Privacy Policy.

EdEarn ("we", "us", "the Platform") respects your privacy. This Privacy Policy explains what personal data we collect, how we use it, and your rights over it. This policy applies to all users of EdEarn — Students, Tutors, Experts, Startups, Companies, and internal staff — and covers our website, web application, and APIs. By using EdEarn, you agree to the practices described here. If you don't agree, please don't use the Platform.

2.1 Account & Profile • Name, email, password (hashed), and optional avatar • Role (Student, Tutor, Expert, Company, etc.) and verification badges • OAuth identifiers when you sign in with Google, GitHub, or Apple • MFA secrets (TOTP) 2.2 Content & Activity • Courses you enroll in, watch, or complete • Posts, comments, and messages you create • Live session attendance and recordings (if enabled) • Job applications, EdForms responses, badge applications 2.3 Payment Data • Card and billing information (processed and stored by Stripe / Razorpay — we never see raw card numbers) • Wallet balance, payout history, invoices 2.4 Technical Data • IP address, device fingerprint, browser info • Pages visited, features used, error logs • Cookies and similar identifiers (see Cookie Policy)

We use your personal data to: • Provide and operate the Platform — authentication, course delivery, live sessions, payments, payouts • Personalize learning recommendations and feeds • Verify badges, employee claims, and tutor applications • Send transactional emails (course updates, payment receipts, security alerts) • Send marketing communications (you can opt out) • Detect fraud, abuse, and security incidents • Comply with legal obligations (tax, KYC, court orders) We do NOT sell your personal data to third parties. Ever.

4.1 With Other Users • Your public profile (name, avatar, badges) is visible to other learners and partners • Posts, comments, and reviews are public by default 4.2 With Service Providers We share necessary data with vetted vendors who help us run EdEarn: • Stripe / Razorpay (payments) • AWS S3 (file storage) • SendGrid (transactional email) • Twilio (SMS) • PostHog / similar (product analytics) All vendors sign data processing agreements. 4.3 With Partner Companies If you apply to a job through EdEarn, your application and verified profile are shared with that company. 4.4 With Authorities We disclose data when required by law, court order, or to protect rights and safety.

Depending on your jurisdiction (GDPR, CCPA, India DPDP Act, etc.), you have the right to: • Access — request a copy of your personal data • Rectify — correct inaccurate data • Delete — ask us to delete your account and data • Port — receive your data in a portable format • Restrict / Object — limit how we process your data • Withdraw consent at any time To exercise these rights, email privacy@edearn.com or use Settings → Privacy in your dashboard. We respond within 30 days.

We keep personal data only as long as necessary: • Account data — while your account is active, plus 90 days after deletion • Course progress — retained so you can resume, deleted with your account • Payment records — 7 years (tax / regulatory requirement) • Audit logs — 2 years • Support tickets — 3 years You can request earlier deletion at any time, subject to legal retention obligations.

We protect your data with: • Encryption in transit (TLS 1.3) and at rest (AES-256) • Hashed passwords (bcrypt) and JWT tokens with refresh rotation • Optional MFA (TOTP) • Dynamic RBAC with least-privilege defaults • Audit logging on all permission checks • Regular security reviews and penetration tests If a breach happens, we notify affected users within 72 hours.

EdEarn operates globally. Your data may be processed in: • India (primary infrastructure) • United States (some vendors) • EU (some vendors) For users in the EU/EEA, transfers outside the EU rely on Standard Contractual Clauses or equivalent safeguards.

EdEarn is not directed at children under 13. We do not knowingly collect personal data from children under 13. Users between 13 and 18 require parental consent. If you believe a child has given us personal data without consent, contact privacy@edearn.com — we'll delete it.

We may update this Privacy Policy. Material changes will be communicated via email or in-app notice at least 14 days before they take effect. Continued use of EdEarn after changes means you accept the updated policy. Older versions are archived at /privacy/archive on request.

Privacy questions, requests, or concerns: • Email: privacy@edearn.com • Data Protection Officer: dpo@edearn.com • GDPR / EU representative: gdpr@edearn.com • Postal: EdEarn, Indiranagar 100ft Rd, Bangalore, Karnataka, India 560038 For GDPR-specific requests see /gdpr. For cookie controls see /cookies.