Information We Collect
Comments
When visitors leave comments, we collect the data shown in the form along with the visitor’s IP address and browser user agent string to help with spam detection.
Avatars: Profile images are stored locally on our servers. We do not use third-party avatar lookup services.
Media
If you upload images, avoid including embedded location data (EXIF GPS). Visitors can extract location data from images on the site.
Embedded Content
Articles may include embedded content (videos, images, etc.) that behaves as if you visited the external site directly. These sites may collect data, use cookies, and track interactions.
Store & LMS Interactions
We track products/courses viewed, approximate location, IP, browser type, and other technical details to improve your experience and fulfill enrollments or orders.
LMS data: For enrolled users we store course enrollments, progress, quiz attempts (timestamp, score, pass/fail), and certificates where applicable.
Purchase Information
We collect name, email, phone, billing address and optional account info to process purchases/enrollments, respond to requests, and comply with legal obligations.
Payment credentials (card/UPI) are not stored on our servers; these are processed by our payment provider (see Payments).
Who Has Access
Administrators (and limited staff with appropriate permissions) can access order/enrollment information to fulfill purchases, support users, issue refunds, and manage courses.
Payments
We use a third-party payment processor, Razorpay, to process payments. Razorpay processes information such as your name, phone, email, billing details, payment method details, and identifiers like payment/order IDs to complete the transaction and prevent fraud. We do not receive or store full card or UPI credentials on our servers.
For details, see Razorpay’s Privacy Policy and Buyer Privacy Notice.
Security (Web Application Firewall)
We use a web application firewall (WAF) to protect this site. For firewall and threat prevention, our security service may process visitor IP addresses, user-agents, pages visited, and timestamps to detect malicious activity. Depending on configuration, short-term security logs may be retained.
Bot Protection (reCAPTCHA)
We use Google reCAPTCHA on login and/or forms to prevent spam and abuse. reCAPTCHA evaluates technical data (e.g., device, browser, referrer, interaction patterns) and may set cookies to distinguish humans from bots. Use of reCAPTCHA is subject to Google’s Privacy Policy and Terms.
Single Sign-On (Google)
If you choose “Sign in with Google”, we receive your name, email, and profile image from Google to create or log you into your account on this site. You can revoke access from your Google Account settings at any time.
Caching & Performance
We use server-side caching to speed up this site. This stores anonymous copies of pages on our server; no personal data is sent to third-party caches.
If enabled, we may also use a content delivery and optimization service (CDN/optimizer), which processes visitor IP addresses and standard HTTP metadata to deliver cached/optimized content efficiently.
Email & Newsletters
Transactional email: We send account and order emails via our email provider (SMTP). Email metadata (recipient, time sent, sending server IP) is processed to deliver messages and prevent abuse.
Newsletter sign-ups (optional): If you subscribe, we store your email, optional name, signup source, time, and IP address to operate the list, prove consent, and prevent spam. You can unsubscribe at any time using the link in each email.
Orders, Receipts & Webhooks
Our LMS stores internal order records (order ID, course purchased, user ID, payment status, Razorpay payment/order IDs) for accounting, fraud prevention, support, and audit. Card/UPI details are processed by Razorpay, not us.
Two-Factor Authentication (2FA)
If you enable 2FA, we store a TOTP secret linked to your account to verify your login codes. You can disable 2FA in your profile, which removes the secret from your account.
How We Use Your Information
- Provide courses, track progress, issue certificates, and improve user experience.
- Process transactions/enrollments and communicate with you.
- Maintain security, prevent fraud/abuse, and comply with legal obligations.
We do not sell or share your personal data with third parties without consent, unless required by law.
Cookies & Tracking
We use cookies to enhance your experience. You can manage cookie preferences via your browser settings and our cookie banner.
- Strictly necessary: login/session, security (firewall), and checkout (Razorpay).
- Functional: features like course comparison or remembering preferences.
- Analytics (optional): We use an analytics service provided by Google to measure usage. Analytics scripts load only after you consent in our cookie banner. When active, analytics collects pseudonymous usage data (e.g., page views, approximate location derived from IP, device/browser information). You can withdraw consent anytime in the cookie settings. Learn how Google safeguards Analytics data: support.google.com/analytics/answer/6004245.
- Bot protection: reCAPTCHA cookies may be set on pages where protection is active.
Hosting & Backups
Our host may maintain daily backups of site data for continuity. Backups can include account/order/course data present at the time and are retained/rotated per host policy.
Data Retention
Comments and their metadata may be retained to help recognize and approve follow-up comments.
- Account data: kept while active; typically deleted within 12–24 months of closure unless legally required.
- Course progress & quiz attempts: kept while your account is active; typically deleted within 12–24 months after account closure.
- Payment/order data: retained up to 7 years for accounting/tax (or longer if laws require).
- Security logs: retained up to 30–90 days (aligned with configuration).
- Newsletter logs: up to 12 months after unsubscribe (to prove consent and maintain suppression).
- Server/cache artifacts: hours to days.
Your Rights
Depending on your location, you may have rights to access, rectify, delete, port, or restrict processing of your personal data, and to object to certain processing.
- EU/EEA/UK (GDPR): access, rectification, erasure, restriction, portability, objection; lodge a complaint with your supervisory authority.
- India (DPDP Act 2023): access, correction, erasure, grievance redressal; contact our grievance officer (see below).
To exercise rights, email support@edukatt.com. We may need to verify your identity before responding.
Data Security
We implement industry-standard measures to protect your data from unauthorized access and misuse.
Note: No method of transmission or storage is 100% secure; however, we continuously improve our safeguards.
Policy Updates
This policy may be updated periodically. We will post the updated version here and update the “Last updated” date above.
Governing Law
This policy is governed by Indian laws. Disputes will fall under the jurisdiction of courts in [City/State], India.
Contact Us
If you have questions or concerns, reach out at support@edukatt.com.
Grievance officer (India): add contact name/email/phone here.
Legal Basis
Under the GDPR (where applicable), we process your personal data based on:
- Contract – to deliver the services you enroll in (courses, progress tracking, certificates).
- Legitimate Interests – to secure and improve our site and prevent abuse, balanced against your rights.
- Consent – for analytics cookies, newsletters, and reCAPTCHA where required. You may withdraw consent at any time.
- Legal Obligations – to comply with tax, accounting, and regulatory requirements.
International Transfers
Your data may be processed outside your country (for example, by Google, Razorpay, or our hosting/email provider). Where required, we use safeguards such as Standard Contractual Clauses or equivalent mechanisms.
Back to top ↑
