Privacy Policy

Introduction

Welcome to Drikt ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our educational platform and services.

By using Drikt, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

1. Information We Collect

1.1 Personal Information You Provide

The data we collect about you is primarily what you have provided to us. We collect personal information that you voluntarily provide when you:

• Register for an account (email address, username, password)
• Set up your user profile (profile pictures, bio information)
• Subscribe to a plan (subscription tier: free, basic, pro, or premium)
• Use our referral system (referral codes, referral relationships)
• Interact with courses (comments, progress tracking)
• Contact our support team (support tickets, communications)

1.2 Information Collected Through OAuth

When you choose to authenticate using third-party services (Google), we receive:

• Your name and email address from the OAuth provider
• Profile picture (if publicly available)
• OAuth provider user ID

Google API Services User Data Policy Compliance: Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We only request the minimum necessary scopes for authentication purposes.

1.3 Automatically Collected Information

When you access our platform, we automatically collect:

• Device information (device type, operating system, browser type)
• Usage data (pages visited, time spent, features used)
• IP address and approximate location
• Cookies and similar tracking technologies
• Session information and authentication tokens

1.4 Financial and Token Information

• Subscription plan and payment status
• Referral earnings and commission rates
• DRIKT token balance and transactions
• Withdrawal history and amounts

2. How We Use Your Information

We will use your data to provide you with the services you requested, such as course access, progress tracking, and platform notifications. We use your information to:

• Provide and maintain our services: Account creation, authentication, and platform access
• Deliver educational content: Course access, progress tracking, and personalized learning experiences
• Process referrals: Track referral relationships and calculate commission earnings
• Manage subscriptions: Handle plan upgrades, downgrades, and access privileges
• Facilitate token operations: Manage DRIKT token balances, distributions, and transactions
• Communicate with you: Send account notifications, updates, and support responses
• Improve our platform: Analyze usage patterns and optimize user experience
• Ensure security: Detect fraud, abuse, and unauthorized access
• Comply with legal obligations: Meet regulatory requirements and respond to legal requests

3. Data Sharing and Disclosure

3.1 Service Providers

We will not sell your data to third parties, but we may share it with our trusted partners who help us provide our services. We share your information with:

• Supabase: Authentication, database hosting, and backend infrastructure
• Google: OAuth authentication services
• Analytics providers: Usage analytics and platform performance monitoring

We do not transfer or disclose your information to third parties for purposes other than the ones provided in this policy.

3.2 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service and protect our legal rights
• Investigate and prevent fraud, security issues, or illegal activities
• Protect the safety and rights of our users and the public

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control.

3.4 With Your Consent

We may share your information for other purposes with your explicit consent.

4. Data Security

Security procedures are in place to protect the confidentiality of your data. We use encryption to protect your information and implement industry-standard security measures:

• Encryption: Data in transit is encrypted using SSL/TLS protocols
• Secure authentication: Passwords are hashed using industry-standard algorithms
• Access controls: Strict access limitations to personal data
• Row-level security: Database policies ensure users can only access their own data
• Regular security audits: Continuous monitoring and security assessments
• Secure infrastructure: Hosted on Supabase with enterprise-grade security

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches as required by law.

5. Your Privacy Rights

5.1 GDPR Rights (European Users)

If you are located in the European Economic Area, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a portable format
• Object: Object to processing of your data
• Withdraw consent: Withdraw previously given consent at any time

5.2 CCPA Rights (California Users)

If you are a California resident, you have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information held by us
• Opt-out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

5.3 Exercising Your Rights

To exercise any of these rights, please contact us at the email address provided in Section 10. You can also:

• Update your profile information in your account settings
• Delete your account through the settings page
• Manage cookie preferences in your browser settings

We will respond to verified requests within 30 days as required by applicable law.

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use

• Essential Cookies: Required for authentication and core platform functionality
• Session Cookies: Maintain your login state and session information
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how users interact with our platform

6.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our platform. Essential cookies required for authentication cannot be disabled without affecting your ability to use the service.

6.3 Do Not Track

Some browsers include a "Do Not Track" feature. Our platform does not currently respond to Do Not Track signals.

7. Third-Party Services

7.1 Supabase

We use Supabase for authentication, database services, and backend infrastructure. Supabase processes and stores your data on our behalf. Their privacy policy can be found at https://supabase.com/privacy

7.2 OAuth Providers

When you use Google login, this service has its own privacy policy:

• Google: https://policies.google.com/privacy

Revoking Access: You can revoke Drikt's access to your Google account at any time through your Google account settings.

7.3 Limited Use Disclosure

Drikt's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We explicitly prohibit the use of Google user data for:

• Targeted advertising
• Selling to data brokers or information resellers
• Determining credit-worthiness or lending purposes
• Creating databases or training AI models (unless for core user-facing functionality)

8. Data Retention and Deletion

We store your personal information for a period of time that is consistent with our business purposes. We retain your personal information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal obligations (tax, accounting, regulatory requirements)
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

When the data retention period expires for a given type of data, we will delete or destroy it. When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it by law. You may request for your data to be deleted at any time by contacting us at the email provided below.

9. Children's Privacy

Drikt is not intended for children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that we have collected personal information from a child without parental consent, we will delete that information promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. We ensure appropriate safeguards are in place to protect your information in compliance with this Privacy Policy and applicable laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending you an email notification (for significant changes)
• Displaying a prominent notice on our platform

Your continued use of Drikt after any changes indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within a reasonable timeframe as required by applicable law.

13. Additional Information for Specific Jurisdictions

13.1 European Economic Area (EEA)

Legal Basis for Processing: We process your personal data based on:

• Contract: To fulfill our contractual obligations to provide services
• Consent: Where you have given explicit consent
• Legitimate Interests: To improve our services and prevent fraud
• Legal Obligation: To comply with applicable laws

Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.

13.2 California Residents

Under the California Consumer Privacy Act (CCPA), California residents have specific rights regarding their personal information. We do not sell personal information to third parties.