Effective Date: September 27, 2025
1. Introduction
At mysira.ai (“we,”“us,” or “our”), we recognize that your privacy is a fundamental right. This Privacy Policy is designed to be transparent about how we collect, use, store, protect, and share your personal information when you access or use our online learning platform, services, mobile applications, or associated tools (collectively, the “Services”).
By using the Services, you acknowledge that you have read, understood, and agree to the practices outlined in this Privacy Policy. We are committed to upholding the highest standards of data protection.
If you have questions, concerns, or requests related to this Privacy Policy or your personal information, please contact us at support@mysira.ai.
2. Information We Collect
We collect personal information to deliver, improve, and personalize the Services, ensure security, and comply with legal obligations. The information we collect falls into the following categories, and we only gather data that is necessary for the stated purposes:
2.1 Personal Identifiable Information (PII)
This is information that can be used to identify you directly or indirectly. We collect PII when you register an account, subscribe to premium services, or communicate with us:
• Account Registration Data: email address, phone number (optional, provided at your discretion), and a unique username.
• Billing & Payment-Related Data: For premium subscriptions, we collect billing address, payment method details (e.g., credit/debit card type, expiration date), and subscription plan selection. We do not store full credit card numbers or sensitive payment credentials—these are processed and secured by third-party payment processors (e.g., Stripe, PayPal) that comply with the Payment Card Industry Data Security Standard (PCI DSS).
• Communication Data: If you contact our support team (via email, in-app chat, or phone), we collect your communication content, contact history, and any additional information you provide to resolve your inquiry.
2.2 Learning-Related Information
This data is critical to delivering personalized learning experiences and tracking your progress. We collect it as you use the Services:
• Learning Preferences: Preferred content formats (e.g., video, text, interactive quizzes), subject areas of interest, learning pace (e.g., self-paced vs. structured schedules), and language settings.
• Progress & Performance Data: Courses enrolled in, modules completed, time spent on each activity, quiz/test scores, assessment results, and feedback you provide on content (e.g., ratings for a course).
• Customized Materials: Notes you create within the platform, highlighted content, custom flashcards, and saved resources (e.g., downloaded reading materials or bookmarked videos).
2.3 Automatically Collected Usage Data
When you interact with the Services, we automatically collect non-identifiable or pseudonymized data to understand usage patterns, optimize performance, and enhance user experience. This data is collected via cookies, server logs, and embedded tracking tools:
• Device & Technical Data: Device type (e.g., smartphone, laptop), operating system (e.g., iOS 17, Windows 11), browser type and version (e.g., Chrome 118, Safari 16), unique device identifiers (e.g., IMEI, UUID), and internet service provider (ISP).
• Navigation & Interaction Data: IP address (used to approximate location for regional content delivery), pages visited on the platform, time spent on each page, click-through rates (e.g., on course recommendations), search queries within the Services, and session duration.
• Error & Performance Data: System errors, crash reports, and loading times for pages or features (used to fix technical issues and improve platform stability).
2.4 Information from Third Parties
In limited cases, we may receive information about you from trusted third parties, but only with your consent or as permitted by law:
• Social Login Providers:
If mysira.ai supports account registration via social media platforms (e.g., Google, Facebook) and you also choose to register your mysira.ai account using such a social media platform, we will obtain basic profile information (e.g., name, email address) from that provider in accordance with your authorization.
• Referral Partners: If you are referred to mysira.ai by a partner (e.g., an educational institution), we may receive your name and email address to link you to the referral program (with your prior consent).
3. How We Use Your Information
We use your personal information only for legitimate, specified purposes that align with the Services you access. Below are the key ways we use your data:
3.1 To Deliver and Personalize the Services
• Create and manage your account, including verifying your identity and ensuring secure access.
• Generate adaptive learning plans tailored to your goals (e.g., exam preparation, professional upskilling) and performance (e.g., adjusting content difficulty based on quiz scores).
• Recommend relevant courses, materials, or tools (e.g., suggesting a “Data Analysis Basics” course if you previously completed a “Excel Fundamentals” module).
• Process and manage premium subscriptions, including invoicing, payment processing, and renewal reminders.
3.2 To Communicate With You
• Send essential account notifications: Updates about your account (e.g., password reset links, changes to subscription status), service disruptions, or policy updates (e.g., changes to this Privacy Policy). These communications are non-opt-out, as they are necessary for using the Services.
• Send optional promotional or informational content: Newsletters about new courses, feature launches, or exclusive offers for premium users. You can opt out of these communications at any time by clicking the “Unsubscribe” link in emails or adjusting your account settings.
• Respond to your inquiries: Address support requests, feedback, or complaints via email, in-app chat, or phone.
3.3 To Improve and Optimize the Services
• Analyze usage data to identify trends (e.g., which course topics are most popular) and areas for improvement (e.g., fixing a feature with low engagement).
• Test new features, content, or design changes (e.g., a revised progress-tracking dashboard) to ensure they enhance user experience.
• Personalize the platform’s interface (e.g., prioritizing your most recently accessed courses on the homepage).
3.4 To Ensure Security and Compliance
• Detect and prevent fraud, unauthorized access, or misuse of the Services (e.g., flagging unusual login activity from a new location).
• Protect the safety of users and the platform (e.g., investigating reports of prohibited activities, such as sharing unauthorized course materials).
• Comply with applicable laws, regulations, or legal requests (e.g., responding to a court order or subpoena, or fulfilling tax reporting obligations).
3.5 For Aggregate or Anonymized Research
We may aggregate or anonymize your data (so that it no longer identifies you) to conduct research on learning trends, improve educational content, or share insights with educational partners (e.g., “60% of users prefer video tutorials for technical courses”). This aggregated data is not considered personal information under this Privacy Policy.
4. How We Share Your Information
We never sell, rent, or lease your personal information to third parties for marketing purposes. We only share your data in the following limited circumstances, and always with safeguards to protect your privacy:
4.1 Trusted Third-Party Service Providers
We engage third-party vendors to help us operate the Services, and these providers only access your data to perform specific tasks on our behalf. They are contractually obligated to:
• Use your data solely for the purposes we specify.
• Maintain appropriate security measures to protect your data.
• Comply with applicable data protection laws.
Key third-party providers include:
• Payment Processors: Stripe, PayPal, or other regional payment gateways (process premium subscription payments and secure billing data).
• Cloud Storage & Hosting Providers: Amazon Web Services (AWS) or Google Cloud (store your account data, learning materials, and usage logs securely).
• Analytics Tools: Google Analytics or Mixpanel (analyze usage data to improve the platform—we disable features that track personally identifiable information).
• Customer Support Tools: Zendesk or Intercom (manage support tickets and communicate with users).
4.2 Legal or Regulatory Disclosures
We may disclose your personal information if required by law, or to protect our rights, safety, or the safety of others:
• In response to a valid court order, subpoena, or government request (e.g., from a data protection authority).
• To investigate or address suspected fraud, illegal activity, or violations of our User Service Agreement (e.g., sharing unauthorized content).
• To protect the safety of users, the public, or our platform (e.g., responding to a report of harassment).
4.3 Business Transfers
If we undergo a merger, acquisition, sale of assets, or bankruptcy, your personal information may be transferred to the new entity. We will notify you via email or a prominent notice on the platform at least 30 days before the transfer, and the new entity will be bound by this Privacy Policy (or a similar policy that protects your rights).
4.4 With Your Consent
We may share your data with third parties if you explicitly consent to it (e.g., sharing your course completion certificate with an employer via a linked platform).
5. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience, personalize content, and analyze usage. Below is detailed information about how we use these tools:
5.1 What Are Cookies?
Cookies are small text files stored on your device when you visit the Services. They help us recognize your device, remember your preferences, and collect usage data. We use two main types of cookies:
• Session Cookies: Temporary cookies that expire when you close your browser. They enable basic functionality (e.g., keeping you logged in during a session).
• Persistent Cookies: Remain on your device for a set period (e.g., 1 year) or until you delete them. They remember your preferences (e.g., language settings) and track long-term usage.
5.2 How We Use Cookies
| Cookie Category | Purpose | Examples |
|---|---|---|
| Necessary Cookies | Essential for the Services to function. Disabling these breaks core features. | Keeping you logged in, saving course progress, enabling secure account access. |
| Functional Cookies | Remember your preferences to personalize the platform. | Saving your preferred language, hiding pop-ups you've dismissed, prioritizing your favorite courses. |
| Analytics Cookies | Collect data on how you use the Services to improve performance. | Tracking page views, measuring engagement with new features, identifying error trends. |
| Marketing Cookies (Optional) | Deliver targeted promotional content (only if you consent). | Showing ads for premium subscriptions on third-party sites, tracking the effectiveness of email campaigns. |
5.3 Managing Cookies
You can control or delete cookies through your browser settings:
• Chrome: Settings > Privacy and security > Cookies and other site data.
• Safari: Preferences > Privacy > Manage Website Data.
• Firefox: Settings > Privacy & Security > Cookies and Site Data.
Note: Disabling necessary cookies may prevent you from using key features (e.g., logging into your account, saving course progress).
6. Data Security
We implement industry-leading security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. Our security practices include:
6.1 Technical Security
• Encryption: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS 1.3). Sensitive data (e.g., passwords) is stored using AES-256 encryption (the same standard used by banks).
• Access Controls: Only authorized personnel (e.g., support teams, data analysts) can access your personal information, and they are required to use multi-factor authentication (MFA) and secure passwords.
• Regular Audits: We conduct quarterly security audits and vulnerability assessments by third-party firms to identify and fix potential risks.
6.2 Organizational Security
• Employee Training: All staff receive annual training on data protection laws (e.g., GDPR, CCPA) and best practices for handling personal information.
• Data Minimization: We only collect and store data that is necessary for the stated purposes, and we delete or anonymize data when it is no longer needed.
6.3 Limitations
While we take every reasonable step to protect your data, no online platform or transmission method is 100% secure. We cannot guarantee absolute security against breaches caused by factors beyond our control (e.g., user negligence, third-party cyberattacks). If a data breach occurs, we will notify you and relevant authorities (as required by law) within 72 hours of discovery, and provide guidance on steps you can take to protect your information.
7. Your Data Protection Rights
Depending on your location (e.g., EU/EEA, California), you have legal rights regarding your personal information. We make it easy to exercise these rights at any time:
7.1 Key Rights (Subject to Local Laws)
| Right | Description | How to Exercise |
|---|---|---|
| Right to Access | Request a copy of the personal information we hold about you (in a portable format, e.g., CSV). | Email support@mysira.ai with the subject line "Data Access Request." |
| Right to Correction | Update or correct inaccurate, incomplete, or outdated information (e.g., a misspelled name, old email address). | Edit your details directly in your account settings, or contact support for assistance. |
| Right to Deletion (Right to Be Forgotten) | Request deletion of your personal information, unless we are required to retain it (e.g., for legal compliance). | Email support@mysira.ai with the subject line "Data Deletion Request." We will confirm deletion within 14 days. |
| Right to Restrict Processing | Ask us to stop using your data (e.g., if you dispute the accuracy of the information) while we resolve the issue. | Email support@mysira.ai with the subject line "Restrict Processing Request." |
| Right to Data Portability | Request that we transfer your data to another service provider (e.g., exporting your course progress to another learning platform). | Email support@mysira.ai with the subject line "Data Portability Request." |
| Right to Object | Object to the processing of your data for marketing purposes or analytics (we will stop processing unless we have a legitimate reason to continue). | Opt out of marketing emails via the "Unsubscribe" link, or email support to object to analytics. |
7.2 Verification of Requests
To protect your privacy, we will verify your identity before fulfilling any data request (e.g., asking you to confirm your email address or answer a security question). We will respond to all valid requests within 30 days (or within the timeframe required by local law, e.g., 45 days under CCPA).
7.3 Right to Lodge a Complaint
• If you are dissatisfied with how we handle your data, you may lodge a complaint with a local data protection authority.
8. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law. Our retention periods are based on the following principles:
8.1 Account Data
• If you have an active account: We retain your PII (e.g., name, email) and learning data (e.g., course progress) for as long as your account is active.
• If you deactivate your account: We delete your PII within 30 days, unless we are required to retain it (e.g., to resolve unpaid subscription fees or comply with tax laws). Learning data (e.g., quiz scores) is anonymized after 90 days.
8.2 Usage and Analytics Data
• Non-identifiable usage data (e.g., device type, page views) is retained for 2 years to improve the Services, then anonymized for long-term research.
8.3 Legal or Regulatory Retention
We may retain your data for longer periods if required by law (e.g., tax records for 7 years, or data needed to resolve a legal dispute). Once the retention period ends, we securely delete or anonymize the data so it no longer identifies you.
9. International Data Transfers
As a global platform, we may transfer your personal information to countries outside the one in which you reside (e.g., storing data in AWS servers located in the United States, or sharing data with a support team in India). We ensure these transfers comply with global privacy laws by using the following safeguards:
9.1 Legal Mechanisms
• EU/EEA Users: Transfers to countries outside the EU/EEA are covered by the EU-U.S. Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs)—legal agreements that ensure your data is protected to the same standard as in the EU/EEA.
• California Users: Transfers are compliant with the CCPA’s requirements for cross-border data sharing, including ensuring third-party providers maintain adequate security measures.
9.2 Transparency
We only transfer your data to countries with recognized data protection standards, and we require all third-party providers to comply with these safeguards. If you request details about specific data transfers, please contact support@mysira.ai.
10. Third-Party Websites and Services
The Services may contain links to third-party websites, tools, or services (e.g., external resources referenced in a course, social media sharing buttons, or payment processors). These third parties operate independently of mysira.ai and have their own privacy policies.
We are not responsible for the content, security, or privacy practices of third-party sites. We encourage you to review the privacy policy of any third-party.