Privacy Policy

Account Information

When you create an account, we collect:

• Registration details: First name, last name, email address, display handle (username), and password
• Google Sign-In: If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.
• Profile information: Optional profile picture you choose to upload

Usage Data

We automatically collect information about how you use the platform:

• Learning progress: Courses enrolled, lessons completed, coding problem attempts and results, recall card interactions, and bookmarks
• Code submissions: When you submit code for grading, your solution is saved to your account so you can review your submission history. Python code is additionally sent to our secure execution service for grading (see Section 3). SQL code executes entirely in your browser.
• Engagement data: Likes, feedback, and feature usage patterns

AI Assistant Interactions

When you use the AI tutoring assistant (LDS Mentor), we collect:

• Messages and code you submit: Your chat messages and any code you share in the conversation are sent to our servers and forwarded to our AI service provider to generate a response. These are processed in real time and are not stored on our servers after the response is delivered.
• Usage metrics: We record aggregate token counts (how much AI capacity you have used) per session and per day, linked to your account, to enforce fair-use limits. We do not store the content of your conversations.
• Conversation history: Conversation context is maintained locally in your browser session only. It is not saved to our servers between sessions.

Device & Log Data

• Device information: Browser type, operating system, screen resolution, and device identifiers
• Log data: IP address, access timestamps, pages viewed, referring URLs, and session duration

Payment Information

If you subscribe to a paid plan, your payment is processed by Razorpay, our payment processor. Razorpay collects your card number, UPI ID, or other payment details directly. We never receive, store, or have access to your full card number. We only receive:

• Subscription status (active, cancelled, etc.)
• Billing interval (monthly or annual)
• Currency preference (INR or USD)
• Razorpay subscription and payment identifiers

We use the information we collect to:

• Provide, maintain, and improve the platform and its features
• Create and manage your account
• Track your learning progress across courses, coding problems, and recall cards
• Process subscription payments and manage billing
• Send important account-related communications (e.g., subscription confirmations, billing notices)
• Respond to your support requests and feedback
• Monitor usage patterns to improve the learning experience
• Power the AI tutoring assistant (LDS Mentor) — your messages and code are processed to generate real-time tutoring responses
• Track AI usage metrics per account to enforce fair-use limits
• Enforce rate limits to prevent abuse and ensure fair access
• Detect, prevent, and address security threats and technical issues
• Comply with legal obligations

We display advertising on parts of the Services (currently our news section) to keep our content free. If you consent via our cookie banner, we and our advertising partners may use cookies and similar technologies to measure ad performance and deliver more relevant ads. If you decline advertising cookies, you will still see ads, but they will be contextual (based on the page content) rather than personalized.

We do not use your personal data for automated decision-making that produces legal or similarly significant effects. We do not sell your personal information. If any of these practices change, we will update this policy and notify you in advance.

• SQL execution: SQL queries run directly in your web browser using a built-in database engine. Your SQL code and query results stay on your device and are never transmitted to our servers.
• Python execution: Python code primarily runs in your browser. For certain grading operations, Python code may be sent to our secure execution service for evaluation. Code sent for grading is processed in an isolated sandbox and is not stored after grading is complete.
• Visualization: SQL and Python visualizations are generated entirely in your browser.

AI Tutoring Assistant (LDS Mentor)

When you interact with LDS Mentor, your messages and any code you share are transmitted to our servers and forwarded to our AI service provider to generate a tutoring response. This data flow is necessary for the feature to function — AI processing cannot happen in your browser.

• Message content: Sent to our AI service provider in real time to generate a response. Our AI service provider processes your data under a data processing agreement and does not use it to train their models.
• Conversation content not stored: We do not store the text of your conversations on our servers after the response is delivered. Conversation history is maintained only in your browser session.
• Usage counts stored: We record how many AI requests you have made (daily and per session) in your account record to enforce fair-use limits. These are numeric counts only — not conversation content.

We share data only with trusted service providers who help us operate the platform:

We may also share information in the following circumstances:

• Legal requirements: When required by law, court order, or governmental authority
• Safety: To protect the rights, property, or safety of our users or the public
• Business transfers: In connection with a merger, acquisition, or sale of assets, in which case you will be notified
• With your consent: When you explicitly authorize sharing

We use cookies and similar technologies as follows:

Essential Cookies (Always Active)

• Authentication cookies: Secure, httpOnly session cookies that keep you signed in. These cannot be accessed by client-side JavaScript.
• Consent preference: Stores your cookie consent choice in localStorage.
• Theme preference: Stores your light/dark mode preference in localStorage.

Analytics Cookies (Require Consent)

• Google Analytics 4: Collects anonymized usage data (pages visited, session duration, device type). We use Google Consent Mode v2 — analytics cookies are only set after you click “Accept all” in our cookie banner. If you decline, Google Analytics still receives cookieless pings for aggregated, non-identifying measurement only (no cookies, no user ID, no cross-session linking).
• Vercel Analytics: Collects privacy-friendly web vitals and performance metrics. Does not use cookies or track individuals.

Advertising Cookies (Require Consent)

When you click “Accept all”, we enable the following Google Analytics Advertising Features:

• Google Signals: Associates your visit with data from signed-in Google users who have opted into Ads Personalization in their Google account, enabling cross-device measurement, demographics and interests reporting, and remarketing audiences. Google Signals data may include information Google has collected from your activity across Google services (such as YouTube, Search, and partner sites).
• Remarketing: Allows us to show relevant content and ads to visitors who have previously interacted with our Services.
• Demographics and Interests reports: Provides aggregated age, gender, and interest-category insights about our audience (never identifying individual users).
• Google advertising identifiers: Cookies used to measure ad performance and deliver more relevant ads across the Google ecosystem. If you decline, you will still see ads but they will be contextual rather than personalized.
• EthicalAds: Our advertising partner on news articles. Uses contextual targeting based on the content of the page — no personal profile is built about you.

Sensitive categories: We do not use Google Signals, Remarketing, or any other analytics feature to identify individual users, to build profiles based on sensitive categories (including health, race, religion, sexual orientation, political affiliation, financial status, or trade-union membership), or to facilitate merging personally identifiable information with non-personally identifiable information previously collected from Display Advertising features.

How to opt out of Google Ads Personalization: In addition to declining advertising cookies in our banner, you can opt out at the Google-account level at adssettings.google.com. You can also review and delete activity Google has stored against your account at myactivity.google.com. To opt out of Google Analytics altogether, install the Google Analytics Opt-out Browser Add-on.

Global Privacy Control (GPC)

We honor the Global Privacy Control browser signal. If your browser or extension sends GPC, we automatically treat it as an opt-out of sharing personal information for cross-context behavioral advertising — even if you otherwise click “Accept all”. Analytics cookies remain under your normal consent control.

You can change your cookie choice at any time by clicking “Cookie preferences” in the footer of any page, or by clearing your browser's site data. Disabling essential cookies may prevent authentication from working correctly.

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit: All data is transmitted over HTTPS/TLS
• Encryption at rest: Database data is encrypted at rest using AES-256 encryption
• Password security: Passwords are securely hashed using industry-standard cryptographic algorithms. We never store or have access to plaintext passwords.
• Access controls: Database access policies ensure users can only access their own data
• Rate limiting: API endpoints are protected by rate limiting to prevent abuse
• Payment security: Payment data is processed by Razorpay, which is PCI-DSS Level 1 compliant. We never handle raw card data.

While we take reasonable precautions, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Regardless of your location, you have the following rights:

For EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to object to processing based on legitimate interests. Our legal basis for processing your data includes: performance of a contract (providing the Services), legitimate interests (improving and securing the platform), and consent (analytics cookies). You may also lodge a complaint with your local data protection authority.

For California Residents (CCPA / CPRA)

Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”), California residents have the right to know what personal information is collected, request correction or deletion, limit the use of sensitive personal information, and opt out of the sale or sharing of personal information.

We do not sell personal information for money. If you click “Accept all” in our cookie banner, we do “share” certain identifiers (cookie IDs, IP address) with Google for cross-context behavioral advertising as defined by CPRA. You have the right to opt out of this sharing at any time.

How to opt out of sharing:

• Click “Cookie preferences” in the footer of any page and choose “Essential only”.
• Enable Global Privacy Control in your browser (available in Firefox, Brave, DuckDuckGo browsers, and many privacy extensions). We automatically honor this signal as a binding opt-out of sharing for advertising — no banner click required.

California residents may also exercise these rights by emailing us at the address in Section 12. We will not discriminate against you for exercising any of these rights.

For Other US State Residents

If you reside in a state with a comprehensive consumer privacy law (including Colorado, Connecticut, Oregon, Texas, Virginia, and others), you have similar rights to access, correct, delete, and opt out of targeted advertising. The Global Privacy Control mechanism described above applies to all such states that recognize it. To exercise state-specific rights, contact us at the address in Section 12.

To exercise any of these rights, contact us at support@letsdatascience.com. We will respond within 30 days.

• Account data: Retained for as long as your account is active. If you request deletion, we remove or anonymize your personal data within 30 days.
• Learning progress: Retained with your account. Deleted when your account is deleted.
• Payment records: Subscription and transaction records are retained for 7 years after the last transaction to comply with Indian tax and accounting regulations.
• Webhook event logs: Payment webhook events are retained for 1 year for debugging and dispute resolution.
• AI conversation content: Not retained on our servers. Conversation history exists only in your browser session and is cleared when you close or refresh the page.
• AI usage metrics: Token usage counts (daily and session totals) are retained with your account for the lifetime of your account and are deleted when your account is deleted.
• Server logs: Automatically purged after 30 days.

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at support@letsdatascience.com and we will promptly delete it.

Our Services are hosted on a global edge network, and our database is managed by a cloud infrastructure provider. Your data may be transferred to and processed in countries outside your country of residence, including the United States and India. These countries may have different data protection laws than your jurisdiction.

We ensure that any international data transfers comply with applicable laws and that appropriate safeguards are in place, including our service providers' commitments to data protection standards.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if you have an account) or by posting a notice on the platform. The "Last updated" date at the top reflects when the policy was most recently revised. We encourage you to review this page periodically.

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us: