Privacy Statement | IT-Learn
Effective date: 2025-11-23
Last updated: 2025-11-23
Controller: IT-Learn | contact email: contact.itlearn@gmail.com
1. What personal data do we process?
We only process the following personal data:
- Account information: email address, chosen username, and password (hashed).
- Authentication information: data provided by Google OAuth (usually email address and account ID).
- Technical information: IP address and server logs (temporary, for security and debugging purposes).
We do not ask for date of birth, address, phone number, ID photos, or sensitive categories (health, race, religion, criminal record). Avatar uploads and other upload features are currently disabled; if this functionality is added later, we will update this statement.
2. Purposes and Legal Basis
We process personal data for the following purposes:
- Account creation and login (authentication) - necessary to provide the service (performance of the contract).
- Security and misuse prevention - legitimate interest (e.g., fraud detection and troubleshooting).
- Communication and processing of requests via the provided email address.
We do not use personal data for newsletters, targeted advertising, or data sales.
3. Processors / External Service Providers
We use the following third parties:
- Supabase - database and authentication; our project is located in Ireland (EU).
- Google (OAuth) - for user authentication.
- Hosting provider: currently Infinity Free (servers are typically located in the UK; free hosting may have limited backup options).
If a provider processes data outside the EU, we implement appropriate safeguards (e.g., Standard Contractual Clauses).
4. Retention Periods
- Account data: as long as the account is active + 1 year after deletion.
- Server logs/IP addresses: 30 days (security and debugging).
- Uploads (if added later): as long as the account is active or up to 1 year after deletion.
5. Minors and Age Policy
IT-Learn allows registration for those aged 13 and over. In Belgium, the digital age limit is 13. We never ask for ID photos and do not perform ID verification.
6. User Rights
Users have the right to: access, rectification, erasure, restriction of processing, objection, portability, and withdrawal of consent.
Requests: contact.itlearn@gmail.com
If you are not satisfied, you can file a complaint with the Belgian Data Protection Authority (APD/GBA), Rue de la Presse 35, 1000 Brussels, contact@apd-gba.be, tel. +32 2 274 48 00.
7. Account Deletion
Once the feature is available, users can delete their account themselves through their settings. Until then, a request can be sent to contact.itlearn@gmail.com; we will delete the data according to the retention periods.
8. Security
We take measures such as:
- HTTPS
- Supabase and Google OAuth for secure login
- Hashed passwords
- Logs max. 30 days
- (Uploads currently disabled)
9. Cookies and Trackers
Only necessary cookies for login and site functionality. No ads or analytics. Supabase or the hosting provider may place functional cookies.
10. Transfer outside the EU
Supabase operates in Ireland (EU). If data is processed outside the EU in the future, we will use appropriate safeguards (SCCs).
11. Data Breaches
If we suspect a data breach, we will investigate it and report it if legally required.
12. Changes
We may amend this statement; if material changes are made, we will publish a new version with an effective date.
13. Contact / Mailbox Monitoring
The mailbox abuse-ithelp-be@googlegroups.com is primarily monitored by Joren and by the user pseudonym "Broodje56." If necessary, correspondence will be escalated to a designated adult; that person's contact details will be provided upon request for official or legal processing.