Copies: Users can request a copy of their personal data.

b. Correcting Information

• Updating Personal Information: Users can update their profile details at any time.
• Correcting Errors: Users can correct inaccurate or incomplete data.

c. Data Deletion

• Right to Be Forgotten: Users can request the deletion of their data.
• Service Impact: Deleting data may limit access to certain services.

d. Portability

• Format of Data: Data can be provided in a structured, machine-readable format.

e. Objection to Processing

• Opting Out of Marketing: Users can withdraw consent for marketing communications.
• Objecting to Profiling: Users can opt out of profiling or automated decision-making processes.

8. Cookies and Tracking Technologies

a. Types of Cookies

• Session Cookies: Used to maintain user session information.
• Persistent Cookies: Used to remember login credentials or user preferences.
• Third-Party Cookies: Used by advertisers or analytics services.

b. Managing Cookies

• Browser Settings: Users can adjust browser settings to block cookies.
• Cookie Consent Banner: A banner will be shown to users to seek consent for cookies.

c. Tracking Technologies

• Pixels and Tags: Non-cookie tracking methods like pixel tags or web beacons.

9. International Data Transfers

a. Data Storage Locations

User data may be stored in countries outside your jurisdiction, including the EU and US.

b. Cross-Border Data Transfers

• Safeguards: We employ mechanisms such as Privacy Shield and Standard Contractual Clauses to protect data transferred internationally.
• User Rights: Users have rights regarding their data, even when transferred outside their jurisdiction.

10. Minors and Children’s Privacy

a. Age Restrictions

• Minimum Age: Users must be over the age of [X] to use Librainian.
• Verifiable Parental Consent: If children's data is collected, parental consent will be sought.

b. Parental Rights

• Access to Children’s Data: Parents can access and manage their child's data.
• Deletion Requests for Minors: Parents can request the deletion of a child’s data.

11. Changes to Privacy Policy

a. Version History

• Track Changes: Users can view past versions of the privacy policy.
• Highlight Major Changes: Significant revisions will be communicated to users.

b. Effective Date and Future Updates

• Effective Date: This version of the policy is effective as of [Date].
• Periodic Reviews: The policy will be reviewed and updated regularly.

12. User Consent

a. Consent at Signup

Users provide consent to our privacy policy when creating an account.

b. Withdrawing Consent

• Opt-Out Mechanism: Users can withdraw consent for data collection or processing at any time.
• Consequences: Withdrawing consent may result in loss of access to certain features.

13. Legal Basis for Processing Data

a. Consent

We seek user consent for data processing when required.

b. Legitimate Interest

We rely on legitimate interest for processing some data to provide our services.

c. Contractual Necessity

Data processing may be necessary to fulfill user agreements or contracts.

d. Compliance with Legal Obligations

We retain data to comply with legal obligations like tax or audit requirements.

14. Third-Party Links and Integrations

a. Third-Party Websites

This privacy policy applies only to Librainian and not to third-party websites linked from our platform.

b. Data Shared with Third-Party Apps

Data may be shared with third-party apps via OAuth or API integrations with Librainian.

15. Contact Information

a. Privacy Concerns

If you have privacy-related concerns, you can contact us at [email address] or [mailing address].

b. Data Protection Officer

If applicable, you can reach our Data Protection Officer at [DPO contact details].

16. Applicable Laws and Regulations

a. Governing Laws

This privacy policy adheres to [specific regulations such as GDPR, CCPA].

b. User Rights by Region

Your rights may vary based on your region .