Privacy Policy
Last updated: Effective date: Version: 2026-05-15
1.Who Controls Your Data§
The data controller for personal data collected through the Site and in connection with the Course is Kateryna Belyak, acting as an Individual Entrepreneur registered in the Republic of Georgia. For all privacy matters you can contact us at learnari.academy@gmail.com.
We do not currently process personal data on a scale that would require us to designate a Data Protection Officer under Article 37 of the GDPR or under equivalent provisions of the Georgian LPDP. The contact above acts as the single point of contact for all data-subject requests.
2.What Personal Data We Collect§
We deliberately keep data collection to a minimum. The categories of personal data we process are summarised in the table below.
| Category | Examples | Source |
|---|---|---|
| Customer data | Name, email address, country, order reference, language preference | From Dodo Payments (our Merchant of Record) when you complete a purchase |
| Support correspondence | The content of any email you send to learnari.academy@gmail.com, including any personal data you choose to include | Directly from you |
| Technical access data | IP address, browser user agent, requested URLs, response codes, timestamps | Automatically through our hosting provider (AWS Amplify) |
| Language preference | A single value of either “en” or “ru”, stored as a cookie named learnari.lang and as a matching item in your browser’s localStorage | Your browser, set when you choose a language on the Site |
We do not collect: payment-card numbers (these are handled solely by Dodo Payments and never reach our servers); precise geolocation data; biometric data; data about your health; data about your political or religious views; or any other special categories of personal data within the meaning of GDPR Article 9.
We do not use Google Analytics, Meta Pixel, Yandex.Metrica, or any similar third-party analytics or advertising trackers.
3.Why We Process Your Data and on What Legal Basis§
| Purpose | Legal basis (GDPR / UK GDPR) |
|---|---|
| Delivering the Course to you after purchase and providing customer support | Performance of a contract — Article 6(1)(b) |
| Keeping accounting and tax records required by the law of the Republic of Georgia and by the rules applicable to our Merchant of Record | Compliance with a legal obligation — Article 6(1)(c) |
| Maintaining the security of the Site, preventing fraud and abuse, and investigating incidents | Legitimate interests — Article 6(1)(f) — in operating a secure service |
| Communicating with you about material changes to these Terms or to this Policy | Performance of a contract / legitimate interests — Articles 6(1)(b) and 6(1)(f) |
| Remembering your language preference between visits | Strictly-necessary technical operation of the Site — recognised as essential under the ePrivacy Directive |
We do not use your data for behavioural advertising, profiling, or any automated decision-making producing legal or similarly significant effects on you.
4.Children’s Data§
The Site and the Course are intended for adults — parents, guardians, and caregivers. We do not knowingly collect personal data directly from children, and the Site is not directed at children within the meaning of the United States Children’s Online Privacy Protection Act (COPPA) or Article 8 of the GDPR.
If you are a parent or guardian and you believe that a child has provided us with personal data without your consent, please contact us at learnari.academy@gmail.com and we will promptly delete that data.
5.Who We Share Your Data With§
We share personal data only with the limited set of service providers listed below, and only to the extent necessary for them to perform their function. We do not sell or rent your personal data.
- Dodo Payments — our Merchant of Record and payment processor. Dodo Payments handles checkout, invoicing, indirect taxes, refunds, and chargebacks. Dodo Payments shares with us only the order metadata (name, email, country, order reference) needed to deliver the Course. Their processing is governed by Dodo Payments’ own privacy policy.
- Amazon Web Services (AWS) — AWS Amplify — our hosting provider. AWS processes technical access logs (IP, user agent, timestamps) and serves the static content of the Site. AWS acts as a data processor on our behalf under its standard Data Processing Addendum.
- Google LLC (Gmail / Google Workspace) — provides the inbox at
learnari.academy@gmail.comwhere we receive and store customer support correspondence. - Professional advisers and authorities — we may share personal data with our accountants, lawyers, or tax authorities of the Republic of Georgia where we are required to do so by law.
6.International Data Transfers§
We are established in the Republic of Georgia, which is currently not the subject of an adequacy decision from the European Commission. The service providers listed above may process your data in jurisdictions outside of your country of residence, including the United States, the European Economic Area, the United Kingdom, India, and other locations.
Where personal data of individuals located in the EEA, the UK, or Switzerland is transferred to a country that does not provide an essentially equivalent level of protection, we rely on appropriate safeguards — primarily the European Commission’s Standard Contractual Clauses (2021/914) in combination with any supplementary technical and organisational measures recommended by the European Data Protection Board. These safeguards are embedded into the data-processing agreements we have with AWS, Google, and Dodo Payments.
You may request a summary of the safeguards in place for international transfers by writing to learnari.academy@gmail.com.
7.How Long We Keep Your Data§
We keep personal data only for as long as necessary for the purposes for which it was collected, after which we delete or anonymise it. Specifically:
| Category | Retention period |
|---|---|
| Purchase records (name, email, order reference, invoice metadata) | 6 years from the end of the calendar year of the transaction, as required by the Tax Code of Georgia and by analogous accounting rules |
| Customer support correspondence | Up to 2 years after the support case is closed |
| Technical access logs (IP, user agent, timestamps) | Up to 30 days, after which they are deleted or aggregated into non-identifying statistics |
| Language preference cookie / localStorage value | Up to 1 year (cookie), or until you clear your browser storage (localStorage); the value can be deleted at any time through your browser’s settings |
If you exercise your right to erasure (see Section 9), we will delete your data within a reasonable time except where we are required to retain it by law (for example, to comply with our tax-record obligations).
8.Your Rights§
Depending on the country in which you are habitually resident, you may have the following rights with respect to your personal data. To exercise any of them, send a request to learnari.academy@gmail.com. We will respond within thirty (30) days, or sooner where required by applicable law.
GDPR, UK GDPR, and Georgian LPDP
- Right of access — to obtain a copy of the personal data we hold about you.
- Right to rectification — to correct inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”) — subject to mandatory retention requirements.
- Right to restriction of processing.
- Right to data portability — to receive your data in a structured, machine-readable format.
- Right to object to processing based on our legitimate interests.
- Right to withdraw consent, where processing is based on consent, at any time and without affecting the lawfulness of prior processing.
- Right to lodge a complaint with a supervisory authority — in Georgia, the Personal Data Protection Service; in your country of residence, your local data-protection authority.
California Consumer Privacy Act (CCPA / CPRA)
- Right to know what personal information we have collected, used, disclosed, and (where applicable) sold or shared.
- Right to delete personal information we have collected from you.
- Right to correct inaccurate personal information.
- Right to limit the use of sensitive personal information — we do not knowingly collect sensitive personal information.
- We do not “sell” or “share” personal information for cross-context behavioural advertising as those terms are defined under the CPRA, and we have not done so in the preceding twelve months.
- Right to non-discrimination for exercising any of these rights.
Russian Federation (Federal Law No. 152-FZ)
- Right to confirmation of processing, access to your data, and information about the purposes, sources, and recipients.
- Right to require correction, blocking, or destruction of your data where it is incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary.
- Right to withdraw consent to processing at any time.
- Right to file a complaint with Roskomnadzor (Федеральная служба по надзору в сфере связи, информационных технологий и массовых коммуникаций).
Brazil (LGPD), Australia (Privacy Act), Canada (PIPEDA), and other jurisdictions
If you are habitually resident in Brazil, Australia, Canada, or any other jurisdiction with a comprehensive privacy law, you have substantially equivalent rights — including access, correction, deletion, portability, and the right to lodge a complaint with the competent supervisory authority (ANPD in Brazil, OAIC in Australia, the Office of the Privacy Commissioner in Canada). We will honour these rights to the same extent as the GDPR rights described above.
9.How We Protect Your Data§
We use industry-standard technical and organisational measures appropriate to the nature of the data we process and to the risks involved. These include encryption of data in transit using TLS, hosting on AWS infrastructure with restricted access, strong authentication on our administrative accounts, and the principle of data minimisation (we collect only what is necessary).
Despite these measures, no internet transmission or storage system can be guaranteed to be perfectly secure. In the unlikely event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours where required, and we will inform affected users without undue delay.
10.Cookies and Similar Technologies§
When you proceed to the Dodo Payments checkout, you leave our Site and enter Dodo Payments’ own domain. Dodo Payments may set its own cookies in your browser; please refer to Dodo Payments’ cookie policy for details.
You can delete cookies and localStorage at any time through your browser settings. If you delete the learnari.lang value, the Site will fall back to the language indicated by your browser headers the next time you visit.
11.Automated Decision-Making and Profiling§
We do not use any solely automated decision-making, including profiling, that produces legal or similarly significant effects on you within the meaning of Article 22 of the GDPR.
12.Changes to This Policy§
We may update this Privacy Policy from time to time. The current version is always available at the URL where you are reading this document, with the “Last updated” and “Version” fields indicating when it was last changed. If we make material changes, we will inform you in advance — for example by email to the address you provided at purchase, or by a prominent notice on the Site — before the changes take effect.
13.Contact and Complaints§
If you have any questions, concerns, or complaints about this Privacy Policy or our processing of your personal data, please contact us first at learnari.academy@gmail.com. We treat every request seriously and will work with you to resolve the issue.
You also have the right to lodge a complaint with the data-protection authority of the country where you live. In Georgia this is the Personal Data Protection Service of Georgia. In other jurisdictions, examples of competent authorities include the Information Commissioner’s Office (ICO) in the United Kingdom, the Commission Nationale de l’Informatique et des Libertés (CNIL) in France, Roskomnadzor in the Russian Federation, the California Privacy Protection Agency (CPPA) in California, the Autoridade Nacional de Proteção de Dados (ANPD) in Brazil, the Office of the Australian Information Commissioner (OAIC), and the Office of the Privacy Commissioner of Canada.