Privacy Policy – itlead

1. Information We Collect

1.1 Information You Provide Directly

When you create an account or use our Service, we collect:

• Account Information: name, email address, password (encrypted)
• Profile Information: profile photo, bio, learning preferences (optional)
• User Content: code submissions, quiz answers, comments, saved notes
• Communication Data: support requests, feedback, emails

1.2 Information Collected Automatically

We automatically collect certain information when you use our Service:

• Usage Data: pages visited, features used, time spent, interactions, search queries
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Tracking: session cookies, analytics cookies, authentication tokens
• Performance Data: coding problem completion times, quiz scores, progress tracking

1.3 Payment Information (via WayForPay)

We use WayForPay (TOV FK "VEY FOR PEY") as our payment processor for secure payment processing.

WayForPay collects and processes:

• payment card details
• billing address
• transaction history
• transaction IDs

Important: We do NOT store your full payment card details on our servers. WayForPay handles all payment data in compliance with PCI DSS standards and operates under the license of the National Bank of Ukraine.

We receive from WayForPay: transaction IDs, subscription status, payment success/failure notifications, and anonymized payment metadata.

WayForPay's website: https://wayforpay.com

1.4 Information from Third Parties

If you sign in with Google:

• name
• email address
• profile photo (optional)
• Google account ID

We only request the minimum necessary permissions. You can revoke access at any time through your Google Account settings.

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 To Provide and Improve the Service

• Create and manage your account
• Deliver educational content and features
• Track your learning progress
• Provide personalized recommendations
• Generate AI-powered feedback on your code
• Improve our algorithms and content quality

2.2 To Process Payments and Subscriptions

• Process subscription payments via WayForPay
• Manage billing and invoicing
• Handle refunds and chargebacks
• Prevent fraud and unauthorized transactions
• Comply with tax and accounting regulations

2.3 To Communicate With You

• Send account-related notifications
• Provide customer support
• Notify you of service updates or changes
• Send marketing emails (with your consent, opt-out available)
• Request feedback or conduct surveys

2.4 For Security and Legal Compliance

• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms of Service
• Comply with legal obligations and court orders
• Protect our rights and property
• Resolve disputes

2.5 For Analytics and Research

• Analyze usage patterns and trends
• Conduct A/B testing
• Improve user experience
• Develop new features

Analytics data is aggregated and anonymized whenever possible. We do not sell your personal data to third parties.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws, we process your personal data based on the following legal grounds:

3.1 Contractual Necessity

Processing is necessary to provide the Service you've signed up for (account creation, subscription management, content delivery).

3.2 Legitimate Interests

• Improving our Service and user experience
• Fraud prevention and security
• Analytics and performance monitoring
• Internal business operations

3.3 Consent

• Marketing communications (you can opt out anytime)
• Non-essential cookies (with your consent)
• Optional data collection (surveys, beta features)

3.4 Legal Compliance

Processing required to comply with legal obligations (tax laws, financial regulations, court orders).

4. How We Share Your Information

We do not sell your personal data. We share data only in limited circumstances:

4.1 With Service Providers

We work with trusted third-party vendors who help us operate our Service:

• WayForPay (TOV FK "VEY FOR PEY"): payment processing, transaction security, payment management
• Cloud Hosting: infrastructure providers (AWS, Vercel, or similar)
• Email Services: transactional emails and support
• Analytics Tools: usage analytics and monitoring
• AI Services: code evaluation and feedback generation

All service providers are contractually required to protect your data and use it only for specified purposes.

4.2 For Legal Reasons

We may disclose your information if required by law:

• to comply with legal process (subpoena, court order)
• to enforce our Terms of Service
• to protect our rights or safety
• to prevent fraud or illegal activity
• to cooperate with law enforcement

4.3 Business Transfers

If itlead is acquired, merged, or sold, your data may be transferred to the new owner. We will notify you before your data is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Retention

We retain your personal information as follows:

5.1 Active Accounts

While your account is active, we retain all account data, user content, and usage history to provide the Service.

5.2 Deleted Accounts

When you request account deletion:

• access is revoked immediately
• personal data (name, email, profile) is deleted within 30 days
• anonymized usage data may be retained for analytics (no personal identifiers)

5.3 Payment Data

Payment transaction records are retained by WayForPay for the period required to comply with tax, accounting, and anti-fraud regulations as per Ukrainian legislation.

5.4 Legal Obligations

Some data may be retained longer if required by law (tax records, dispute resolution, fraud investigation).

6. Your Privacy Rights

6.1 Rights Under GDPR (EEA/UK Users)

If you are located in the EEA or UK, you have the following rights:

• Right to Access: request a copy of your personal data
• Right to Rectification: correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): request deletion of your data (with exceptions)
• Right to Restrict Processing: limit how we use your data
• Right to Data Portability: receive your data in a structured, machine-readable format
• Right to Object: object to processing based on legitimate interests
• Right to Withdraw Consent: opt out of marketing or revoke consent
• Right to Lodge a Complaint: file a complaint with your local data protection authority

6.2 Rights Under CCPA (California Users)

If you are a California resident, you have the right to:

• know what personal information we collect
• know if we sell or share your personal information (we don't)
• request deletion of your personal information
• opt out of sale or sharing (not applicable – we don't sell data)
• non-discrimination for exercising your rights

6.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: itlead.source@gmail.com

We will respond within:

• GDPR: 30 days (may be extended to 60 days for complex requests)
• CCPA: 45 days

We may require identity verification before processing your request.

7. International Data Transfers

itlead is operated from Ukraine. Your data may be stored and processed in Ukraine and other countries where our service providers operate (including the United States and European Union).

For EEA/UK users: We ensure adequate data protection through:

• Standard Contractual Clauses (SCCs) approved by the EU Commission
• Data Processing Agreements with service providers
• Compliance with GDPR requirements for international transfers

WayForPay operates under the National Bank of Ukraine license and complies with data protection standards and PCI DSS requirements.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

Essential Cookies (Required)

• authentication and session management
• security and fraud prevention
• load balancing

Functional Cookies

• remember your preferences (theme, language)
• save your progress

Analytics Cookies (with consent)

• understand how you use our Service
• measure performance
• improve user experience

8.2 Managing Cookies

You can control cookies through:

• your browser settings (block or delete cookies)
• our cookie consent banner (opt out of non-essential cookies)

Note: Disabling essential cookies may prevent you from using certain features.

8.3 Do Not Track

We honor Do Not Track (DNT) signals. When DNT is enabled, we do not collect analytics or tracking data.

9. Children's Privacy

Our Service is not intended for children under 16 years of age (or under 13 in the United States).

We do not knowingly collect personal information from children. If we discover that a child has provided personal data, we will delete it immediately.

If you believe we have collected information from a child, please contact us immediately at itlead.source@gmail.com.

10. Data Security

We implement industry-standard security measures to protect your data:

Technical Measures

• encryption in transit (HTTPS/TLS)
• encryption at rest for sensitive data
• password hashing (bcrypt or similar)
• secure API authentication (JWT tokens)
• regular security audits and vulnerability scanning

Organizational Measures

• access controls and role-based permissions
• employee training on data protection
• incident response procedures
• data minimization principles

Data Breach Notification

In the event of a data breach affecting your personal data:

• we will notify you within 72 hours (GDPR requirement)
• we will notify relevant authorities as required by law
• we will provide information on steps you should take to protect yourself

Important: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Third-Party Links

Our Service may contain links to third-party websites, services, or resources (e.g., external articles, documentation, tools).

We are not responsible for the privacy practices of third parties. Please review their privacy policies before providing any personal information.

12. Marketing Communications

With your consent, we may send you marketing emails about new features, promotions, or educational content.

Opt-Out

You can unsubscribe from marketing emails at any time by:

• clicking the "unsubscribe" link in any email
• updating your preferences in account settings
• contacting itlead.source@gmail.com

Note: You cannot opt out of transactional emails (account notifications, billing confirmations, security alerts).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

When we make material changes:

• we will notify you via email or prominent notice on the Service at least 30 days before changes take effect
• the updated policy will be posted on this page with a new "Last updated" date

Continued use of the Service after changes indicates acceptance of the updated policy.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR Requests (EEA/UK)

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority:

• Ukraine: Commissioner of the Verkhovna Rada of Ukraine for Human Rights
• EU/EEA: Find your local authority

15. Special Provisions for Subscription Services

15.1 Subscription Data

When you subscribe, we process:

• subscription tier and billing period
• start and renewal dates
• payment history (transaction IDs, amounts, dates)
• cancellation and refund records

15.2 Payment Disputes

For payment disputes, chargebacks, or refund requests, we may share relevant transaction data with WayForPay and financial institutions as necessary to resolve the dispute.

15.3 Promotional Offers

When you use promotional pricing or trial offers, we track usage to prevent abuse (one promotion per user) and ensure fair access.

Summary