Privacy Policy

Last Updated: 30-Oct-2025
Effective Date: 30-Oct-2025

This Privacy Policy explains how Nihoner.com (“Nihoner”, “we”, “us”, “our”) collects, uses, discloses, and protects your personal data when you use https://nihoner.com (the “Service”).

By using the Service, you acknowledge this Policy. If you do not agree, please discontinue use.


1. Controller

Controller: Nihoner.com
Operated by: Edgar Yepremyan
Address: ul. Aleje Jerozolimskie 65/79, 00-697 Warszawa, Mazowieckie, Poland
Email: [email protected] (sole official privacy contact)
Phone: +48 22 500 10 20

We process personal data in accordance with:

  • EU/EEA General Data Protection Regulation (GDPR),
  • UK GDPR,
  • California Consumer Privacy Act as amended by CPRA (CCPA/CPRA),
  • Brazil General Data Protection Law (LGPD),
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA),
  • Japan’s Act on the Protection of Personal Information (APPI),
  • China’s Personal Information Protection Law (PIPL), and
  • Other applicable global privacy and data protection laws.

2. Scope & Definitions

This Privacy Policy applies to all visitors, users, and customers of Nihoner.com worldwide.

Personal Data: Information relating to an identified or identifiable natural person (GDPR “personal data”, CCPA “personal information”).
Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion).
Controller: Entity that determines the purpose and means of processing (Nihoner).
Processor: Third party that processes data on behalf of Nihoner under a binding contract.
Data Subject: The individual whose data is processed (you).
Applicable Law: GDPR, UK GDPR, CCPA/CPRA, LGPD, PIPEDA, APPI, PIPL, Australia Privacy Act, and others.


3. Data We Collect

We may collect:

  • Identity Data: Name, username, display name.
  • Contact Data: Email, billing address, country, phone (optional).
  • Login Credentials: Passwords (securely hashed + salted).
  • Payment Data: Transaction IDs, billing metadata, subscription plan, status. (Processed by Stripe/PayPal, not stored by us.)
  • Device & Usage Data: IP address, browser/device type, activity logs, referrer, session duration, error logs, consent choices.
  • Support Data: Messages or tickets submitted via forms, email, or chat.
  • Cookies & Tracking Data: Via cookies, pixels, SDKs, and tracking tools (see Cookie Policy).
  • User-Generated Content (UGC): Notes, posts, comments, messages, uploads.

Special Categories: Nihoner does not collect sensitive data (health, biometrics, religion, political beliefs). If provided by mistake, it will be erased.


4. How We Collect Data

  • Directly: Registration, purchase, form submission, community use.
  • Automatically: Cookies, analytics, device logs, security monitoring.
  • From Processors: Payment & infrastructure providers return metadata.
  • UGC: Any voluntary contributions you publish.

5. Purposes & Legal Bases

We process personal data only as allowed by law.

PurposeLegal Basis (GDPR)
Account setup, login, course accessContract Art. 6(1)(b)
Payments, billing, tax recordsContract + Legal obligation Art. 6(1)(b)(c)
Fraud prevention & securityLegitimate interests Art. 6(1)(f)
Customer supportContract Art. 6(1)(b)
Analytics, performance improvementsLegitimate interests Art. 6(1)(f); Consent Art. 6(1)(a) where required
Marketing emailsConsent Art. 6(1)(a); Legitimate interests Art. 6(1)(f) where allowed
Enforcement of Terms & Community GuidelinesLegitimate interests Art. 6(1)(f)

6. Consent Management

  • Consent is obtained through CookieYes banners, opt-in checkboxes, or explicit settings.
  • You may withdraw consent at any time. Withdrawal does not affect lawful processing already performed.
  • Audit-proof: CookieYes stores secure consent logs as evidence for regulators.

7. Sharing & Recipients

We do not sell personal data. We share only with vetted processors:

  • Payments: Stripe, PayPal
  • Infrastructure & Hosting: Cloudflare, EU hosting providers
  • Analytics: Google Analytics (consent-based), Microsoft Clarity, or privacy-friendly tools
  • Email/CRM: Mailchimp, MailerLite, SendGrid, Brevo

Subprocessors may change. We update our Subprocessor List (Credits & Licenses) and notify users of material changes where required.


8. International Transfers

  • Where available, transfers rely on EU adequacy decisions.
  • Otherwise, we use Standard Contractual Clauses (SCCs) with supplementary safeguards.
  • For China and Japan, transfers comply with PIPL/APPI rules.

9. Retention

We retain data only as long as necessary:

Data TypeRetention
Account dataActive + 90 days
Payment/tax records5–10 years
Support tickets2 years after closure
Learning historyDeleted at account deletion
Backups30–90 days
Anonymized dataIndefinite

Records may be retained longer if legally required (e.g., tax audits).


10. Automated Processing & Profiling

We use limited profiling to recommend learning content or detect misuse.

  • No automated decisions have legal or significant effects.
  • GDPR Art. 22 rights are respected.

11. Your Rights

Depending on your jurisdiction, you may:

  • Access, correct, delete, restrict, or port data (GDPR/UK GDPR/LGPD/PIPEDA).
  • Opt out of “sale”/sharing (CCPA/CPRA — we do not sell data).
  • Object to processing (GDPR Art. 21).
  • Withdraw consent.
  • File a complaint with your supervisory authority (e.g., UODO in Poland).

Verification of identity may be required.


12. Security

We apply strict safeguards:

  • SSL/TLS encryption,
  • Hashed + salted passwords,
  • Access controls, monitoring,
  • Data minimization.

Limitation: Nihoner is not liable for breaches caused by user negligence (weak passwords, phishing, malware).


13. Children’s Privacy

  • Not directed to children under 16 (EU), 13 (U.S.), or other local limits.
  • Users under 18 require verified parental consent and supervision.
  • Unauthorized underage accounts will be terminated, and data erased (GDPR Art. 17).

14. Law Enforcement & Breach Notification

  • We may disclose data if required by law, court, or regulator.
  • In case of a breach likely to risk rights, Nihoner will notify affected users and regulators without undue delay (GDPR Art. 33–34).

15. Global Privacy Rights

  • EEA/UK: GDPR rights fully respected.
  • California: CCPA/CPRA rights (know, delete, correct, opt out, non-discrimination).
  • Brazil: LGPD rights (access, correct, anonymize, delete).
  • Canada: PIPEDA rights (access, correct).
  • Australia: Privacy Act rights.
  • Japan (APPI): Right to request suspension of use/disclosure.
  • China (PIPL): Safeguards for cross-border transfers.
  • Other jurisdictions: honored where legally required.

16. Third-Party Links & Embedded Services

  • We may include YouTube, Stripe, PayPal, Google Analytics, Microsoft Clarity, Mailchimp, Brevo, Vimeo, social platforms, and APIs.
  • We do not control third-party sites or services.
  • Your use is governed by their terms/policies.
  • Third-party scripts may track users; this is outside our control.
  • Nihoner disclaims liability for damages, losses, or disputes arising from third-party use.

17. Business Transfers

If Nihoner is acquired, merged, or reorganized, data may transfer to the successor entity.

  • Successors must apply equivalent or stronger safeguards.
  • Users will be notified if required by law.

18. Cookies & Tracking

  • Necessary cookies: Always active.
  • Analytics cookies: With consent.
  • Marketing cookies: With consent.

CookieYes manages consents, blocks non-essential cookies, and logs all preferences securely.


19. Changes to Policy

We may revise this Policy at any time.

  • “Last Updated” date shows latest revision.
  • Material changes will be announced via notice/email.
  • Continued use = acceptance.

20. Contact

For privacy requests or complaints: