Privacy Policy

1. Introduction

Archgyan Academy ("Academy", "we", "us", or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our platform at academy.archgyan.com.

By using the Academy, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the platform. This policy should be read alongside our Terms of Service.

2. Information We Collect

2.1 Information You Provide

• Account information: Name, email address, and password when you create an account.
• Payment information: Payment details are processed securely by Stripe. We do not store your full credit card number on our servers. We may store transaction IDs and billing records.
• Course interactions: Enrollment records, lesson progress, quiz responses, and completion data.
• Communications: Emails or messages you send to us, including support requests and feedback.

2.2 Information Collected Automatically

• Usage data: Pages visited, courses viewed, time spent on lessons, and feature usage patterns.
• Device information: Browser type, operating system, screen resolution, and device type.
• Log data: IP address, access timestamps, and referral URLs.
• Cookies: See Section 6 below for details on our cookie usage.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Academy and its features.
• Process payments and manage your subscriptions and enrollments.
• Track your course progress and provide personalized learning experiences.
• Send transactional emails such as enrollment confirmations, purchase receipts, and account notifications.
• Respond to support requests and communicate with you about your account.
• Detect and prevent fraud, abuse, and security incidents.
• Analyze usage patterns to improve our courses and platform.
• Comply with legal obligations.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data on the following legal bases:

• Contract performance: Processing necessary to provide you with courses, manage your account, and process payments.
• Legitimate interests: Improving our platform, preventing fraud, and analyzing usage patterns.
• Consent: Where you have given consent, such as for non-essential cookies or marketing communications.
• Legal obligation: Processing required to comply with applicable laws and regulations.

5. Data Sharing & Third Parties

We do not sell your personal information. We share data only with trusted service providers who help us operate the Academy:

• Stripe — Payment processing. Stripe processes your payment details under their own privacy policy.
• Supabase — Database hosting (PostgreSQL). Stores account and course data.
• Vercel — Application hosting and deployment.
• Bunny CDN — Video content delivery. Serves course videos securely.
• Resend — Transactional email delivery (enrollment confirmations, account notifications).
• Upstash — Redis service for rate limiting and security.

We may also disclose your information if required by law, in response to legal process, or to protect the rights, safety, and property of Archgyan, our users, or the public.

6. Cookies & Tracking

We use the following types of cookies:

• Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
• Functional cookies: Store your preferences such as cookie consent choice and display settings.
• Analytics cookies: Help us understand how users interact with the platform to improve our services. These are only set with your consent.

You can manage your cookie preferences at any time through our Privacy Settings page or the cookie consent banner displayed on your first visit.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained while your account is active and for a reasonable period afterward.
• Course progress: Retained as long as your account exists so you can resume learning.
• Payment records: Retained as required by financial regulations and tax laws.
• Data subject requests (DSR): Completed requests are retained for 365 days for audit purposes, then automatically deleted.
• Webhook event logs: Payment webhook events are retained for 30 days, then automatically deleted.

When you delete your account, we will remove or anonymize your personal data within a reasonable timeframe, except where retention is required by law.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Passwords are hashed using bcrypt (never stored in plain text).
• All data is transmitted over HTTPS/TLS encrypted connections.
• Authenticated video content is protected by time-limited signed tokens.
• Rate limiting protects against brute-force and abuse attacks.
• Payment processing is handled by PCI-compliant providers (Stripe).

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data ("right to be forgotten").
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Request your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Withdraw consent for cookie or marketing preferences at any time.

You can exercise your data access and deletion rights through our Privacy Settings page. To manage or cancel your subscription, visit your Account Settings. For other requests, contact us at privacy@archgyan.com. We will respond within 30 days.

10. International Data Transfers

Your data may be processed and stored in countries outside your country of residence, including the United States and other regions where our service providers operate. We ensure that adequate data protection safeguards are in place, including using providers that comply with industry-standard data protection frameworks.

11. Children's Privacy

The Academy is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a user under 18, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page. For material changes, we will provide notice through the platform or via email. Your continued use of the Academy after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Privacy inquiries: privacy@archgyan.com
• General support: support@archgyan.com
• Contact page: archgyan.com/contact