Privacy Statement | IT Learn

Last updated: 2026-03-19

Privacy Statement | IT Learn

Effective date: 2026-03-19
Last updated: 2026-03-19
Controller: IT Learn | contact email: contact.itlearn@gmail.com

1. Personal Data We Process

We process the categories below to operate and secure the Service:

  • Account data: email address, user ID, login method, and password hash managed through Supabase authentication.
  • OAuth data: identifiers and basic profile fields returned by Google, GitHub, or Discord sign-in.
  • Profile data: username, bio, avatar URL or avatar image data URL, profile tagline, and profile moderation flags.
  • Learning and gamification data: course/chapter progress, XP, streak, badges, quests, coins, inventory, and related learning telemetry stored in user progress records.
  • Moderation and abuse data: bio report reason/details, reporter and reported user IDs, moderation actions, and ban status fields.
  • Technical/security data: IP address, request metadata, session identifiers, and CAPTCHA verification data needed for anti-abuse protection.
  • Support data: data you provide through support channels, including live chat where available.

We do not intentionally request special category data. Please do not submit unnecessary sensitive personal information.

2. Sources of Data

We collect data directly from you, from your use of the platform, and from selected third-party providers (such as OAuth identity providers and infrastructure/security providers).

3. Purposes and Legal Bases (GDPR)

  • Provide the Service (account creation, authentication, profile, progress, badges, and learning features): Article 6(1)(b) GDPR (contract).
  • Secure the Service (CAPTCHA checks, anti-cheat limits, abuse detection, moderation, fraud prevention): Article 6(1)(f) GDPR (legitimate interests).
  • Support and communications: Article 6(1)(b) and 6(1)(f) GDPR.
  • Legal compliance and enforcement: Article 6(1)(c) and 6(1)(f) GDPR.

We do not sell your personal data.

4. Cookies, Local Storage, and Similar Technologies

Our Service uses cookies and browser storage for core functionality and security. Current examples include:

  • Session cookie (Flask session): keeps authenticated server session state. Configured as Secure and HttpOnly.
  • localStorage keys: language preference, OAuth flow helpers, Discord join preference, and chat consent markers.
  • sessionStorage keys: temporary CAPTCHA flow helper values.
  • Turnstile integration: Cloudflare Turnstile scripts and related tokens to validate human access.
  • Tawk.to script: support chat integration on selected pages, with consent/helper markers on some pages.

These technologies are used for security, login flow continuity, preferences, and support functionality.

5. Processors and Third-Party Services

  • Supabase for authentication and database services.
  • Cloudflare for security infrastructure and Turnstile CAPTCHA.
  • PythonAnywhere for backend hosting/runtime.
  • Google OAuth, GitHub OAuth, Discord OAuth for optional third-party authentication and Discord join flow.
  • Tawk.to for support chat where enabled.

6. International Transfers

Where data is processed outside the EEA/UK, we rely on lawful transfer mechanisms such as Standard Contractual Clauses (SCCs), adequacy decisions, or other legally valid safeguards.

7. Data Retention

  • Account and platform data: retained while your account is active and deleted or anonymized when no longer required, subject to legal obligations.
  • Progress/profile/gamification records: removed as part of account deletion flow when deletion is requested and processed.
  • Security and abuse data: retained for as long as reasonably needed for abuse prevention, incident handling, legal defense, and compliance.
  • Support records: retained as needed to resolve issues and maintain support history.

8. Security Measures

We use transport encryption (HTTPS/TLS), secure session cookie settings, access controls, and abuse protections (including CAPTCHA and anti-cheat validation rules). No system can guarantee absolute security, but we continually improve safeguards.

9. Automated Checks and Moderation

We use automated and rule-based checks to detect suspicious progress submissions and abuse patterns (for example cheat detection thresholds). Enforcement actions can include blocked saves or account restrictions, with human moderation available for account-level actions and appeals.

10. Your Privacy Rights

Where applicable (including GDPR), you may request access, correction, deletion, restriction, objection, portability, and withdrawal of consent for consent-based processing.

Contact us at contact.itlearn@gmail.com. We may request identity verification before fulfilling a request. We respond within legally required timelines.

You can lodge a complaint with the Belgian Data Protection Authority (APD/GBA):
Address: Rue de la Presse 35, 1000 Brussels, Belgium
Email: contact@apd-gba.be
Phone: +32 2 274 48 00
Website: www.dataprotectionauthority.be

11. Minors

The Service is intended for users aged 13 or older. If local law requires parental authorization for minors, users are responsible for obtaining that permission.

12. Account Deletion

You can request deletion through available account features or by contacting us. Current deletion flow aims to remove account-linked progress/profile/gamification records and associated authentication account data, subject to technical and legal constraints.

13. Data Breach Handling

If a personal data breach is detected, we investigate, mitigate, and notify authorities and/or affected users when legally required.

14. Changes to This Privacy Statement

We may update this statement. Material updates will be published with a revised effective date.

15. Contact Information

Data Controller: IT Learn
General inquiries and data protection requests: contact.itlearn@gmail.com
Abuse and security reports: abuse-ithelp-be@googlegroups.com

Download