Loading...

Privacy Policy

Last Updated: Thursday, January 1, 2026 00:00 UTC

1. Introduction

Polku ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

  • Name and contact information (email address, phone number)
  • Account credentials (username, password)
  • Profile information (bio, experience, qualifications for teachers)
  • Payment information (processed securely through third-party providers)
  • Communication data (messages, support tickets)

2.2 Usage Information

We automatically collect certain information about your device and usage:

  • IP address and location data
  • Browser type and version
  • Device information
  • Pages visited and time spent on pages
  • Referring website addresses
  • Booking and transaction history

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. You can instruct your browser to refuse cookies or indicate when a cookie is being sent.

3. How We Use Your Information

We use the collected information for various purposes:

  • Providing and maintaining our Service
  • Processing bookings and transactions
  • Communicating with you about your account and bookings
  • Sending promotional materials (with your consent)
  • Improving and personalizing your experience
  • Analyzing usage patterns and trends
  • Preventing fraud and ensuring platform security
  • Complying with legal obligations

4. Information Sharing and Disclosure

4.1 With Other Users

When you book a lesson, your basic profile information is shared with the teacher (and vice versa). This includes name, profile photo, and relevant contact information.

4.2 With Service Providers

We may share your information with third-party service providers who perform services on our behalf:

  • Payment processors
  • Email service providers
  • Cloud hosting providers
  • Analytics services

4.3 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Security measures include:

  • Encryption of data in transit and at rest
  • Regular security audits
  • Access controls and authentication
  • Secure password hashing
  • Regular software updates and patches

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request transfer of your data to another service
  • Objection: Object to processing of your information
  • Restriction: Request restriction of processing
  • Withdrawal: Withdraw consent for data processing

8. Minor's Data (COPPA/GDPR-K Compliance)

8.1 General Policy

Our Service is not intended for direct account registration by users under the age of 13. We comply with COPPA (US Children's Online Privacy Protection Act) and GDPR-K (EU GDPR provisions for minors), and apply the following policies:

8.2 Data Collection from Children Under 13

We do not knowingly collect personal data from children under 13. Users under 13 cannot create their own accounts.

8.3 Beneficiary Profiles

Students under 13 are added as "beneficiary profiles" managed by a parent/guardian or teacher:

  • Beneficiary profile data is managed through the parent/guardian account
  • Parents/guardians can access, correct, and delete beneficiary data
  • Parents/guardians may request deletion of beneficiary data at any time
  • Beneficiary data is used only for booking and lesson provision purposes

8.4 Parent/Guardian Responsibilities

Parents/guardians are responsible for:

  • Maintaining the accuracy of beneficiary profile information
  • Appropriate management of beneficiary data
  • Exercising rights on behalf of the beneficiary (data access, deletion, etc.)

8.5 Contact Us

For questions about data for children under 13 or to request data deletion, please contact us via AI chat support.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

10. GDPR Compliance (EEA/UK Residents)

10.1 Data Controller

Polku Learning LLC is the data controller for personal data collected through this service.

Data Protection Officer (DPO): [email protected]

10.2 Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide our services, process bookings, and manage your account
  • Legitimate Interest: To improve our services, prevent fraud, and ensure platform security
  • Consent: For marketing communications and optional features
  • Legal Obligation: To comply with applicable laws and regulations

10.3 Your GDPR Rights

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Restrict Processing: Limit how we use your data
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

10.4 Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in your jurisdiction. For EEA residents, you may contact your local Data Protection Authority. For UK residents, you may contact the Information Commissioner's Office (ICO) at ico.org.uk.

11. CCPA Compliance (California Residents)

11.1 Notice at Collection

This section applies to California residents under the California Consumer Privacy Act (CCPA). In the past 12 months, we collected the following categories of personal information:

  • Identifiers: Name, email address, phone number
  • Commercial Information: Booking history, purchase records
  • Internet Activity: Browsing history on our platform, device information
  • Professional Information: Teacher qualifications, bio (for teachers)

11.2 Your CCPA Rights

California residents have the right to:

  • Right to Know: Request disclosure of what personal information is collected, used, or shared
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt-out of the "sale" or "share" of personal information

11.3 We Do Not Sell Your Information

We do not sell, rent, or share your personal information for cross-context behavioral advertising. We do not use your personal information for purposes that are materially different from those disclosed in this policy without your consent.

11.4 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. We will not deny, charge different prices, or provide different levels of service based on your exercise of these rights.

12. Payment Processing (Stripe Connect)

Payment processing on Polku is handled entirely by Stripe, Inc. ("Stripe"). We do not store, process, or have access to your complete payment card information on our servers.

12.1 What We Store

  • Stripe Customer ID (a reference identifier)
  • Transaction history for accounting and support purposes
  • Last 4 digits of card number (for display purposes only, retrieved from Stripe)

12.2 What Stripe Handles

  • Full card number, CVV, and expiration date
  • Payment authentication and fraud prevention
  • Receipt generation and delivery
  • Invoice generation (including tax-compliant invoices)
  • Subscription management
  • Tax calculation (Stripe Tax)

12.3 PCI DSS Compliance

By using Stripe, we minimize our PCI DSS compliance scope. Stripe is certified as a PCI Level 1 Service Provider, the highest level of certification available. For more information, please see Stripe's Privacy Policy at stripe.com/privacy.

12.4 Stripe Connect (Teacher Payments)

When you pay for lessons, payments are processed directly through the teacher's Stripe Connect account. Teachers are independent merchants who receive payments directly. Polku charges a platform fee but does not handle the actual payment processing or store payment details.

13. Cookies and Tracking Technologies

13.1 Types of Cookies We Use

  • Essential Cookies: Required for the website to function (session management, authentication). Cannot be disabled.
  • Functional Cookies: Remember your preferences and settings. Can be disabled.
  • Analytics Cookies: Help us understand how you use our service (anonymous, aggregated data). Can be disabled.
  • Marketing Cookies: Used to deliver relevant advertisements. Require consent.

13.2 Cookie Duration

  • Session cookies: Deleted when you close your browser
  • Persistent cookies: Remain for up to 2 years, depending on the type

13.3 Managing Cookies

You can manage cookies through your browser settings. Note that disabling essential cookies may affect the functionality of our service. Most browsers allow you to block, delete, or refuse cookies.

14. Automated Decision-Making and Profiling

We do not use fully automated decision-making or profiling that produces legal effects or significantly affects you. Any decisions about your account or access to services involve human review.

15. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Significant changes will be communicated via email.

16. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us via AI chat support:

GDPR Compliance

We are committed to GDPR compliance. Your data rights are important to us.
Back to Home View Terms
We use cookies for analytics. Privacy Policy