Privacy Policy - 92learns

Your privacy matters to us. This Privacy Policy explains how 92Combo, trading as 92learns ("92learns," "we," "us," or "our"), collects, uses, stores, shares, and protects your personal data when you use our website at www.92learns.com, our learning platform at create.92learns.com, and all related services (collectively, the "Services"). This policy is designed to comply with the General Data Protection Regulation (GDPR - EU 2016/679) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Company: 92Combo
Location: Amsterdam, the Netherlands
Email: [email protected]

If you have any questions or concerns about how we handle your personal data, you can contact us at the email address above.

2. What Data We Collect

We collect the following categories of personal data:

2.1 Data You Provide Directly

Account information: Name, email address, and password when you create an account.
Purchase information: Your name, email, and billing country associated with your purchase (payment card details are handled exclusively by our payment processor - see Section 5).
Community content: Posts, comments, and other content you submit to community features.
Support requests: Information you provide when contacting us for help.

2.2 Data Collected Automatically

Usage data: Pages visited, courses accessed, lesson progress, features used, and timestamps.
Device and browser data: IP address, browser type and version, operating system, device type, and screen resolution.
Referral data: How you arrived at our site (referrer URL, UTM parameters, ad click identifiers such as fbclid).
Cookies and similar technologies: See Section 8 for full details.

2.3 Data from Third Parties

Payment processor: Paddle.com Market Limited provides us with transaction confirmations, customer IDs, and billing country. They do not share your full payment card details with us.
Advertising platforms: When you click an ad on platforms like Meta (Facebook/Instagram), we may receive a click identifier (fbclid) that helps us measure advertising effectiveness.

3. How We Use Your Data

We process your personal data for the following purposes and legal bases:

Purpose	Legal Basis (GDPR)
Creating and managing your account	Performance of contract (Art. 6(1)(b))
Delivering purchased courses and digital products	Performance of contract (Art. 6(1)(b))
Processing payments and refunds	Performance of contract (Art. 6(1)(b))
Sending transactional emails (purchase confirmations, account alerts)	Performance of contract (Art. 6(1)(b))
Sending marketing emails and promotions	Consent (Art. 6(1)(a)) or Legitimate interest (Art. 6(1)(f))
Improving our Services and user experience	Legitimate interest (Art. 6(1)(f))
Measuring advertising effectiveness	Consent (Art. 6(1)(a))
Preventing fraud and abuse	Legitimate interest (Art. 6(1)(f))
Complying with legal obligations (tax, accounting)	Legal obligation (Art. 6(1)(c))
Responding to support requests	Legitimate interest (Art. 6(1)(f))

4. Who We Share Your Data With

We do not sell, rent, or trade your personal data. We share data only with the following categories of recipients, and only to the extent necessary:

4.1 Service Providers

Paddle.com Market Limited (payment processing) - Acts as Merchant of Record. Processes payments, handles tax compliance, and manages billing. Subject to their own Privacy Policy.
Cloudflare, Inc. (hosting, CDN, security) - Hosts our platform infrastructure. Processes data in accordance with their Privacy Policy.
Email service providers - For sending transactional and marketing emails on our behalf.

4.2 Advertising Partners

Meta Platforms, Inc. (Facebook/Instagram) - We use the Meta Pixel and Conversions API to measure advertising performance. This involves sharing hashed (pseudonymized) data such as email addresses and purchase events. You can control this through cookie preferences (Section 8) and your Meta Ad Preferences.

4.3 Legal Requirements

We may disclose your data if required by law, legal process, or a government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Payment Security

All payment transactions are processed by Paddle.com Market Limited, which acts as our Merchant of Record. Paddle is PCI-DSS compliant and handles all payment card processing. We never receive, see, store, or have access to your full credit card number, debit card number, or bank account details. The only payment-related information we receive from Paddle is your billing country, transaction ID, and purchase amount for our records.

6. International Data Transfers

Our platform is hosted on Cloudflare's global network, and some of our service providers are based outside the European Economic Area (EEA). When your data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

EU Standard Contractual Clauses (SCCs) approved by the European Commission.
Adequacy decisions by the European Commission for countries deemed to provide adequate protection.
The EU-U.S. Data Privacy Framework, where applicable.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

Account data: Retained for as long as your account is active, plus 30 days after deletion to allow for account recovery.
Purchase and transaction records: Retained for 7 years to comply with Dutch tax and accounting obligations.
Course progress data: Retained for as long as your account is active.
Marketing consent records: Retained for as long as the consent is valid, plus 3 years for compliance documentation.
Support correspondence: Retained for up to 3 years after the last interaction.
Analytics and tracking data: Retained for up to 26 months.
Server logs: Retained for up to 90 days.

When data is no longer needed, it is securely deleted or anonymized.

8. Cookies and Tracking Technologies

8.1 What Cookies We Use

We use the following categories of cookies and similar technologies:

Strictly Necessary Cookies - These are essential for the website to function. They include session cookies for authentication and security. These cannot be disabled.

Functional Cookies - These remember your preferences, such as theme selection (dark/light mode) and language settings. They improve your experience but are not essential.

Analytics Cookies - These help us understand how visitors use our site, which pages are popular, and where users experience issues. We use first-party analytics that do not identify you personally.

Advertising Cookies - The Meta (Facebook) Pixel uses cookies to measure the effectiveness of our advertising campaigns. These cookies may track your activity across other websites that also use Meta's services.

8.2 Managing Cookies

You can manage or delete cookies through your browser settings. Most browsers allow you to block or delete cookies, though this may affect the functionality of certain parts of our site. You can also opt out of interest-based advertising through:

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

Right of Access (Art. 15): You can request a copy of the personal data we hold about you.
Right to Rectification (Art. 16): You can ask us to correct inaccurate or incomplete data.
Right to Erasure (Art. 17): You can request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
Right to Restrict Processing (Art. 18): You can ask us to limit how we use your data in certain circumstances.
Right to Data Portability (Art. 20): You can request your data in a structured, commonly used, machine-readable format.
Right to Object (Art. 21): You can object to processing based on legitimate interests, including direct marketing. We will stop processing unless we have compelling legitimate grounds.
Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: You have the right to file a complaint with a supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (AP).

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may ask you to verify your identity before processing your request.

10. Children's Privacy

Our Services are available to users of all ages. However, we do not knowingly collect personal data from children under the age of 16 without verifiable parental consent. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at [email protected] and we will promptly delete that information.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit (TLS/HTTPS).
Secure authentication with hashed passwords.
Regular security reviews of our infrastructure.
Access controls limiting employee access to personal data on a need-to-know basis.
Use of Cloudflare's security infrastructure, including DDoS protection and Web Application Firewall.

While we take all reasonable precautions, no method of transmission or storage is 100% secure. If you become aware of a security vulnerability, please notify us immediately at [email protected].

12. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of any third-party sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will:

Update the "Last updated" date at the top of this page.
Notify you by email if the changes significantly affect how we process your personal data.
Where required by law, obtain your consent to the changes.

We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have a complaint about how we handle your data, please contact us:

Privacy inquiries: [email protected]
General support: [email protected]
Company: 92Combo, Amsterdam, the Netherlands

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or the supervisory authority of your country of residence.