Privacy Policy

Palaris (“we”, “our”, or “us”) is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data when you use the Palaris platform (the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree with the practices described here, please do not use the Service.

2.1 Information You Provide Directly

• Account data: When you register, we collect your name, surname (optional), email address, and password (stored as a salted hash — never in plaintext). You may also optionally provide a profile photo, bio, date of birth, phone number, and gender.
• Course content: If you are a tutor, we store the course content, lessons, quizzes, and announcements you create on the platform.
• Communications: If you contact us for support, we retain those communications to resolve your inquiry.
• Forum posts and reviews: Content you post in course forums or submit as course reviews is stored and may be visible to other users.
• Notes: Lesson notes you write are stored privately and are visible only to you.

2.2 Information Collected Automatically

• Learning data: We record your lesson progress, quiz attempts and scores, course completion status, and certificate issuance.
• Usage data: We may collect information about how you interact with the platform, such as pages visited and features used, to improve the Service.
• Device and connection data: We may collect IP address, browser type, operating system, and referral URLs for security and analytics purposes.

2.3 Information from Third Parties

• Google OAuth: If you sign in with Google, we receive your name, email address, and profile photo from Google. We do not receive your Google password.
• Payment data: Payments are processed by Paddle. Palaris receives confirmation of payment status but does not receive or store your full card number, CVV, or other sensitive payment details. See Paddle's Privacy Policy for details on how they handle your data.

We use the information we collect to:

• Create and manage your account and authenticate your identity.
• Deliver and improve the Service, including personalized learning features.
• Process payments and manage enrollments.
• Send transactional emails (e.g., OTP verification codes, receipt confirmations).
• Issue certificates of completion upon finishing a course.
• Enable course forums, reviews, and community features.
• Monitor and enforce compliance with our Terms of Service.
• Analyse usage patterns to improve platform performance and user experience.
• Respond to support requests and inquiries.
• Comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

Where applicable, we process your personal data on the following legal bases:

• Contract performance: Processing necessary to provide you with the Service (account creation, course delivery, payment processing).
• Consent: You have given explicit consent (e.g., agreeing to these Terms at registration). You may withdraw consent at any time.
• Legitimate interests: Processing necessary for our legitimate business interests (fraud prevention, platform security, analytics).
• Legal obligation: Processing required to comply with applicable laws.

Authentication Token

We store your authentication token in your browser's local storage to keep you signed in between sessions. This token expires automatically and is removed when you sign out.

Preferences

We store your language preference (English, Russian, Turkish, or Azerbaijani) and theme preference (light/dark/system) in local storage. These are not transmitted to our servers and can be cleared by clearing your browser's local storage at any time.

Third-Party Services

Paddle may place cookies on your device when you initiate a payment. These cookies are governed by Paddle's cookie policy. We do not use tracking cookies or third-party advertising cookies.

We do not sell your personal data. We may share data in the following limited circumstances:

• Service providers: We share data with trusted third-party service providers who help us operate the platform, including Paddle (payment processing) and email delivery providers (for OTP codes and notifications). These providers are contractually bound to use your data only to provide services to us.
• Tutors: If you enroll in a paid course, the tutor may see aggregated enrollment statistics. Individual student identities are not shared with tutors except where visible through public forum posts or reviews you choose to post.
• Legal requirements: We may disclose your data if required by law, court order, or governmental authority.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you in advance if this occurs.

We retain your personal data for as long as your account is active, and for a reasonable period thereafter to comply with legal obligations and resolve disputes.

• Account data is retained until you request account deletion.
• Learning data (progress, certificates) is retained with your account.
• Payment transaction records are retained for the period required by applicable tax and accounting laws (typically 7 years).
• OTP verification codes expire within 10 minutes and are automatically invalidated after use.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Passwords are stored using bcrypt hashing (never in plaintext).
• All data is transmitted over HTTPS.
• Authentication uses short-lived JWT tokens.
• OTP codes are hashed before storage and expire after 10 minutes.
• Rate limiting is applied to all API endpoints to prevent abuse.
• Payment data is handled entirely by Paddle — we never receive raw card details.

No system is completely secure. In the event of a data breach that is likely to result in a risk to your rights, we will notify affected users and the relevant authorities as required by applicable law.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data (“right to be forgotten”), subject to legal retention requirements.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Portability: Request a copy of your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

You may update most of your account information directly from your profile settings page. To request full account deletion, please email us at the address above.

The Service is open to users of all ages. Users under the age of 13 must have the consent of a parent or guardian to register and use the Service. We do not knowingly collect personal data from children under 13 without parental consent. If you believe we have inadvertently collected such data, please contact us at [email protected] and we will promptly delete it.

Your data may be processed and stored in servers located outside your country of residence. Where data is transferred outside your jurisdiction, we take steps to ensure that appropriate safeguards are in place, consistent with applicable data protection laws.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where required, notify you by email or in-platform notification. We encourage you to review this Policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Palaris — Privacy Team
Email: [email protected]