Privacy Policy

Account Information

When you create an account, we collect:

• Registration details: First name, last name, email address, display handle (username), and password
• Google Sign-In: If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.
• Profile information: Optional profile picture you choose to upload

Usage Data

We automatically collect information about how you use the platform:

• Learning progress: Courses enrolled, lessons completed, coding problem attempts and results, recall card interactions, and bookmarks
• Code submissions: When you submit code for grading, your solution is saved to your account so you can review your submission history. Python code is additionally sent to our secure execution service for grading (see Section 3). SQL code executes entirely in your browser.
• Engagement data: Likes, feedback, and feature usage patterns

AI Assistant Interactions

When you use the AI tutoring assistant (LDS Mentor), we collect:

• Messages and code you submit: Your chat messages and any code you share in the conversation are sent to our servers and forwarded to our AI service provider to generate a response. These are processed in real time and are not stored on our servers after the response is delivered.
• Usage metrics: We record aggregate token counts (how much AI capacity you have used) per session and per day, linked to your account, to enforce fair-use limits. We do not store the content of your conversations.
• Conversation history: Conversation context is maintained locally in your browser session only. It is not saved to our servers between sessions.

Device & Log Data

• Device information: Browser type, operating system, screen resolution, and device identifiers
• Log data: IP address, access timestamps, pages viewed, referring URLs, and session duration

Payment Information

If you subscribe to a paid plan, your payment is processed by Razorpay, our payment processor. Razorpay collects your card number, UPI ID, or other payment details directly. We never receive, store, or have access to your full card number. We only receive:

• Subscription status (active, cancelled, etc.)
• Billing interval (monthly or annual)
• Currency preference (INR or USD)
• Razorpay subscription and payment identifiers

We use the information we collect to:

• Provide, maintain, and improve the platform and its features
• Create and manage your account
• Track your learning progress across courses, coding problems, and recall cards
• Process subscription payments and manage billing
• Send important account-related communications (e.g., subscription confirmations, billing notices)
• Respond to your support requests and feedback
• Monitor usage patterns to improve the learning experience
• Power the AI tutoring assistant (LDS Mentor) — your messages and code are processed to generate real-time tutoring responses
• Track AI usage metrics per account to enforce fair-use limits
• Enforce rate limits to prevent abuse and ensure fair access
• Detect, prevent, and address security threats and technical issues
• Comply with legal obligations

We do not currently use your personal data for advertising, profiling, or automated decision-making that produces legal effects. If this changes in the future, we will update this policy and notify you in advance.

• SQL execution: SQL queries run directly in your web browser using a built-in database engine. Your SQL code and query results stay on your device and are never transmitted to our servers.
• Python execution: Python code primarily runs in your browser. For certain grading operations, Python code may be sent to our secure execution service for evaluation. Code sent for grading is processed in an isolated sandbox and is not stored after grading is complete.
• Visualization: SQL and Python visualizations are generated entirely in your browser.

AI Tutoring Assistant (LDS Mentor)

When you interact with LDS Mentor, your messages and any code you share are transmitted to our servers and forwarded to our AI service provider to generate a tutoring response. This data flow is necessary for the feature to function — AI processing cannot happen in your browser.

• Message content: Sent to our AI service provider in real time to generate a response. Our AI service provider processes your data under a data processing agreement and does not use it to train their models.
• Conversation content not stored: We do not store the text of your conversations on our servers after the response is delivered. Conversation history is maintained only in your browser session.
• Usage counts stored: We record how many AI requests you have made (daily and per session) in your account record to enforce fair-use limits. These are numeric counts only — not conversation content.

We share data only with trusted service providers who help us operate the platform:

We may also share information in the following circumstances:

• Legal requirements: When required by law, court order, or governmental authority
• Safety: To protect the rights, property, or safety of our users or the public
• Business transfers: In connection with a merger, acquisition, or sale of assets, in which case you will be notified
• With your consent: When you explicitly authorize sharing

We use cookies and similar technologies as follows:

Essential Cookies (Always Active)

• Authentication cookies: Secure, httpOnly session cookies that keep you signed in. These cannot be accessed by client-side JavaScript.
• Consent preference: Stores your cookie consent choice in localStorage.
• Theme preference: Stores your light/dark mode preference in localStorage.

Analytics Cookies (Require Consent)

• Google Analytics 4: Collects anonymized usage data (pages visited, session duration, device type). We use Google Consent Mode v2 — analytics cookies are only set after you consent via our cookie banner.
• Vercel Analytics: Collects privacy-friendly web vitals and performance metrics. Does not use cookies or track individuals.

You can manage cookies through our cookie consent banner or your browser settings. Disabling essential cookies may prevent authentication from working correctly.

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit: All data is transmitted over HTTPS/TLS
• Encryption at rest: Database data is encrypted at rest using AES-256 encryption
• Password security: Passwords are securely hashed using industry-standard cryptographic algorithms. We never store or have access to plaintext passwords.
• Access controls: Database access policies ensure users can only access their own data
• Rate limiting: API endpoints are protected by rate limiting to prevent abuse
• Payment security: Payment data is processed by Razorpay, which is PCI-DSS Level 1 compliant. We never handle raw card data.

While we take reasonable precautions, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Regardless of your location, you have the following rights:

For EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to object to processing based on legitimate interests. Our legal basis for processing your data includes: performance of a contract (providing the Services), legitimate interests (improving and securing the platform), and consent (analytics cookies). You may also lodge a complaint with your local data protection authority.

For California Residents (CCPA)

Under the California Consumer Privacy Act (CCPA), California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at the address below.

To exercise any of these rights, contact us at support@letsdatascience.com. We will respond within 30 days.

• Account data: Retained for as long as your account is active. If you request deletion, we remove or anonymize your personal data within 30 days.
• Learning progress: Retained with your account. Deleted when your account is deleted.
• Payment records: Subscription and transaction records are retained for 7 years after the last transaction to comply with Indian tax and accounting regulations.
• Webhook event logs: Payment webhook events are retained for 1 year for debugging and dispute resolution.
• AI conversation content: Not retained on our servers. Conversation history exists only in your browser session and is cleared when you close or refresh the page.
• AI usage metrics: Token usage counts (daily and session totals) are retained with your account for the lifetime of your account and are deleted when your account is deleted.
• Server logs: Automatically purged after 30 days.

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at support@letsdatascience.com and we will promptly delete it.

Our Services are hosted on a global edge network, and our database is managed by a cloud infrastructure provider. Your data may be transferred to and processed in countries outside your country of residence, including the United States and India. These countries may have different data protection laws than your jurisdiction.

We ensure that any international data transfers comply with applicable laws and that appropriate safeguards are in place, including our service providers' commitments to data protection standards.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if you have an account) or by posting a notice on the platform. The "Last updated" date at the top reflects when the policy was most recently revised. We encourage you to review this page periodically.

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us: