Data Protection

Your data protection rights and how we safeguard your personal information.

Last updated: July 2025

Our Commitment to Data Protection

At Rightal Learn, we are committed to protecting your personal data and respecting your privacy rights. We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy legislation.

This page outlines our data protection practices, your rights, and how we ensure the security of your information.

Data We Collect and Process

We collect and process the following categories of personal data:

Identity Data

  • Full name and username
  • Email address and phone number
  • Profile picture and bio
  • Educational institution and level

Educational Data

  • Course enrollments and subjects
  • Study materials and uploaded content
  • Learning progress and performance
  • AI conversation history

Technical Data

  • Device information and IP address
  • Browser type and version
  • Usage patterns and analytics
  • Log files and error reports

Financial Data

  • Payment information (processed by third parties)
  • Coin wallet balance and transactions
  • Billing address and history

Your Data Protection Rights

Under data protection laws, you have the following rights:

Right to Access

You can request a copy of all personal data we hold about you, including information about how it's processed.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the original purpose.

Right to Restrict Processing

You can request that we limit how we process your data in certain situations.

Right to Data Portability

You can request a copy of your data in a structured, machine-readable format to transfer to another service.

Right to Object

You can object to processing of your data for direct marketing or other legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

Data Security Measures

We implement comprehensive security measures to protect your data:

Technical Safeguards

  • End-to-end encryption
  • Secure HTTPS connections
  • Regular security audits
  • Vulnerability assessments

Organizational Measures

  • Staff training on data protection
  • Access controls and authentication
  • Data breach response procedures
  • Regular policy reviews

Infrastructure Security

  • Secure cloud hosting
  • Regular backups
  • Disaster recovery plans
  • Network monitoring

Data Minimization

  • Collect only necessary data
  • Regular data purging
  • Purpose limitation
  • Retention policies

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract: To provide our educational services
  • Consent: For marketing communications and optional features
  • Legitimate Interest: To improve our services and prevent fraud
  • Legal Obligation: To comply with applicable laws and regulations

International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place:

  • Adequacy decisions by relevant authorities
  • Standard contractual clauses
  • Binding corporate rules
  • Certification schemes

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify relevant authorities within 72 hours
  • Inform affected users without undue delay
  • Provide clear information about the breach
  • Offer guidance on protective measures
  • Implement additional security measures

How to Exercise Your Rights

To exercise any of your data protection rights, you can:

  • Use the privacy settings in your account
  • Contact our Data Protection Officer
  • Submit a request through our support system
  • Send an email to our privacy team

We will respond to your request within one month and may ask for additional information to verify your identity.

Complaints and Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with:

  • Our Data Protection Officer (first point of contact)
  • Your local data protection authority
  • The Information Commissioner's Office (ICO) in the UK
  • Other relevant supervisory authorities

Contact Our Data Protection Officer

For any questions about data protection or to exercise your rights, contact our Data Protection Officer:

Email: dpo@rightal.com

Privacy Team: privacy@rightal.com

Address: Data Protection Officer, Rightal Learn, San Francisco, USA

Phone: +15122996320

Updates to This Policy

We may update this data protection policy to reflect changes in our practices or applicable laws. We will notify you of significant changes and obtain your consent where required.