Effective Date: January 11, 2026
Entity: Aaras Learning Private Limited (operating LearnNDev)
At LearnNDev ("Company," "we," "our," "us"), your privacy is a priority. We are committed to protecting the personal and non-personal information of our users, clients, employees, and partners. This Privacy Policy explains in detail how we collect, use, store, disclose, and safeguard your information when you access or use our websites, applications, services, and platforms (collectively, "Services").
This Policy applies to all users worldwide and complies with some of the most widely recognized privacy and data protection frameworks, including but not limited to:
Note on FERPA & HIPAA: These laws apply only in specific contexts. LearnNDev is a commercial e-learning platform and does not routinely process educational records under FERPA or protected health information under HIPAA. If you use LearnNDev through a school or healthcare provider, separate data processing agreements govern that relationship.
Plain-Language Summary: This policy explains how LearnNDev protects and manages your data. We follow strict privacy laws from India, Europe, the US, and beyond—so no matter where you live, your rights are protected. We do not collect health information unless you explicitly choose to share it. We do not claim compliance with laws that don't apply to us (like HIPAA, unless you opt into health services).
By using our Services, you confirm that you have read and understood this Privacy Policy and agree to the collection and use of your Personal Data as described herein.
Where required by law (GDPR, DPDP Act 2023, COPPA, etc.), we obtain explicit, informed consent before processing sensitive or special categories of data:
Consent is granular: You can separately allow or deny marketing communications, profiling/personalization, non-essential cookies, and third-party data sharing.
Consent is easy to withdraw: You can withdraw consent at any time via account settings, unsubscribe links, or by contacting our Data Protection Officer. Withdrawal of consent does not affect processing that occurred before withdrawal.
No Implied Consent: Implied consent through continued use of our Services does not override your right to provide, modify, or withdraw consent. We will not infer consent from silence or default opt in.
Your Responsibilities: You are responsible for
● Maintaining confidentiality of your account credentials
● Providing accurate and complete information
● Not misusing LearnNDev data or platform features
● Complying with applicable laws
We may collect and process different categories of information, depending on how you use our Services:
● Direct provision: Registration forms, profile setup, course enrollment, payment
transactions
● Automated collection: Cookies, web beacons, server logs, analytics tools
● Third-party sources: Payment processors, social login integrations (with your
authorization)
● Inferred data: Behavioral patterns, learning analytics, derived insight
Plain-Language Summary: We collect basic information (name, email), learning data (progress, performance), and technical data (device, IP). Payment information is handled securely by trusted partners. Sensitive information is only collected if you explicitly give permission.
Lawful Purposes of Processing - Your information is processed for lawful and legitimate purposes:
Service Delivery & Personalization:
Legal & Compliance Obligations:
Security & Safety:
● Detecting, preventing, and addressing fraud, security threats, and platform misuse
● Protecting vital interests in emergencies
● Enforcing our Terms of Service and defending legal claims
Research & Product Development:
● Conducting research, analytics, and trend analysis (using aggregated, anonymized
data only)
● Optimizing platform performance and user experience
● Developing new features and services
● No personally identifiable data will be disclosed in research findings
Communications:
● Sending important notifications, updates, security alerts, and billing information
● Sending marketing communications, promotional offers, and course
recommendations (only with your consent)
● Conducting surveys to improve our Services
Prohibitions on Data Use
We explicitly do NOT:
● Combine sensitive data (health, educational records, religious affiliation) with
marketing or advertising purposes
● Use automated decision-making or profiling for admissions, credit scoring, or
eligibility determinations without human review
● Sell, rent, or trade your personal data to third parties for their marketing purposes
● Use your data for purposes materially different from those disclosed, without
explicit consent
Plain-Language Summary: We use your data to run LearnNDev, improve your learning, support you, keep the platform secure, and (if you agree) send updates and offers. We never use sensitive data for marketing.
LearnNDev uses Artificial Intelligence and Machine Learning to provide personalized recommendations and optimize learning experiences. We maintain safeguards to ensure responsible, transparent, and fair AI use:
● Human Oversight: No fully automated decisions are made without human
intervention in cases where outcomes could significantly affect you (e.g., course
eligibility, financial determinations, behavioral restrictions).
● Algorithm Transparency: We commit to explaining the AI algorithms and models
used in recommendations, when reasonably feasible.
● Bias Prevention & Fairness Audits: We conduct regular audits (at least annually) of
AI systems to identify and minimize bias, unfair treatment, and discriminatory
outcomes. Audit results are documented and used to improve systems.
● User Opt-Out Rights: Users may opt out of AI-based personalization at any time.
Non-AI, manual recommendations will be provided instead.
● No Sole Reliance on AI: LearnNDev does not make binding decisions (grading,
eligibility, access restrictions) based solely on AI without human review and
approval.
Data Subject Rights in Automated Processing - Under GDPR and DPDP Act 2023, you have the right to:
● Request human intervention and manual review of automated decisions
● Obtain information about the logic, significance, and consequences of automated
processing
● Opt out of profiling or automated decision-making
We process your data under different legal bases depending on your location:
GDPR (EU/EEA Users):
DPDP Act 2023 (India Users):
● Consent or legitimate uses (contract, legal obligation)
● Processing necessary to perform a contract with the data subject
● Compliance with legal obligations under Union or State law
● Protecting the vital interests of the data subject
CCPA/CPRA (California Users):
● Providing Services you've requested
● Business purposes (analytics, security, product development)
● Compliance with legal obligations
● Your right to opt out of sale/sharing of personal information
FERPA (US – School-Affiliated Data Only)
● Processing student records only under written Data Processing Agreements
● School-approved use only; no marketing or commercial use without consent
COPPA (US – Children Under 13):
● Verifiable parental consent required
● Minimal data collection (only necessary for Services)
● No profiling, marketing, or third-party sharing without parental consent
LearnNDev respects your privacy. We do not sell, rent, or trade your personal data to third parties for their independent marketing purposes. However, we may share your information in limited, lawful circumstances:
Some of our vendors and cloud providers may process data in multiple jurisdictions. Where data is transferred outside your country, we ensure adequate safeguards, including Standard Contractual Clauses (SCCs) under GDPR or equivalent protections. All third-party processors are subject to strict due diligence, including security audits and contractual Data Processing Agreements (DPAs).
Plain-Language Summary: We don't sell your data. Sometimes we share it with service providers (like payment gateways) or if the law requires it. All partners are contractually bound to protect your privacy.
LearnNDev operates globally. Your information may be transferred, stored, and processed in jurisdictions outside your home country. We ensure:
● Transfers comply with applicable legal requirements (e.g., Standard Contractual
Clauses under GDPR).
● Strong security measures (encryption, access controls) are in place regardless of
storage location.
● Data is only transferred to countries or partners with adequate data protection
standards.
● Where data is transferred from India to another jurisdiction, LearnNDev complies
with cross-border transfer rules under the DPDP Act, 2023.
Plain-Language Note: Your data may move across countries, but we make sure it always gets the same level of protection, no matter where it’s stored.>
We retain personal data only for as long as necessary to provide Services, fulfill contractual obligations, comply with legal requirements, and resolve disputes. Retention periods are determined by:
When data is no longer required:
● We securely delete or anonymize it
● Residual copies may remain temporarily in secure backups or system logs
● These copies are not actively processed and are automatically purged during
regular backup cycles
● Deletion is typically completed within 30 days of request, except where legal
obligations require retention
You can request deletion of your personal data at any time, subject to:
● Legal or contractual obligations to retain (e.g., tax records, dispute evidence)
● Active legal proceedings or investigations
● Backup retention periods (which do not involve active processing)
Plain-Language Summary: We keep your data only as long as needed for services or law. If you ask us to delete it, we will — any leftover backup copies will disappear automatically.
LearnNDev uses cookies, web beacons, pixels and similar technologies to improve your experience. These are categorized as:
● Essential Cookies – required for basic site functionality.
● Performance Cookies – help us understand how you use the platform.
● Functional Cookies – remember your preferences.
● Advertising Cookies – used for relevant marketing (with your consent).
● Third-Part Analytics & Tools – We may use analytics and marketing providers
such as Google Analytics, Mixpanel, or Hotjar. Their data use is subject to their
own privacy policies.
Browser Controls: You can manage cookies through your browser settings or use privacy
extensions to block trackers.
Global Privacy Control (GPC): LearnNDev honors Global Privacy Control (GPC)
signals as required by CCPA/CPRA. If you enable GPC in your browser, LearnNDev will
treat this as a valid opt-out request.
Do-Not-Track (DNT): While we honor GPC, we note that industry-standard DNT
signals are not universally implemented; GPC is the more reliable standard.
Plain-Language Note: Cookies are small files that make our website work better for you. Some are necessary, others help us improve or show relevant offers. You can always control them.>
We comply with COPPA (USA), GDPR-K (EU), and similar child protection regulations.
● Children under 13 years (US) / 16 years (EU) must not use our Services without
parental consent.
● We do not knowingly collect data from minors without proper consent.
● Parents/guardians can review, request deletion, or withdraw consent for their child’s
data.
Parental Rights for Minors' Data
Parents and guardians can:
● Review their child's personal data
● Request correction or deletion of inaccurate data
● Withdraw consent and terminate the child's account
● Request that we stop collecting or using the child's data
Parental requests can be made to: info@learnndev.com with proof of guardianship (e.g., birth certificate, custody documentation).
Data Collection for Children (with Consent)
If a child's parent provides veri ed consent, LearnNDev collects only the minimum information necessary to deliver educational services:
● Name, email, age
● Learning progress and course completion data
● No health, biometric, or sensitive data (unless for accessibility accommodations
with explicit parental consent)
Data Protection Under FERPA & Student Privacy
When processing student educational records:
● Data is used strictly for educational purposes under FERPA and state student
privacy laws
● No commercial, marketing, or advertising use
● No profiling for admissions or eligibility decisions
● Data is shared only with school-authorized personnel or service providers
● FERPA does not apply to LearnNDev's direct-to-consumer services.
Plain-Language Summary: Kids can only use LearnNDev with their parent's permission. Parents can always ask us to delete their child's information.
We implement administrative, technical, and organizational safeguards to protect your data:
Technical Safeguards:
● End-to-end encryption (AES-256 for data at rest)
● Transport Layer Security (TLS 1.2+) for data in transit
● Web Application Firewall (WAF) to block malicious traffic
● Intrusion Detection & Prevention Systems (IDS/IPS)
Access Controls:
● Role-based access control (RBAC) restricting data to authorized personnel only
● Multi-factor authentication (MFA) for all accounts
● Principle of least privilege: employees access only what they need
● Regular access reviews and deprovisioning of former staf
Monitoring & Testing:
● Regular penetration testing by independent security firms
● Vulnerability assessments and patch management
● Security incident response procedures
● 24/7 security monitoring and log analysis
Organizational Safeguards:
● Privacy by Design principles applied to all new features
● Data minimization: only collect and retain necessary data
● Employee training on data protection and cybersecurity (mandatory annually)
● Confidentiality agreements signed by all staff and contractors
● Vendor security due diligence and Data Processing Agreements
Zero-Trust Architecture:
● All access requests authenticated and verified
● Continuous verification of device and user security posture
● Network segmentation to limit lateral movement in breach scenarios
● Encrypted inter-service communications
Cyber Liability Insurance – LearnNDev carries cyber liability insurance to further
protect users in the event of a breach.
Responsible Disclosure Program – We encourage security researchers to report
vulnerabilities responsibly:
● Email: info@learnndev.com
● Response timeframe: Acknowledgment within 48 hours
● Eligible vulnerabilities may receive bug bounty rewards
● Full disclosure only after reasonable time to remediate (typically 90 days)
Limitations & Disclaimer – No system is 100% secure. Despite our safeguards:
● We continuously monitor and update systems to minimize risks
● We are not liable for breaches caused by factors beyond reasonable control (force
majeure, state-sponsored attacks, user negligence)
● You are responsible for maintaining strong, unique passwords and protecting your
account credentials
Plain-Language Summary: We use strong security (encryption, firewalls, audits) to protect your data. While no system is perfect, we work constantly to keep you safe.
Depending on your location, you may have the following rights:
● Access & Portability – Request a copy of all your personal data in a structured,
machine-readable format. Know what data we collect, how we use it, and who we
share it with.
● Rectification – Correct inaccurate, incomplete, or outdated data Request updates
to your profile information.
● Erasure (“Right to be Forgotten”) – Request deletion of your personal data,
subject to legal or contractual retention obligations. LearnNDev will process
deletion within 30 days (GDPR) or 45 days (DPDP Act 2023). Some data may need
to be retained for compliance, tax, or legal proceedings.
● Restriction of Processing – Request that we limit how we use your data while we
investigate or verify accuracy. Ask us to stop certain processing activities while
retaining the data.
● Objection – Opt out of marketing communications, profiling, and automated
decision-making. Withdraw consent at any time, effective immediately for future
processing.
● Data Portability – Transfer your data to another service provider in a
machine-readable format. Available in structured, commonly-used formats (CSV,
JSON).
● Human Intervention in Automated Decisions – Request human review of
decisions made solely by automated systems. Contest algorithmic determinations
that affect your education or access to services
● Withdraw Consent – Revoke consent for specific processing activities at any time.
No penalty for withdrawal; your access to Services continues where not dependent
on withdrawn consent
Requests can be made by contacting our Data Protection Officer (DPO). You also have the right to lodge a complaint with your local Data Protection Authority if you believe we have mishandled your data. For automated decision-making or profiling, you may request human intervention. To exercise these rights, please email info@learnndev.com with the subject “Data Rights Request.”
Plain-Language Note: You can see, fix, download, or delete your data whenever you want. Just contact us.
A data breach is an incident where unauthorized or accidental access, disclosure, loss, or destruction of personal data occurs. Our Breach Response Procedures:
Immediate Actions (Within 24–48 Hours):
1. Investigate the breach and determine scope, type of data affected, and number of
individuals impacted
2. Contain the breach and prevent further unauthorized access
3. Preserve evidence for forensic analysis
Notification to Users (Within 72 Hours – GDPR & DPDP Requirement):
● Notify affected individuals directly via email or in-app alert
● Provide: description of the breach, data affected, likely consequences, and mitigation
steps
● Offer guidance on steps users can take to protect themselves (password changes,
credit monitoring, etc.)
Notification to Regulators:
● If required by law (GDPR, DPDP, state laws), notify relevant authorities
● GDPR: Notify supervisory authority within 72 hours of discovery (no undue delay)
● DPDP Act 2023: Notify the Grievance Officer and relevant authorities per
guidelines
Mitigation & Follow-Up:
● If financial data is compromised, offer free credit monitoring or equivalent
protection
● Provide regular updates on investigation status and remediation efforts
● Document the breach internally with full details for compliance records
High-Risk Breaches – For breaches posing high risk to your rights and freedoms, we will:
● Provide direct notification in clear, understandable language
● Recommend immediate preventive actions (password resets, account monitoring)
● Offer compensation or remediation where appropriate
● Conduct a root cause analysis and implement systemic improvements
Breach Transparency – All breaches, even those not legally reportable, are documented internally and reviewed by our security team to strengthen future defenses.
Plain-Language Summary: If there's ever a data leak, we'll tell you quickly, help protect you, and fix the issue fast.
Types of Communication
● Account registration and password reset confirmations
● Payment receipts and billing information
● Course enrollment confirmations
● Security alerts and suspicious activity warnings
● Technical support responses
● Service announcements and platform maintenance notifications
These are essential and cannot be opted out of
Marketing Communications (Consent-Based):
● Course recommendations and new course announcements
● Promotional offers and discounts
● Product updates and new feature announcements
● User surveys and feedback requests
● Newsletters and educational content
Consent Management
Opt-In Model:
● You must explicitly opt in to receive marketing communications
● Opt-in consent is recorded and documented
Granular Preferences: You can separately allow or deny:
● Course and product recommendations
● Promotional offers and discounts
● Educational newsletters
● Partner communications
● Cookies beyond those strictly necessary
Easy Opt-Out:
● Unsubscribe link in every marketing email
● Account settings page to manage preferences
● One-click opt-out that is honored within 10 business days
● Email: info@learnndev.com to request opt-out from all marketing
Compliance with Anti-Spam Laws
CAN-SPAM Act (USA):
● Every marketing email includes our corporate address
● Clear unsubscribe instructions provided
● Opt-out requests honored within 10 business days
GDPR Marketing Requirements (EU):
● Opt-out mechanisms equally easy as opt-in
● Right to withdraw consent freely (Article 21)
● No re-opt-in without explicit new consent
India Anti-Spam Rules:
● Similar opt-in model for SMS and email
● Compliance with Telecom Regulatory Authority of India (TRAI) guidelines
Plain-Language Summary: We only send you marketing if you agree. You can unsubscribe anytime. But important messages (like billing or security) will still reach you.
Commitment to Accessibility
LearnNDev is committed to providing inclusive, accessible services for users with disabilities. We comply with:
● Americans with Disabilities Act (ADA) standards
● Web Content Accessibility Guidelines (WCAG 2.1) Level AA
Accessibility Features
● Screen reader compatibility
● Keyboard navigation and focus management
● Color contrast ratios exceeding WCAG standards
● Closed captions and transcripts for video content
● Adjustable text size and font options
● Alt text for images and graphics
Accessibility Accommodations
Users requiring accommodations (e.g., extended course timelines, alternative assessment formats, adaptive technology support) may request assistance by:
● Emailing: info@learnndev.com
● Including description of your accessibility needs
● Providing supporting documentation if relevant
We will respond within 5 business days and work with you to implement reasonable accommodations.
External Links & Websites
Our Services may contain links to third-party websites, applications, and platforms. LearnNDev is not responsible for the privacy practices, content, security, or legal compliance of these external sites.
We encourage you to review the privacy policies of any third-party sites before providing them with personal information.
Social Login & Integrations
If you choose to log in or interact with our Services through social platforms (Google, Facebook, LinkedIn, GitHub):
● The social platform's privacy policy governs that data exchange
● LearnNDev receives only the information you authorize (typically name, email, pro
le picture)
● You can revoke access through your social platform account settings anytime
Third-Party Content & Services
● Embedded videos, podcasts, or content from third parties
● Partner course or certification platforms
● Payment processors and payment methods
● Analytics and marketing tools
LearnNDev is not responsible for these third parties' data practices.
Plain-Language Summary: If you click an outside link (like a partner or payment site), their rules apply—not ours.
LearnNDev maintains a Privacy Governance Framework that includes:
● Appointment of a Data Protection Officer (DPO).
● Annual compliance audits for GDPR, DPDP, CCPA, and other global standards.
● Independent third-party certifications (e.g., ISO/IEC 27001).
● A Privacy Impact Assessment (PIA) for all new products and features
LearnNDev has appointed a Data Protection Officer (DPO) and a Grievance Officer (per DPDP). LearnNDev also maintains a Compliance Matrix mapping each obligation under GDPR, DPDP, CCPA, FERPA, and HIPAA to its internal controls. Privacy matters are periodically reviewed by LearnNDev’s executive leadership and, where appropriate, by an independent privacy advisory committee.
Law Enforcement & Government Requests — We may disclose data when required by lawful government or law enforcement requests. If legally possible, users will be informed before disclosure.
Governing Law & Jurisdiction — This Policy is governed by Indian law. For global users, disputes may also be resolved under international arbitration frameworks. We may update this Privacy Policy to reflect changes in laws, technologies, or our practices. When updates occur:
● The “Effective Date” will be revised. A change log of prior Privacy Policy versions
will be published at LearnNDev’s privacy policy, detailing what was updated and
why.
● We will notify you by email or in-app notification (for major changes).
● Continued use of our Services after updates means you accept the new policy
Where changes materially affect your rights, we will explicitly request renewed consent before continuing data processing.
Any questions about this Policy should be addressed to info@learnndev.com.
Thank you for trusting LearnNDev to empower your career! We commit to your success through quality training and unwavering support.