Last Updated: 30-Oct-2025
Effective Date: 30-Oct-2025
This Privacy Policy explains how Nihoner.com (“Nihoner”, “we”, “us”, “our”) collects, uses, discloses, and protects your personal data when you use https://nihoner.com (the “Service”).
By using the Service, you acknowledge this Policy. If you do not agree, please discontinue use.
1. Controller
Controller: Nihoner.com
Operated by: Edgar Yepremyan
Address: ul. Aleje Jerozolimskie 65/79, 00-697 Warszawa, Mazowieckie, Poland
Email: [email protected] (sole official privacy contact)
Phone: +48 22 500 10 20
We process personal data in accordance with:
- EU/EEA General Data Protection Regulation (GDPR),
- UK GDPR,
- California Consumer Privacy Act as amended by CPRA (CCPA/CPRA),
- Brazil General Data Protection Law (LGPD),
- Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA),
- Japan’s Act on the Protection of Personal Information (APPI),
- China’s Personal Information Protection Law (PIPL), and
- Other applicable global privacy and data protection laws.
2. Scope & Definitions
This Privacy Policy applies to all visitors, users, and customers of Nihoner.com worldwide.
Personal Data: Information relating to an identified or identifiable natural person (GDPR “personal data”, CCPA “personal information”).
Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion).
Controller: Entity that determines the purpose and means of processing (Nihoner).
Processor: Third party that processes data on behalf of Nihoner under a binding contract.
Data Subject: The individual whose data is processed (you).
Applicable Law: GDPR, UK GDPR, CCPA/CPRA, LGPD, PIPEDA, APPI, PIPL, Australia Privacy Act, and others.
3. Data We Collect
We may collect:
- Identity Data: Name, username, display name.
- Contact Data: Email, billing address, country, phone (optional).
- Login Credentials: Passwords (securely hashed + salted).
- Payment Data: Transaction IDs, billing metadata, subscription plan, status. (Processed by Stripe/PayPal, not stored by us.)
- Device & Usage Data: IP address, browser/device type, activity logs, referrer, session duration, error logs, consent choices.
- Support Data: Messages or tickets submitted via forms, email, or chat.
- Cookies & Tracking Data: Via cookies, pixels, SDKs, and tracking tools (see Cookie Policy).
- User-Generated Content (UGC): Notes, posts, comments, messages, uploads.
Special Categories: Nihoner does not collect sensitive data (health, biometrics, religion, political beliefs). If provided by mistake, it will be erased.
4. How We Collect Data
- Directly: Registration, purchase, form submission, community use.
- Automatically: Cookies, analytics, device logs, security monitoring.
- From Processors: Payment & infrastructure providers return metadata.
- UGC: Any voluntary contributions you publish.
5. Purposes & Legal Bases
We process personal data only as allowed by law.
| Purpose | Legal Basis (GDPR) |
|---|---|
| Account setup, login, course access | Contract Art. 6(1)(b) |
| Payments, billing, tax records | Contract + Legal obligation Art. 6(1)(b)(c) |
| Fraud prevention & security | Legitimate interests Art. 6(1)(f) |
| Customer support | Contract Art. 6(1)(b) |
| Analytics, performance improvements | Legitimate interests Art. 6(1)(f); Consent Art. 6(1)(a) where required |
| Marketing emails | Consent Art. 6(1)(a); Legitimate interests Art. 6(1)(f) where allowed |
| Enforcement of Terms & Community Guidelines | Legitimate interests Art. 6(1)(f) |
6. Consent Management
- Consent is obtained through CookieYes banners, opt-in checkboxes, or explicit settings.
- You may withdraw consent at any time. Withdrawal does not affect lawful processing already performed.
- Audit-proof: CookieYes stores secure consent logs as evidence for regulators.
7. Sharing & Recipients
We do not sell personal data. We share only with vetted processors:
- Payments: Stripe, PayPal
- Infrastructure & Hosting: Cloudflare, EU hosting providers
- Analytics: Google Analytics (consent-based), Microsoft Clarity, or privacy-friendly tools
- Email/CRM: Mailchimp, MailerLite, SendGrid, Brevo
Subprocessors may change. We update our Subprocessor List (Credits & Licenses) and notify users of material changes where required.
8. International Transfers
- Where available, transfers rely on EU adequacy decisions.
- Otherwise, we use Standard Contractual Clauses (SCCs) with supplementary safeguards.
- For China and Japan, transfers comply with PIPL/APPI rules.
9. Retention
We retain data only as long as necessary:
| Data Type | Retention |
|---|---|
| Account data | Active + 90 days |
| Payment/tax records | 5–10 years |
| Support tickets | 2 years after closure |
| Learning history | Deleted at account deletion |
| Backups | 30–90 days |
| Anonymized data | Indefinite |
Records may be retained longer if legally required (e.g., tax audits).
10. Automated Processing & Profiling
We use limited profiling to recommend learning content or detect misuse.
- No automated decisions have legal or significant effects.
- GDPR Art. 22 rights are respected.
11. Your Rights
Depending on your jurisdiction, you may:
- Access, correct, delete, restrict, or port data (GDPR/UK GDPR/LGPD/PIPEDA).
- Opt out of “sale”/sharing (CCPA/CPRA — we do not sell data).
- Object to processing (GDPR Art. 21).
- Withdraw consent.
- File a complaint with your supervisory authority (e.g., UODO in Poland).
Verification of identity may be required.
12. Security
We apply strict safeguards:
- SSL/TLS encryption,
- Hashed + salted passwords,
- Access controls, monitoring,
- Data minimization.
Limitation: Nihoner is not liable for breaches caused by user negligence (weak passwords, phishing, malware).
13. Children’s Privacy
- Not directed to children under 16 (EU), 13 (U.S.), or other local limits.
- Users under 18 require verified parental consent and supervision.
- Unauthorized underage accounts will be terminated, and data erased (GDPR Art. 17).
14. Law Enforcement & Breach Notification
- We may disclose data if required by law, court, or regulator.
- In case of a breach likely to risk rights, Nihoner will notify affected users and regulators without undue delay (GDPR Art. 33–34).
15. Global Privacy Rights
- EEA/UK: GDPR rights fully respected.
- California: CCPA/CPRA rights (know, delete, correct, opt out, non-discrimination).
- Brazil: LGPD rights (access, correct, anonymize, delete).
- Canada: PIPEDA rights (access, correct).
- Australia: Privacy Act rights.
- Japan (APPI): Right to request suspension of use/disclosure.
- China (PIPL): Safeguards for cross-border transfers.
- Other jurisdictions: honored where legally required.
16. Third-Party Links & Embedded Services
- We may include YouTube, Stripe, PayPal, Google Analytics, Microsoft Clarity, Mailchimp, Brevo, Vimeo, social platforms, and APIs.
- We do not control third-party sites or services.
- Your use is governed by their terms/policies.
- Third-party scripts may track users; this is outside our control.
- Nihoner disclaims liability for damages, losses, or disputes arising from third-party use.
17. Business Transfers
If Nihoner is acquired, merged, or reorganized, data may transfer to the successor entity.
- Successors must apply equivalent or stronger safeguards.
- Users will be notified if required by law.
18. Cookies & Tracking
- Necessary cookies: Always active.
- Analytics cookies: With consent.
- Marketing cookies: With consent.
CookieYes manages consents, blocks non-essential cookies, and logs all preferences securely.
19. Changes to Policy
We may revise this Policy at any time.
- “Last Updated” date shows latest revision.
- Material changes will be announced via notice/email.
- Continued use = acceptance.
20. Contact
For privacy requests or complaints:
- Email: [email protected]
- Address: ul. Aleje Jerozolimskie 65/79, 00-697 Warszawa, Mazowieckie, Poland
- Contact Form: https://nihoner.com/contact/