Privacy Policy

We adhere to the principle of Data Minimization, meaning we only collect the minimum amount of data necessary to provide and improve our Service.

a) Information You Provide to Us:

• Account & Profile Information: Your name, email address, password, username, university, program of study, and country.
• Academic Information: Details about your courses, assignments, lectures, and study sessions.

b) Information We Collect Automatically:

• Device & Technical Information: Your device's push notification token, platform (iOS/Android), and timezone.
• Usage & Analytics Data (with your consent): If you opt-in, we use Mixpanel to collect usage data, such as features used and events like course_created. We may also infer your country from your IP address.

c) Information from Third Parties:

• Payment Information: When you subscribe, our subscription management provider (RevenueCat) and the underlying payment processors (e.g., Apple App Store, Google Play) act as independent data controllers for your payment information. They provide us with basic, non-sensitive transaction data, such as transaction IDs and subscription status. We do not receive or store your full credit card information.

Under data protection law (like GDPR), we must have a legal basis to process your personal data. We rely on the following:

• Performance of a Contract: We process your account, academic, and device information to provide you with the core features of the Service. This is necessary to fulfill our agreement with you.
• Your Consent: We rely on your explicit, opt-in consent to:
  • Collect usage analytics via Mixpanel. This is presented as an un-checked choice during registration or in your account settings.
  • Send you marketing communications. This is also an un-checked choice.
  You can withdraw your consent for either of these at any time.
• Legal Obligation: We are required to retain basic transaction records for up to 7 years to comply with tax and financial laws.
• Legitimate Interest: We process data for our legitimate interests, such as monitoring for security threats, fixing bugs via Sentry, and responding to your support requests.

We do not sell your personal data. We only share your information with trusted third-party service providers ("subprocessors") who help us operate our Service.

a) Data Storage and International Transfers:

Your data is primarily stored in the UK. Because we are based in Ghana and use service providers in various locations, your data is transferred internationally. We ensure your data is protected during these transfers through legally approved safeguards:

• Ghana to UK/EU: We rely on our subprocessors' implementation of Standard Contractual Clauses (SCCs).
• Transfers to the US: For US-based subprocessors, we rely on their implementation of SCCs and, where applicable, the EU-U.S. Data Privacy Framework.

b) Data Retention:

We keep your data only for as long as necessary for the purpose it was collected.

• Active Data: Retained while your account is active.
• Deleted Account Data: We provide a 7-day restoration period for accidental deletion recovery. After that, your data is permanently deleted from our active systems within 30 days. Data may persist in encrypted disaster-recovery backups for up to 90 days for security purposes.
• Transaction Records: Retained for up to 7 years to comply with legal obligations.

c) Security:

We implement robust security measures, including encryption in transit (TLS) and at rest (AES-256), strict access controls, and secure development practices.

You have rights over your personal data. These include:

• The Right to Access, Rectify, or Erase your data.
• The Right to Data Portability (to download your data).
• The Right to Withdraw Consent. If you withdraw consent for analytics, we will stop collecting usage data going forward. If you withdraw consent for marketing, you will stop receiving promotional emails but will continue to receive essential service communications (e.g., security alerts).
• The Right to Object to Processing based on our legitimate interests.

You can exercise most of these rights directly within your account settings. For other requests, please contact our Privacy Team at legal@myelaro.com.

The Right to Lodge a Complaint: We would appreciate the opportunity to resolve your concerns directly, but you have the right to lodge a complaint with a data protection authority, such as the Data Protection Commission of Ghana or your local supervisory authority.

The Service is not intended for children under 13. For users who are under 13, use of the Service is prohibited. For users between 13 and 17, we require them to represent and warrant that they have obtained permission from a parent or legal guardian.

Parents and guardians have the right to review, update, or request the deletion of their child's data. To exercise these rights, please contact us at support@myelaro.com.

a) Analytics:

We use Mixpanel for analytics based on your explicit consent. We protect your privacy by using pseudonymous identifiers (your user ID is hashed) and not sending personal information like your name or email. You can disable analytics tracking at any time in your app settings.

b) Cookies and Similar Technologies:

• Mobile App: Our app does not use cookies but uses local storage to maintain your session and device identifiers for push notifications.
• Website: Our website (myelaro.com) may use essential cookies for functionality and third-party cookies for services like our support chat.
• Do Not Track: Our Service does not currently respond to "Do Not Track" browser signals, but we offer you direct control over analytics tracking within the app's settings.

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you. While we use algorithms to schedule reminders, you remain in full control of your study schedule.

In the unlikely event of a data breach that poses a high risk to your rights, we will notify the relevant supervisory authority within 72 hours and will notify affected users without undue delay.

Our Service may contain links to third-party websites or resources. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

We may update this Privacy Policy. We will notify you of any significant changes by posting the new policy on this page and through an in-app notification.

If you have any questions about this Privacy Policy or your data, please contact our Privacy Team at: