Privacy Policy

Last updated: 7/20/2025

Data Controller Information

Company: Inrang

Email: [email protected]

Address: [Your Business Address]

Data Protection Officer: [email protected]

1. Information We Collect

Personal Data You Provide

  • Email address (required for course delivery)
  • Name (optional, for personalized content)
  • Student's grade level or age (for age-appropriate challenges)
  • Payment information (processed securely by Stripe)

Automatically Collected Data

  • Device information and browser type
  • IP address and general location (country/region)
  • Website usage data and analytics
  • Learning progress and challenge completion rates
  • Email engagement metrics (open rates, click rates)

2. Legal Basis for Processing (GDPR Article 6)

  • Contract Performance: Processing necessary to provide our educational services
  • Legitimate Interest: Improving our service, analytics, and fraud prevention
  • Consent: Marketing communications (you can withdraw anytime)
  • Legal Obligation: Tax records, data protection compliance

3. How We Use Your Information

  • Deliver daily math challenges and educational content via email
  • Track learning progress and provide personalized recommendations
  • Process payments and manage subscriptions
  • Send important course updates and announcements
  • Improve our educational content based on aggregated performance data
  • Prevent fraud and ensure platform security
  • Comply with legal obligations

4. Data Sharing and Third Parties

We never sell your personal data. We only share data with trusted service providers:

  • Email Service: Mailgun/SendGrid for email delivery
  • Payment Processing: Stripe for secure payment handling
  • Analytics: Google Analytics (anonymized data only)
  • Cloud Hosting: AWS/Vercel for website and data hosting
  • Customer Support: Zendesk for support ticket management

5. Your GDPR Rights

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

6. Data Security and Retention

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit and at rest
  • Regular security audits and updates
  • Access controls and staff training
  • Secure backup and disaster recovery procedures

Data Retention: We retain personal data for as long as necessary to provide services, comply with legal obligations, or as specified in our retention policy (typically 7 years for financial records, 3 years for learning data after account closure).

7. Children's Privacy (COPPA Compliance)

Our service is designed for children under 13 with parental supervision. We require verifiable parental consent before collecting personal information from children under 13. Parents can review, modify, or delete their child's information at any time by contacting us.

8. International Data Transfers

If you are located in the EU, your data may be transferred to countries outside the European Economic Area. We ensure adequate protection through Standard Contractual Clauses approved by the European Commission.

9. Cookies and Tracking

We use essential cookies for website functionality and analytics cookies (with consent) to improve our service:

  • Essential Cookies: Authentication, preferences, security
  • Analytics Cookies: Google Analytics (anonymized)
  • Functional Cookies: Theme preferences, language settings

10. Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay if the breach poses a high risk.

11. Contact Us and Complaints

For any privacy-related questions or to exercise your rights:

Email: [email protected]

Response Time: Within 30 days

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or prominent notice on our website. Continued use after notification constitutes acceptance of the updated policy.