Privacy Policy

Version: v1.1
Posted: 13 September 2018
Effective from: 13 September 2018

Welcome to Crash Course

Thanks for using Crash Course!

This Privacy Policy explains how we collect and use your information while the Terms cover your use and access to our products, services, client software, and websites.

Privacy of our user data

When you use Crash Course services or attend Crash Course workshops & bootcamps, you trust us with your information. This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. Please take time and read this policy carefully and contact us if you have any questions.

Information we collect

We collect information to provide better services to all of our users - from figuring out basic stuff like which topics you like to learn about to more complex things like which learning methodologies are best suited for you.

How we collect information

We collect information in the following ways:

  • Information you give us: For example, when you sign up with us, we ask for your full name, and email ID. We use secure payment gateways and as such we don't store your credit card / debit card numbers either in plain text or encrypted format. We might, however, store fingerprints of these cards so we can identify any suspicious activity.
  • Information we get from 3rd parties: For example, when you sign up using your Google account, we might store your profile information from Google.
  • Log information: When you use our website, we automatically collect and store certain information in server logs. This includes details of how you used our services, IP addresses, device related details (such as screen size, operating system, browser type and version etc.,) referral URLs, cookies and browser-level information.
  • Cookies and similar technologies: We may use cookies to personalize your learning experience, keep track of sessions and invite codes.

Cookies

Cookies are bits of text that are placed on your computer’s hard drive or mobile device when you visit certain websites. Cookies hold information that may be accessible by the party that places the cookie, which is either the website itself (first-party cookie) or a third party (third-party cookies). You do have control over cookies, and can refuse the use of cookies by selecting the appropriate setting on your browser. Most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable or delete existing cookies. Please note, however, that by not accepting or deleting the use of cookies, you may not be able to use the website and our Services.

On the website & other Services, we use cookies for the following purposes:

  1. To gather website statistical data to analyze how our users use the website, such as which pages are visited, how long pages were visited and the paths taken by visitors to our website as they move from page to page.
  2. To provide authentication (i.e. to keep you logged in between sessions). The information collected using local storage is stored on your browser and persists after your browser is closed.
  3. To keep track of user invites. We use cookies to set invite codes and maintain them till the user registers on our website or the Service for which the cookie is valid.

For the purpose listed under 1), we use Google Analytics, Heap Analytics and our own Analytics engine.

Data transfers outside the EEA

We may transfer the personal data we obtain to third parties in countries outside the European Economic Area (EEA). The laws in those countries may not offer an adequate level of data protection. In particular, personal data may be transferred to India & the United States.

When we transfer your personal data outside the EEA, we will protect your personal data as described in this Privacy Statement. If you have concerns about the way we handle your data, you should stop using us and intimate us at help@crashcourse.io to get your account deleted. Although we would be sad to see you stop using us.

How we use information we collect

We use the information we collect to offer you and all of our users with better services and experiences. However, here are a few things that we want to highlight:

  • We do NOT sell or rent your personal information to anyone. Never ever.
  • We do NOT share your personal information with anyone outside of Crash Course for their marketing or promotions. We, however, share personal information with our 3rd party analytics or other service providers to analyze the traffic, user behavior and enhance your learning experience. While we don't guarantee it, we put in efforts to see to it that these 3rd party providers do not use your information for their own purposes.
  • If the code you submit for evaluation, or the person details you give inside your project (including but not limited to comments, variable names etc.,), will be shared with other vendors who offer those services. If you don't want us to do so, refrain from using your PII as variable names or in comments.
  • We will share personal information with companies, organizations or individuals outside of Crash Course when we have your consent to do so.
  • We use your personal information to manage your account, to contact you and to improve certain aspects of our services and website. We also use your personal information in processing orders, clearing waitlists or to contact your college for collaboration and other purposes.
  • We might share summarized information with people outside of Crash Course. While we put in efforts to summarize data in such a way that an individual user will not be identified, this is NOT guaranteed.
  • We may access and/or disclose your information if it is necessary to comply with the law or legal process, to protect or defend Crash Course, an employee of Crash Course or a certain stakeholder of Crash Course. For example, we may be required to cooperate with regulators or law enforcement action such as a court order, subpoena or search warrant.
  • If Crash Course is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

How we protect personal data

We maintain appropriate technical and organizational security safeguards designed to protect your personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, due the inherent open nature of the Internet, we cannot guarantee that communications between you and us or the personal information stored is absolutely secure. We will notify you of any data breach that is likely to have unfavorable consequences for your privacy.

Crash Course and the EU General Data Protection Regulation (GDPR)

At Crash Course, we’re committed to privacy—that’s why our privacy policies already adhered to the the high standard of the new European data protection law known as GDPR, and why we’re ensuring we maintain those rights and extend them to all our users, inside and outside the EU.

Information Security & Data Safety

We work hard to protect Crash Course and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:

  • We encrypt many of our services using SSL.
  • We review our information collection, storage and processing practices, including physical security measures where possible, to guard against unauthorized access to systems.
  • We change the security credentials for our systems frequently at a random time to break any brute-force attempts by the bad people.
  • We restrict access to personal information to Crash Course employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

Whenever you use our Services to make your resume / CV or your online profile public, you have an option to decide if anyone with the link can view your profile or details. Remember that changing the option midway wouldn't prevent the bad people to misuse your information which they obtained prior to your change.

  • We also prevent direct file downloads by using temporary URLs for your documents.
  • We require your login to download certain files, and the origin of the file is protected behind your login.
  • We also use signed URLs, which will expire automatically. After a signed URL has expired a new URL will be generated for each file, which will be the only valid URL.
  • The URL can not be guessed and all filenames are obfuscated.

Where we store your data

We use Google Cloud platform for our services. We also use Digital Ocean and Amazon Web Services to power certain portions of our Services. All database related is stored in the US (Google Data centers) and in India (Google Data centers). The code you submitted will be stored for a certain time in Digital Ocean and AWS (in the US as well as in India). Read more about Google Cloud Security, Digital Ocean Security and AWS Security.

Also,

  • All of our servers are within our own virtual private cloud / network (VPC / VPN) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.
  • Only a handful of people can access data and they only do so in order to improve the services we provide.
  • We monitor and audit our usage logs.

Third Party services we use

We use a number of third parties to store user data in order to provide/improve our services:

  • We send transactional and administrative emails through Mailgun.
  • We use Google Analytics and Heap Analytics to track page views to improve usability of our Services.
  • All payments are processed by Razorpay. We don’t currently store any payment information but we do store customer data from these transactions for future purposes (for example when we move to other vendors or when we need to fight disputes with banks).

How Long We Retain Personal Data

We retain personal data for as long as necessary to fulfill the purposes for which we collect or receive the personal data, except if required otherwise by applicable law. Typically, we will retain most of the personal data for the duration of your use of the website and our Services, until you have deleted your account, unless a longer applicable statutory retention period applies. Note that after the deletion of your account your code may be left on our servers, certificates might still be verifiable and the orders you placed are still kept to maintain books. If you would like us to remove your certificates and anonymize your details in invoices, please contact us at help@crashcourse.io.

Your Rights

You have the following rights in relation to your personal data:

  • The right to obtain, at reasonable intervals and free of charge, information on whether or not your personal data are being processed and to receive the personal data that is being processed in an intelligible form;
  • The right to request rectification or erasure of personal data or restriction of or objection to processing of your personal data. You may also request us to provide you your data in a structured, commonly used and machine readable format which can be transmitted to another controller.
  • To exercise these rights, please contact us using our contact details set out below. We may request you to provide a copy of your ID card or otherwise evidence your identity. We will respond to your request within the applicable statutory term.
  • Moreover, subject to this Privacy Statement, you have the right to lodge a complaint with the competent supervisory authority. Please contact you local data protection authority for more information regarding how to file such a complaint.

Contacting us

We welcome your comments or questions about this privacy policy. You can contact us at help@crashcourse.io

To request modifications or withdraw consent, please send an email to the Data Protection Officer.

Data Protection Officer: Sreyantha Chary M
Email: dpo@crashcourse.io

Scope

Our Privacy Policy applies to all of the Services offered by Crash Course but excludes services that have separate privacy policies that do not incorporate this Privacy Policy.

Our Privacy Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you in our content or website, sites that may include Crash Course services, or other sites linked from our services. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads or content.

Changes

Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We may choose to keep prior major versions of this Privacy Policy in an archive for your review.