This Privacy Policy describes how AIDriven Technologies Pvt. Ltd. ("we," "us," or "our"), operating the Let's Data Science platform at https://letsdatascience.com (the "Services"), collects, uses, discloses, and protects your personal information. We are incorporated in New Delhi, India.
By using our Services, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our Services.
Quick Summary
- We collect only what's necessary to run the platform
- Your data is encrypted in transit and at rest
- We do not sell personal data for money; privacy choices are available for analytics and advertising
- SQL code runs entirely in your browser. When you use the AI tutor, your messages are sent to our servers to generate a response.
- You can request access, correction, or deletion of your data
- Payment details are handled by Razorpay — we never see your card number
1.Information We Collect
Account Information
When you create an account, we collect:
- Registration details: First name, last name, email address, display handle (username), and password
- Google Sign-In: If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.
- Profile information: Optional profile picture you choose to upload
Usage Data
We automatically collect information about how you use the platform:
- Learning progress: Courses enrolled, lessons completed, coding problem attempts and results, recall card interactions, and bookmarks
- Code submissions: When you submit code for grading, your solution is saved to your account so you can review your submission history. Python code is additionally sent to our secure execution service for grading (see Section 3). SQL code executes entirely in your browser.
- Engagement data: Likes, feedback, and feature usage patterns
AI Assistant Interactions
When you use the AI tutoring assistant (LDS Mentor), we collect:
- Messages and code you submit: Your chat messages and any code you share in the conversation are sent to our servers and forwarded to our AI service provider to generate a response. These are processed in real time and are not stored on our servers after the response is delivered.
- Usage metrics: We record aggregate token counts (how much AI capacity you have used) per session and per day, linked to your account, to enforce fair-use limits. We do not store the content of your conversations.
- Conversation history: Conversation context is maintained locally in your browser session only. It is not saved to our servers between sessions.
Device & Log Data
- Device information: Browser type, operating system, screen resolution, and device identifiers
- Log data: IP address, access timestamps, pages viewed, referring URLs, and session duration
Payment Information
If you subscribe to a paid plan, your payment is processed by Razorpay, our payment processor. Razorpay collects your card number, UPI ID, or other payment details directly. We never receive, store, or have access to your full card number. We only receive:
- Subscription status (active, cancelled, etc.)
- Billing interval (monthly or annual)
- Currency preference (INR or USD)
- Razorpay subscription and payment identifiers
2.How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the platform and its features
- Create and manage your account
- Track your learning progress across courses, coding problems, and recall cards
- Process subscription payments and manage billing
- Send important account-related communications (e.g., subscription confirmations, billing notices)
- Respond to your support requests and feedback
- Monitor usage patterns to improve the learning experience
- Power the AI tutoring assistant (LDS Mentor) — your messages and code are processed to generate real-time tutoring responses
- Track AI usage metrics per account to enforce fair-use limits
- Enforce rate limits to prevent abuse and ensure fair access
- Detect, prevent, and address security threats and technical issues
- Comply with legal obligations
We display advertising on parts of the Services to keep content free. Ezoic, Google Ad Manager, and participating advertising partners provide ad delivery, auctioning, measurement, fraud prevention, and personalization where permitted. Ezoic's Gatekeeper consent interface controls consent-dependent advertising and analytics technologies according to the visitor's region and choices. More detail appears in Sections 4 and 5.
We do not use your personal data for automated decision-making that produces legal or similarly significant effects. We do not sell your personal information. If any of these practices change, we will update this policy and notify you in advance.
3.Code Execution & Data Processing
Your SQL code runs entirely in your browser. When you use the AI tutor, your messages are sent to our servers.
- SQL execution: SQL queries run directly in your web browser using a built-in database engine. Your SQL code and query results stay on your device and are never transmitted to our servers.
- Python execution: Python code primarily runs in your browser. For certain grading operations, Python code may be sent to our secure execution service for evaluation. Code sent for grading is processed in an isolated sandbox and is not stored after grading is complete.
- Visualization: SQL and Python visualizations are generated entirely in your browser.
AI Tutoring Assistant (LDS Mentor)
When you interact with LDS Mentor, your messages and any code you share are transmitted to our servers and forwarded to our AI service provider to generate a tutoring response. This data flow is necessary for the feature to function — AI processing cannot happen in your browser.
- Message content: Sent to our AI service provider in real time to generate a response. Our AI service provider processes your data under a data processing agreement and does not use it to train their models.
- Conversation content not stored: We do not store the text of your conversations on our servers after the response is delivered. Conversation history is maintained only in your browser session.
- Usage counts stored: We record how many AI requests you have made (daily and per session) in your account record to enforce fair-use limits. These are numeric counts only — not conversation content.
4.Information Sharing & Service Providers
We do not sell, trade, or rent your personal information to third parties.
We share data only with trusted service providers who help us operate the platform:
| Service | Purpose | Data Shared |
|---|---|---|
| Razorpay | Payment processing | Email, payment details (card/UPI) |
| Google Analytics 4 (incl. Google Signals, Remarketing, Demographics & Interests) | Usage analytics and, with advertising consent, cross-device measurement, aggregated demographics, and remarketing audiences | Anonymized browsing data (without analytics consent: cookieless pings only). With Analytics enabled: analytics cookie IDs, IP, device info, and page activity. With Advertising also enabled: analytics data plus advertising features such as Google Signals where permitted. |
| Hosting & CDN Providers | Hosting, content delivery, security, and performance analytics | IP address, page views, performance metrics |
| Authentication Provider | User sign-in and session management | Account credentials, profile data |
| Content Delivery Provider | Blog and educational content | No personal data (content delivery only) |
| AI Service Provider | AI tutoring assistant (LDS Mentor) | Messages and code you submit to the AI tutor |
| Ezoic | Consent management, advertising delivery, and advertising analytics | Consent choices and standard web-request, device, page, and advertising data; identifiers may be used only where permitted by applicable law and your consent choices |
| Infrastructure Services | Rate limiting and security | IP address (hashed), request metadata |
We may also share information in the following circumstances:
- Legal requirements: When required by law, court order, or governmental authority
- Safety: To protect the rights, property, or safety of our users or the public
- Business transfers: In connection with a merger, acquisition, or sale of assets, in which case you will be notified
- With your consent: When you explicitly authorize sharing
5.Cookies and Tracking
We use cookies and similar technologies for essential functions, analytics, and advertising. When Ezoic advertising is enabled, Ezoic Gatekeeper is our single visible consent-management platform. It applies the consent flow appropriate to the visitor's region and communicates the resulting choice to participating advertising and analytics vendors.
| Category | Examples | Purpose |
|---|---|---|
| Essential | sb-*-auth-token, consent records | Authentication, security, regional privacy handling, and remembering privacy choices |
| Analytics | _ga, _ga_*, hosting analytics | Understanding usage, reliability, and performance, subject to the applicable consent choice |
| Advertising | Ezoic and participating ad-vendor technologies | Delivering, measuring, and where permitted personalizing ads; contextual ads may still be shown when personalization is declined |
Essential Technologies
- Authentication: Secure session cookies keep signed-in users authenticated.
- Consent records: The consent platform stores the choices needed to apply and demonstrate your privacy decision.
- Preferences and security: Local settings and protective technologies support site operation and abuse prevention.
Analytics and Advertising
Google Analytics, Ezoic, and participating vendors may process standard device, network, page, and interaction data. Cookies or advertising identifiers are used only when permitted by applicable law and the consent choice recorded by the CMP. If personalized advertising is declined, contextual or non-personalized ads may still appear.
We use Google Consent Mode so Google services receive the applicable consent state. When storage is denied, Google may receive limited cookieless signals for aggregate measurement rather than setting analytics or advertising cookies.
Your Privacy Choices
The Gatekeeper notice presents the choices required for your region, including an opt-out of sale or sharing where applicable. You can also use “Privacy choices” in the footer, clear your browser's site data, or contact us at [email protected]. You may separately control Google ad personalization at adssettings.google.com. Disabling essential technologies may prevent authentication or other core functions from working.
Ezoic Advertising Disclosures
The following disclosure is maintained by Ezoic and lists the advertising partners, processing purposes, and cookies or similar technologies currently associated with Ezoic's services on this site.
6.Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit: All data is transmitted over HTTPS/TLS
- Encryption at rest: Database data is encrypted at rest using AES-256 encryption
- Password security: Passwords are securely hashed using industry-standard cryptographic algorithms. We never store or have access to plaintext passwords.
- Access controls: Database access policies ensure users can only access their own data
- Rate limiting: API endpoints are protected by rate limiting to prevent abuse
- Payment security: Payment data is processed by Razorpay, which is PCI-DSS Level 1 compliant. We never handle raw card data.
While we take reasonable precautions, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
7.Your Rights
Regardless of your location, you have the following rights:
Access
Request a copy of the personal data we hold about you
Correction
Update or correct inaccurate data via your account settings or by contacting us
Deletion
Request deletion of your account and all associated personal data
Withdraw Consent
Withdraw or change consent through the site's privacy choices or by contacting us
For India Residents (DPDP Act, 2023)
We are incorporated in India and process digital personal data in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”). As a Data Principal under the DPDP Act, you have the right to:
- Access: Request a summary of the personal data we process about you and the processing activities we undertake with it
- Correction and erasure: Have inaccurate or incomplete personal data corrected or updated, and have personal data erased when it is no longer necessary for the purpose it was collected (or after you withdraw consent), unless retention is required by law
- Withdraw consent: Withdraw consent at any time through the site's privacy choices, your account settings, or by emailing us
- Grievance redressal: Raise a grievance about how your personal data is handled and have it addressed (see below)
- Nominate: Nominate another individual to exercise these rights on your behalf in the event of death or incapacity
Grievance redressal: To raise a grievance or exercise any DPDP Act right, email us at [email protected] with the subject line “Grievance”. We will acknowledge and respond within a reasonable period, and in any case within 30 days. If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India.
For EU/EEA Residents (GDPR)
If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to object to processing based on legitimate interests. Our legal basis for processing your data includes: performance of a contract (providing the Services), legitimate interests (improving and securing the platform), and consent (analytics cookies). You may also lodge a complaint with your local data protection authority.
For California Residents (CCPA / CPRA)
Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”), California residents have the right to know what personal information is collected, request correction or deletion, limit the use of sensitive personal information, and opt out of the sale or sharing of personal information.
We do not sell personal information for money. Advertising technologies may constitute “sharing” for cross-context behavioral advertising under CPRA. You have the right to opt out of this sharing at any time.
How to opt out of sharing:
- Use the Gatekeeper notice's opt-out control when it is presented in your region.
- Use “Privacy choices” in the footer or email us at [email protected].
- Enable Global Privacy Control in a supported browser or privacy extension.
California residents may also exercise these rights by emailing us at the address in Section 12. We will not discriminate against you for exercising any of these rights.
For Other US State Residents
If you reside in a state with a comprehensive consumer privacy law (including Colorado, Connecticut, Oregon, Texas, Virginia, and others), you have similar rights to access, correct, delete, and opt out of targeted advertising. The Global Privacy Control mechanism described above applies to all such states that recognize it. To exercise state-specific rights, contact us at the address in Section 12.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
8.Data Retention
- Account data: Retained for as long as your account is active. If you request deletion, we remove or anonymize your personal data within 30 days.
- Learning progress: Retained with your account. Deleted when your account is deleted.
- Payment records: Subscription and transaction records are retained for 7 years after the last transaction to comply with Indian tax and accounting regulations.
- Webhook event logs: Payment webhook events are retained for 1 year for debugging and dispute resolution.
- AI conversation content: Not retained on our servers. Conversation history exists only in your browser session and is cleared when you close or refresh the page.
- AI usage metrics: Token usage counts (daily and session totals) are retained with your account for the lifetime of your account and are deleted when your account is deleted.
- Server logs: Automatically purged after 30 days.
9.Children's Privacy
Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at [email protected] and we will promptly delete it.
10.International Data Transfers
Our Services are hosted on a global edge network, and our database is managed by a cloud infrastructure provider. Your data may be transferred to and processed in countries outside your country of residence, including the United States and India. These countries may have different data protection laws than your jurisdiction.
We ensure that any international data transfers comply with applicable laws and that appropriate safeguards are in place, including our service providers' commitments to data protection standards.
11.Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if you have an account) or by posting a notice on the platform. The "Last updated" date at the top reflects when the policy was most recently revised. We encourage you to review this page periodically.
12.Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us:
This address also serves as our grievance contact under India's Digital Personal Data Protection Act, 2023. We respond to data-rights requests and grievances within 30 days.