Privacy Policy

Effective Date: January 21, 2025 | Last Updated: April 2026

The Institute of Data Science ("IODS," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, DataLearn platform, and related services (collectively, the "Services").

By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Services.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, password, and profile details when you create an account.
  • Payment Information: Billing address, payment card details, or other payment data processed through our third-party payment provider (Stripe). We do not store full card numbers on our servers.
  • Educational Data: Course progress, assignment submissions, quiz results, notebook activity, GitHub commits, Kaggle competition entries, and AI tutor conversations.
  • Communications: Messages you send to us via email, contact forms, or support requests.
  • Enterprise Data: Institutional information provided through enterprise enrollment or LTI integration setup.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent, click patterns, and search queries.
  • Device Data: IP address, browser type, operating system, device identifiers, and screen resolution.
  • Cookies & Tracking: We use essential cookies for authentication and session management, and analytics cookies (with your consent where required) to improve our Services.

2. How We Use Your Information

  • Provide, maintain, and improve our educational Services.
  • Process payments and manage subscriptions.
  • Personalize your learning experience, including AI tutor interactions.
  • Track academic progress and issue certificates.
  • Communicate with you about your account, courses, and updates.
  • Detect, prevent, and address fraud, abuse, and security issues.
  • Comply with legal obligations.
  • Conduct research and analytics to improve educational outcomes (using aggregated, de-identified data).

3. Legal Bases for Processing (GDPR — EEA/UK Users)

If you are located in the European Economic Area (EEA), United Kingdom, or a jurisdiction that requires a legal basis for processing personal data, we process your data based on:

  • Contract Performance: To provide the Services you have enrolled in.
  • Legitimate Interests: To improve our Services, prevent fraud, and ensure security.
  • Consent: For optional analytics, marketing emails, and non-essential cookies.
  • Legal Obligation: To comply with applicable laws and regulations.

4. Data Sharing & Disclosure

We do not sell your personal information. We share data only as follows:

  • Service Providers: Payment processors (Stripe), cloud infrastructure (Hetzner, AWS), email services (AWS SES), analytics tools, and AI providers (Anthropic) that process data on our behalf under strict data processing agreements.
  • Third-Party Platforms: GitHub (for Classroom integration), Kaggle (for competitions) — only when you explicitly connect your accounts.
  • Institutional Partners: If you enroll through a school or employer using LTI integration, we share course progress and grades with your institution as necessary.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice.

5. Your Rights

5.1 All Users

  • Access, update, or delete your account information at any time.
  • Export your data (notebooks, submissions, progress) via your dashboard.
  • Opt out of marketing communications.
  • Request deletion of your account and associated data.

5.2 EEA/UK Users (GDPR)

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data ("right to be forgotten").
  • Right to Restriction: Restrict processing of your data.
  • Right to Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing.

To exercise these rights, contact us at admin@iods.ai. We will respond within 30 days (or as required by applicable law).

5.3 South Africa (POPIA)

Users in South Africa have rights under the Protection of Personal Information Act (POPIA), including the right to access, correct, and delete personal information, and to object to processing. We act as a "responsible party" under POPIA and process data in accordance with its requirements.

5.4 Nigeria (NDPR)

Users in Nigeria have rights under the Nigeria Data Protection Regulation (NDPR), including the right to be informed, right of access, right to rectification, and right to data portability.

5.5 California Residents (CCPA/CPRA)

California residents have the right to know what personal information is collected, request deletion, opt out of the sale of personal information (we do not sell personal data), and non-discrimination for exercising these rights.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide Services. After account deletion, we retain data for up to 90 days for backup and recovery purposes, after which it is permanently deleted. Certain data may be retained longer where required by law (e.g., financial records for tax compliance).

7. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Access controls with role-based permissions.
  • Regular security audits and vulnerability assessments.
  • Infrastructure hosted on SOC 2 compliant providers.

No system is 100% secure. If you discover a security vulnerability, please report it toadmin@iods.ai.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including Germany (Hetzner infrastructure) and the United States. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for transfers from the EEA/UK.

9. Children's Privacy

Our Services are not directed to children under 16 (or under 13 in the United States under COPPA). We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

10. Cookies

We use essential cookies for authentication and functionality, and optional analytics cookies to understand usage patterns. You can manage cookie preferences through your browser settings. EU/UK users will see a cookie consent banner upon first visit.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our website. Your continued use of our Services after changes constitutes acceptance.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

The Institute of Data Science (IODS)

Email: admin@iods.ai

Website: www.iods.ai

EEA/UK users may also lodge a complaint with your local data protection authority. South African users may contact the Information Regulator atwww.justice.gov.za/inforeg.