Privacy Policy

MapleIELTS is committed to protecting your privacy and ensuring the security of your personal information. This comprehensive Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our IELTS preparation platform and related educational services.

1. Information We Collect

Account Registration Information:

• Full name and email address
• Date of birth (for age verification and compliance)
• Country/region of residence
• Preferred language settings
• Profile photo (optional)
• Phone number (optional, for account security)

Educational Data:

• IELTS practice test responses and scores
• Study progress and completion rates
• Learning analytics and performance metrics
• Speaking recordings (with explicit consent)
• Written submissions and essays
• Skill assessments and diagnostic results

Technical Information:

• Device type, browser, and operating system
• IP address and general location
• Usage patterns and feature utilization
• Login times and session duration
• Error logs and technical diagnostics

2. How We Use Your Information

Educational Services:

• Provide personalized IELTS preparation and practice tests
• Track learning progress and provide performance analytics
• Generate customized study plans and recommendations
• Deliver targeted feedback and improvement suggestions
• Enable interactive learning features and tools

Platform Improvement:

• Analyze usage patterns to improve educational effectiveness
• Develop new features and learning tools
• Conduct educational research (with anonymized data)
• Optimize platform performance and user experience
• Ensure security and prevent fraudulent activities

Communication:

• Send important account and service updates
• Provide customer support and technical assistance
• Deliver educational content and study reminders
• Notify about new features and improvements
• Respond to inquiries and feedback

3. Payment Processing

4. Information Sharing and Disclosure

Limited Sharing Situations:

• Educational Partners: Teachers, schools, and educational institutions (with proper authorization)
• Service Providers: Technical vendors who help operate our platform (Stripe, Supabase, Vercel)
• Legal Compliance: When required by law, court order, or regulatory authority
• Safety Protection: To prevent fraud, abuse, or threats to user safety
• Business Transfers: In case of merger, acquisition, or sale of business assets
• Explicit Consent: When you specifically authorize information sharing

Data Processing Agreements:

All third-party service providers must sign comprehensive data processing agreements that include:

• Strict data protection and security requirements
• Limitations on data use to authorized purposes only
• Compliance with applicable privacy laws (GDPR, CCPA, etc.)
• Regular security audits and compliance verification
• Immediate data deletion upon service termination

5. Children's Privacy (COPPA/FERPA Compliance)

Children Under 13:

• Parental consent required before data collection
• Minimal data collection limited to educational purposes
• No behavioral advertising or tracking
• Enhanced deletion rights for parents
• Direct communication with parents for safety concerns

Educational Records (FERPA):

• Student educational records receive special protection
• Access limited to authorized educational personnel
• Parents can access and request correction of educational records
• Directory information handling per school policies
• Transfer procedures for changing schools

6. Data Security

Technical Safeguards:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication for accounts
• Regular security audits and penetration testing
• Automated threat detection and response
• Secure development practices and code reviews

Organizational Measures:

• Role-based access controls and regular access reviews
• Employee background checks and confidentiality agreements
• Privacy and security training for all staff
• Incident response plan and breach notification procedures
• Regular compliance audits and certifications

Compliance Certifications:

• SOC 2 Type II compliance
• Privacy Shield successor framework
• Educational technology security standards
• International data protection certifications

7. International Data Transfers

We may transfer your personal information to countries outside your residence for processing and storage. We ensure appropriate safeguards are in place:

• Adequacy decisions for countries with equivalent protection
• Standard contractual clauses for international transfers
• Additional security measures for sensitive data
• Regular assessment of destination country data protection laws

8. Your Privacy Rights

Universal Rights:

• Access: Request a copy of all personal information we hold about you
• Correction: Update or correct inaccurate personal information
• Deletion: Request deletion of your account and personal data
• Portability: Receive your data in a structured, machine-readable format
• Opt-out: Unsubscribe from marketing communications
• Restriction: Limit how we process your personal information

How to Exercise Your Rights:

• Email us at info@mapleielts.com with your request
• Use our online privacy request form
• Access your account settings for basic updates
• Contact our support team for assistance
• Response time: 30 days maximum (may extend to 60 days for complex requests)

9. California Privacy Rights (CCPA)

California residents have additional privacy rights under the California Consumer Privacy Act:

• Right to Know: Categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of sale of personal information (we don't sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices
• Authorized Agent: Designate someone to make requests on your behalf

10. European Privacy Rights (GDPR)

EU/EEA residents have comprehensive rights under the General Data Protection Regulation:

• Lawful Basis: All processing based on legitimate legal grounds
• Consent Withdrawal: Withdraw consent for processing at any time
• Object to Processing: Object to processing based on legitimate interests
• Automated Decision-Making: Right not to be subject to automated decisions
• Supervisory Authority: Right to lodge complaints with data protection authorities

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your educational experience. OurCookie Policy provides detailed information about our cookie practices.

Cookie Categories:

• Essential: Required for platform functionality and security
• Performance: Help us understand how you use our platform
• Functional: Remember your preferences and settings
• Analytics: Measure and improve platform effectiveness

You can manage cookie preferences through your browser settings or our cookie preference center.

12. Data Retention

We retain personal information only as long as necessary for educational purposes and legal compliance:

Retention Periods:

• Account Information: Duration of account plus 1 year
• Educational Records: Up to 7 years for academic continuity
• Payment Records: 7 years for tax and regulatory compliance
• Support Records: 3 years for quality improvement
• Security Logs: 1 year for fraud prevention

Deletion Procedures:

• Automatic deletion upon retention period expiry
• User-requested deletion processed within 30 days
• Secure deletion from all systems and backups
• Legal hold exceptions for ongoing legal proceedings

13. Automated Decision Making and Profiling

We use automated systems to enhance your educational experience, but you always have control:

• Learning Analytics: Automated assessment of learning progress and recommendations
• Content Personalization: Customized study plans based on performance data
• Fraud Detection: Automated security monitoring for account protection
• Human Override: You can always request human review of automated decisions
• Opt-out Options: Disable automated recommendations while maintaining core functionality

14. Data Breach Procedures

Response Timeline:

• Detection: Immediate investigation and containment
• Assessment: Risk evaluation within 24 hours
• Notification: User notification within 72 hours for high-risk breaches
• Regulatory Reporting: Authority notification per legal requirements
• Support: Ongoing assistance and monitoring for affected users

15. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements:

• Notification Methods: Email notice to registered users and website banner
• Advance Notice: 30 days notice for material changes
• Version History: Previous versions available upon request
• Continued Use: Using our services after changes indicates acceptance
• Opt-out: Right to close account if you disagree with changes

16. Contact Information

For any questions about this Privacy Policy or to exercise your privacy rights, please contact us: