Daryn.online Privacy Policy

1. What data we collect

We collect only the data necessary for registration, authentication, provision of educational services, payments, user support, security and stable operation of the platform.

• Registration and contact data: first name, last name, phone number, email address, password or other technical data required for authentication.
• Profile data: profile photo, region, school, grade, learning interests and other information that the user adds to their account.
• Learning data: selected courses, schedule, learning progress, test results, completed assignments, attendance, certificates and activity history on the platform.
• Technical data: IP address, device type, operating system, app version, browser, interface language, cookies, session tokens, error logs and interaction data.
• Payment data: payment status, amount, tariff, transaction identifier and transaction status. Full bank card details are processed by the payment provider and are not stored in an open form on Daryn.online.
• Files and images: profile photos, documents, images, attachments or other materials that the user uploads while using service features.
• Location data: region or other location information if the user provides such data or allows access to it in device settings.

2. How we use data

Personal, learning and technical data is used only to operate the platform, provide services, communicate with users, protect accounts and comply with legal requirements.

• Creating, maintaining and protecting the user account.
• Providing access to courses, lessons, tests, schedules, certificates, the personal account and other platform features.
• Verifying the user, maintaining authentication and preventing unauthorized access.
• Processing payments, confirming purchases, maintaining transaction history and providing access to purchased products.
• Communicating with the user about learning, technical support, security, notifications and service changes.
• Personalizing content, recommendations, region, interface language and user experience.
• Analytics, improving service quality, fixing errors, testing new features and improving app stability.
• Preventing fraud, abuse, violations of platform rules and security threats.
• Fulfilling contractual obligations, internal platform rules and requirements of the laws of the Republic of Kazakhstan.

3. When and with whom we share data

We do not sell users’ personal data. Data may be shared with third parties only in limited cases when it is necessary for service operation, provision of educational services, payment processing, technical support, analytics, security or compliance with legal requirements.

• Payment providers — to process payments, confirm transactions, refunds and financial operations.
• Cloud and hosting providers — to store data, ensure stable platform operation, backup and protect infrastructure.
• Analytics and technical monitoring services, including Google Tag Manager — to analyze service performance, fix errors and improve app quality.
• Educational organizations, partners, curators, teachers or administrators — if necessary to provide educational services to the user.
• Support services and contractors — only to the extent necessary to process user requests and maintain the service.
• Government authorities — only where required by applicable law.
• Other third parties — only with the user’s consent or at the user’s direct request.

4. Cookies, analytics and technical identifiers

The platform may use cookies, browser local storage, authentication tokens and other technical identifiers to sign users in, save user settings, provide security and analyze service usage.

For analytics and performance measurement, the service may use statistics tools, technical monitoring tools and tag management tools, including Google Tag Manager. This data is used to evaluate platform performance, fix errors and improve service quality.

The user may restrict the use of cookies in browser settings. However, some platform features may not work correctly in this case.

5. Device permissions and access to features

The mobile application and related web features request only those permissions that are necessary for a specific user action.

• Internet access is used to connect to Daryn.online services and synchronize account data.
• Access to photos, files or images is used only when the user uploads a profile photo, document, image or other file.
• Location access is used only after the user gives permission, for example to determine the region or configure certain service features.
• Push notifications may be used to send information about lessons, schedules, tests, reminders, important changes and service messages.
• If new app features require additional permissions, their use will be accompanied by a system permission request and, where necessary, an update to this Policy.

6. How long we store data

We store user data for as long as necessary to operate the account, provide access to educational products, fulfill obligations to the user, process requests, ensure security and comply with legal requirements.

After account deletion or receipt of a confirmed deletion request, data is deleted or anonymized within a reasonable period, except for information that must be retained by law, accounting requirements, dispute resolution, fraud prevention, security purposes or confirmation of provided services.

7. How we protect data

The Company takes organizational and technical measures to protect personal data from loss, alteration, disclosure, blocking, copying, misuse and unauthorized access.

• Restricting access to data only to authorized employees, contractors and administrators.
• Using secure data transmission channels and authentication tools.
• Monitoring technical errors, suspicious activity and unauthorized access attempts.
• Storing data in infrastructure and services intended for secure platform operation.
• Regularly updating technical and organizational protection measures as the service develops.

8. User rights

The user has the right to request access to their personal data, correction of inaccurate information, account deletion, restriction of data processing in cases provided by law, and withdrawal of previously given consent if processing is based on consent.

The user may change some data directly in the personal account. For other requests, the user should contact us using the details provided in the “Data privacy contacts” section.

9. Account and data deletion

The user may request deletion of the account and related personal data through available app features, where such a feature is provided, or by sending a request to help@daryn.online.

The request should include the phone number or email address linked to the account so that the Company can identify the user and process the request.

After the request is confirmed, the account and related personal data will be deleted or anonymized, except for data that must be retained under legal, accounting, security, dispute resolution or service confirmation requirements.

10. Children’s data

The platform is also intended for students. If the user has not reached the age at which they can independently provide legally valid consent under applicable law, registration, use of paid features and transfer of certain data must be carried out with the involvement of a parent, legal representative, school or another authorized adult.

If the Company learns that a minor’s data was provided in violation of applicable requirements, such data may be restricted, corrected or deleted upon request of the legal representative.

11. Changes to this Policy

The Company may update this Privacy Policy when service functionality, legal requirements, data processing procedures or the set of technical services used by the platform changes.

The current version of the Policy is published on the /privacy-policy page. Continued use of the platform after publication of the updated version means that the user has read the new version of the document.

12. Data privacy contacts