Privacy Policy

Account Information

When you create an account, we collect:

• Registration details: First name, last name, email address, display handle (username), and password
• Google Sign-In: If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.
• Profile information: Optional profile picture you choose to upload

Usage Data

We automatically collect information about how you use the platform:

• Learning progress: Courses enrolled, lessons completed, coding problem attempts and results, recall card interactions, and bookmarks
• Code submissions: When you submit Python code for grading, it is sent to our secure execution service (see Section 3). SQL code runs entirely in your browser and is not collected by us.
• Engagement data: Likes, feedback, and feature usage patterns

Device & Log Data

• Device information: Browser type, operating system, screen resolution, and device identifiers
• Log data: IP address, access timestamps, pages viewed, referring URLs, and session duration

Payment Information

If you subscribe to a paid plan, your payment is processed by Razorpay, our payment processor. Razorpay collects your card number, UPI ID, or other payment details directly. We never receive, store, or have access to your full card number. We only receive:

• Subscription status (active, cancelled, etc.)
• Billing interval (monthly or annual)
• Currency preference (INR or USD)
• Razorpay subscription and payment identifiers

We use the information we collect to:

• Provide, maintain, and improve the platform and its features
• Create and manage your account
• Track your learning progress across courses, coding problems, and recall cards
• Process subscription payments and manage billing
• Send important account-related communications (e.g., subscription confirmations, billing notices)
• Respond to your support requests and feedback
• Monitor usage patterns to improve the learning experience
• Enforce rate limits to prevent abuse and ensure fair access
• Detect, prevent, and address security threats and technical issues
• Comply with legal obligations

We do not currently use your personal data for advertising, profiling, or automated decision-making that produces legal effects. If this changes in the future, we will update this policy and notify you in advance.

• SQL execution: SQL queries run directly in your web browser using a built-in database engine. Your SQL code and query results stay on your device and are never transmitted to our servers.
• Python execution: Python code primarily runs in your browser. For certain grading operations, Python code may be sent to our secure execution service for evaluation. Code sent for grading is processed in an isolated sandbox and is not stored after grading is complete.
• Visualization: SQL and Python visualizations are generated entirely in your browser.

We share data only with trusted service providers who help us operate the platform:

We may also share information in the following circumstances:

• Legal requirements: When required by law, court order, or governmental authority
• Safety: To protect the rights, property, or safety of our users or the public
• Business transfers: In connection with a merger, acquisition, or sale of assets, in which case you will be notified
• With your consent: When you explicitly authorize sharing

We use cookies and similar technologies as follows:

Essential Cookies (Always Active)

• Authentication cookies: Secure, httpOnly session cookies that keep you signed in. These cannot be accessed by client-side JavaScript.
• Consent preference: Stores your cookie consent choice in localStorage.
• Theme preference: Stores your light/dark mode preference in localStorage.

Analytics Cookies (Require Consent)

• Google Analytics 4: Collects anonymized usage data (pages visited, session duration, device type). We use Google Consent Mode v2 — analytics cookies are only set after you consent via our cookie banner.
• Vercel Analytics: Collects privacy-friendly web vitals and performance metrics. Does not use cookies or track individuals.

You can manage cookies through our cookie consent banner or your browser settings. Disabling essential cookies may prevent authentication from working correctly.

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit: All data is transmitted over HTTPS/TLS
• Encryption at rest: Database data is encrypted at rest using AES-256 encryption
• Password security: Passwords are securely hashed using industry-standard cryptographic algorithms. We never store or have access to plaintext passwords.
• Access controls: Database access policies ensure users can only access their own data
• Rate limiting: API endpoints are protected by rate limiting to prevent abuse
• Payment security: Payment data is processed by Razorpay, which is PCI-DSS Level 1 compliant. We never handle raw card data.

While we take reasonable precautions, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Regardless of your location, you have the following rights:

For EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to object to processing based on legitimate interests. Our legal basis for processing your data includes: performance of a contract (providing the Services), legitimate interests (improving and securing the platform), and consent (analytics cookies). You may also lodge a complaint with your local data protection authority.

For California Residents (CCPA)

Under the California Consumer Privacy Act (CCPA), California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at the address below.

To exercise any of these rights, contact us at support@letsdatascience.com. We will respond within 30 days.

• Account data: Retained for as long as your account is active. If you request deletion, we remove or anonymize your personal data within 30 days.
• Learning progress: Retained with your account. Deleted when your account is deleted.
• Payment records: Subscription and transaction records are retained for 7 years after the last transaction to comply with Indian tax and accounting regulations.
• Webhook event logs: Payment webhook events are retained for 1 year for debugging and dispute resolution.
• Server logs: Automatically purged after 30 days.

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at support@letsdatascience.com and we will promptly delete it.

Our Services are hosted on a global edge network, and our database is managed by a cloud infrastructure provider. Your data may be transferred to and processed in countries outside your country of residence, including the United States and India. These countries may have different data protection laws than your jurisdiction.

We ensure that any international data transfers comply with applicable laws and that appropriate safeguards are in place, including our service providers' commitments to data protection standards.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if you have an account) or by posting a notice on the platform. The "Last updated" date at the top reflects when the policy was most recently revised. We encourage you to review this page periodically.

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us: