1Introduction and Acceptance

Welcome to Creative Taleem ("Company," "we," "us," or "our"). This Privacy Policy explains how Creative Taleem Pakistan, operated under the laws of the Islamic Republic of Pakistan, collects, uses, discloses, stores, and protects your personal information when you use our website (www.creativetaleem.app), mobile applications, and related educational services (collectively, the "Services").

By accessing or using our Services, you explicitly acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, you must immediately discontinue use of our Services.

This Privacy Policy applies to all users of our Services, including students, parents, guardians, educators, and any other individuals who access our platform. We reserve the right to modify this policy at any time, and your continued use of our Services constitutes acceptance of any modifications.

2Data Controller Information

Data Controller: Creative Taleem Pakistan

Registered Address: Lahore, Punjab, Pakistan

Email: privacy@creativetaleem.app

Support Email: support@creativetaleem.app

Phone: +92 319 0632512

As the data controller, we determine the purposes and means of processing your personal data. We are responsible for ensuring that your data is processed lawfully, fairly, and transparently.

3Information We Collect

We collect various types of information to provide and improve our Services. Below is a comprehensive list of all data we collect:

3.1 Personal Information (Provided Directly by You)

When you register for an account or use our Services, we collect:

Full Legal Name: Your complete name as provided during registration
Gender: Male, Female, or Other as selected by you
Email Address: Your primary email for account communication and verification
Phone Number: Your mobile/contact number for SMS notifications and account recovery
Password: Encrypted and securely stored for account access
Province: Your province of residence (Punjab, Sindh, KPK, Balochistan, Islamabad, GB, AJK)
City: Your city of residence for content localization
Educational Level: Intermediate or Entry Test category
Class/Grade: 11th, 12th, or specific entry test (MDCAT, ECAT, FAST, NUST)
Academic Stream: FSc, ICS, Pre-Medical, Pre-Engineering, Statistics, Physics
Student Type: Fresher or Repeater status
Board Type: Same Board or Different Board
Referral Source: How you heard about us (Social Media, Friends, Teacher, Google, YouTube)

3.2 Technical and Device Information (Automatically Collected)

We automatically collect certain technical information when you access our Services:

IP Address: Your Internet Protocol address for security, fraud prevention, and geographic analytics
Device Information: Device type, model, manufacturer, operating system, and version
Browser Information: Browser type, version, language settings, and plugins
Screen Resolution: Display dimensions for optimal content rendering
Device Identifiers: Unique device IDs, advertising IDs, and hardware identifiers
Network Information: Internet service provider, connection type (WiFi/Mobile), network carrier
Time Zone: Your local time zone for scheduling and notifications
Language Preferences: System and browser language settings

3.3 Usage and Behavioral Data

Login History: Date, time, location, and device used for each login
Session Duration: Time spent on the platform and individual pages
Course Progress: Videos watched, lessons completed, time spent on each topic
Quiz and Test Results: Answers submitted, scores, time taken, attempt history
Navigation Patterns: Pages visited, features used, click patterns
Search Queries: Terms searched within the platform
Content Interactions: Videos played, paused, rewound, notes created, bookmarks saved
Download History: Materials downloaded, including date and time

3.4 Payment and Transaction Data

Transaction History: All purchases, subscriptions, and payment attempts
Payment Method: Type of payment used (JazzCash, EasyPaisa, Bank Transfer, Card)
Billing Information: Name on payment method, billing address if applicable
Transaction IDs: Unique identifiers for each transaction
Invoice Records: Generated invoices and receipts
Refund History: Any refund requests and their status

Note: We do NOT store complete credit/debit card numbers, CVV codes, or bank account details. All payment processing is handled by secure third-party payment processors (JazzCash, EasyPaisa, bank payment gateways) who maintain PCI-DSS compliance.

3.5 Communication Data

Support Tickets: All communications with our support team
Chat Messages: Messages exchanged with teachers or support staff
Email Correspondence: Emails sent to or received from us
Feedback and Reviews: Any feedback, ratings, or reviews you provide
Survey Responses: Answers to any surveys or questionnaires

3.6 Third-Party Authentication Data

If you sign up or log in using Google OAuth:

Google Account Email: Your Google email address
Google Account Name: Your name as registered with Google
Google Profile Picture: Your Google profile image (if available)
Google User ID: Unique identifier from Google for account linking

4How We Use Your Information

We use the collected information for the following purposes:

4.1 Service Delivery and Operations

Create, authenticate, and manage your user account
Provide access to courses, video lectures, quizzes, and study materials
Track your learning progress and generate performance reports
Customize content based on your educational level, board, and preferences
Process payments and manage subscriptions
Generate certificates upon course completion
Provide customer support and respond to inquiries

4.2 Personalization and AI-Powered Features

Analyze your performance to identify weak areas and recommend study materials
Create personalized study plans based on your progress and goals
Adjust quiz difficulty based on your performance (adaptive learning)
Recommend courses and content relevant to your interests
Generate AI-powered notes and summaries tailored to your learning style

4.3 Communication

Send account-related notifications (password resets, security alerts)
Provide updates about your courses and learning progress
Send promotional emails about new courses, features, and offers (with opt-out option)
Deliver important announcements about exam dates, board updates, and educational news
Send SMS notifications for OTP verification and important alerts

4.4 Security and Fraud Prevention

Monitor for unauthorized access, suspicious activities, and security threats
Detect and prevent fraud, abuse, and violations of our terms
Verify user identity and prevent account sharing violations
Protect against spam, malware, and other harmful content
Maintain platform integrity and ensure fair use

4.5 Analytics and Improvement

Analyze usage patterns to improve our Services
Conduct research and development for new features
Measure the effectiveness of our content and teaching methods
Generate aggregated, anonymized statistics for business analysis
Test new features and conduct A/B testing

4.6 Legal and Compliance

Comply with applicable laws, regulations, and legal processes
Respond to lawful requests from government authorities
Enforce our Terms of Service and other policies
Protect our legal rights and defend against claims
Maintain records as required by tax and financial regulations

5Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent: You have given explicit consent for processing (e.g., marketing communications)
Contract Performance: Processing is necessary to fulfill our contract with you (e.g., providing educational services)
Legal Obligation: Processing is required to comply with applicable laws
Legitimate Interests: Processing is necessary for our legitimate business interests, provided they do not override your rights

6Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your data only in the following circumstances:

6.1 Service Providers

We engage trusted third-party companies to perform services on our behalf:

Payment Processors: JazzCash, EasyPaisa, bank payment gateways for processing transactions
Cloud Hosting: Servers and data storage providers
Analytics Providers: For understanding usage patterns (Google Analytics)
Email/SMS Services: For sending notifications and communications
Customer Support Tools: For managing support tickets
CDN Providers: For content delivery and performance optimization

All service providers are contractually obligated to protect your data and use it only for the specific purposes we authorize.

6.2 Legal Requirements

We may disclose your information if required by law or in response to:

Valid court orders or subpoenas
Government or law enforcement requests
Legal proceedings or investigations
Protection of our legal rights or property
Prevention of fraud, security threats, or illegal activities

6.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website of any such change and your options regarding your data.

6.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

7Data Security

We implement comprehensive security measures to protect your personal information:

7.1 Technical Safeguards

SSL/TLS Encryption: All data transmitted between your device and our servers is encrypted
Password Hashing: Passwords are encrypted using industry-standard bcrypt hashing
Database Encryption: Sensitive data is encrypted at rest
Secure Authentication: Multi-factor authentication options available
Regular Security Audits: Periodic vulnerability assessments and penetration testing
Firewall Protection: Network-level security to prevent unauthorized access
DDoS Protection: Measures to prevent denial-of-service attacks

7.2 Organizational Safeguards

Access to personal data is restricted to authorized personnel only
Employees undergo security awareness training
Non-disclosure agreements with all staff handling personal data
Regular review of access permissions and security policies
Incident response procedures for data breaches

Important: While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials.

8Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

8.1 Retention Periods

Account Information: Retained while your account is active and for 3 years after account deletion
Course Progress and Certificates: Retained for 5 years after account deletion for verification purposes
Transaction Records: Retained for 7 years as required by tax and financial regulations
Support Communications: Retained for 3 years after resolution
Marketing Preferences: Retained until you opt out or account deletion
Log Data and IP Addresses: Retained for 1 year for security purposes
Anonymized Analytics Data: May be retained indefinitely

8.2 After Account Deletion

Upon account deletion request, we will delete or anonymize your personal information within 30 days, except for data we are legally required to retain or data necessary to protect our legal interests.

9Your Rights

You have the following rights regarding your personal information:

9.1 Right to Access

You can request a copy of all personal data we hold about you. We will provide this information within 30 days of your request.

9.2 Right to Rectification

You can update or correct your personal information through your account settings or by contacting us.

9.3 Right to Deletion

You can request deletion of your account and personal data. Visit our Account Deletion page to submit a deletion request.

9.4 Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format.

9.5 Right to Object

You can object to processing of your personal data for direct marketing purposes.

9.6 Right to Withdraw Consent

Where processing is based on consent, you can withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

9.7 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@creativetaleem.app. We may require identity verification before processing your request.

10Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

10.1 Types of Cookies We Use

Essential Cookies: Required for basic site functionality (authentication, security)
Preference Cookies: Remember your settings (theme, language)
Analytics Cookies: Help us understand how visitors use our site
Marketing Cookies: Used to deliver relevant advertisements (with consent)

10.2 Managing Cookies

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our Services.

10.3 Do Not Track

Our website does not currently respond to "Do Not Track" signals from browsers.

11Children's Privacy

Our Services are intended for users aged 13 years and above. We do not knowingly collect personal information from children under 13 without parental consent.

For users between 13-18 years of age, we recommend that parents or guardians supervise their use of our Services and review this Privacy Policy with them.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child under 13, please contact us immediately at privacy@creativetaleem.app.

GDPR Compliance (For European Union Users Only)

⚠️ IMPORTANT: This section applies ONLY to users located in the European Union (EU), European Economic Area (EEA), and United Kingdom (UK). If you are not located in these regions, this section does not apply to you.

If you are a resident of the European Union, European Economic Area, or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

Additional Rights for EU/EEA/UK Users

Right to Restriction of Processing: You can request that we limit how we use your data
Right to Lodge a Complaint: You can file a complaint with your local data protection authority
Right to Object to Automated Decision-Making: You can object to decisions made solely by automated means

International Data Transfers

Your data may be transferred to and processed in Pakistan, where our servers are located. By using our Services from the EU/EEA/UK, you consent to this transfer. We implement appropriate safeguards including Standard Contractual Clauses to protect your data during international transfers.

Data Protection Officer

For GDPR-related inquiries, you can contact our designated point of contact at: gdpr@creativetaleem.app

Supervisory Authority

If you are unsatisfied with our response to your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities can be found at: European Data Protection Board

13Third-Party Services and Links

Our Services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these external sites.

Third-party services we integrate with include:

Google (OAuth authentication, Analytics)
JazzCash and EasyPaisa (Payment processing)
YouTube (Embedded educational videos)
Cloud storage providers

We encourage you to review the privacy policies of any third-party services you access through our platform.

14Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification of Changes:

For minor changes, we will update the "Last Updated" date at the top of this policy
For significant changes, we will provide prominent notice on our website and/or send an email notification
We will seek your consent for material changes where required by law

Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.

!Disclaimer and Limitation of Liability

While we take all reasonable steps to protect your personal information, we make no guarantees, representations, or warranties regarding the absolute security of your data. You acknowledge and agree that:

You provide your personal information at your own risk
We are not liable for any unauthorized access, use, or disclosure of your information due to factors beyond our reasonable control
You are responsible for maintaining the security of your account credentials
We are not responsible for data breaches caused by third-party service providers
Our total liability for any claims related to this Privacy Policy is limited to the amount you paid us in the 12 months preceding the claim

This limitation of liability applies to the maximum extent permitted by applicable law.

16Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries: privacy@creativetaleem.app

General Support: support@creativetaleem.app

GDPR Inquiries (EU Users): gdpr@creativetaleem.app