Privacy Policy

1. Information We Collect

We collect information you provide directly when creating an account or using our services:

Account Data: Name, email address, country, and password (hashed). If you sign in with Google, we receive your name, email, and profile photo from Google.

Learning Data: Courses purchased, quiz scores, completion records, certificates earned, XP, streaks, and badges.

Payment Data: Processed by Stripe. We do not store credit card numbers. We retain Stripe customer IDs and transaction records.

Usage Data: Pages visited, features used, device type, browser, and IP address (for security and analytics).

2. How We Use Your Information

We use your data to: provide and improve our services; process payments; issue and verify certificates; manage giveaway entries and prize drawings; send transactional emails (purchase confirmations, certificate notifications); and maintain security.

3. Data Sharing

We do not sell your personal data. We share data only with: Stripe (payment processing), Supabase (database hosting), and Vercel (application hosting). Certificate verification pages are publicly accessible by design - they display your name, course title, score, and certificate ID.

4. Certificates & Public Information

When you earn a certificate, a public verification page is created at groow.io/verify/[cert-id]. This page displays your name, course title, score, and date. This is by design - certificates are meant to be shareable and verifiable. You can request removal by contacting us.

5. Data Security

We implement industry-standard security measures including: encrypted connections (HTTPS), hashed passwords, row-level security on our database, and secure API key management. No system is 100% secure, but we take reasonable measures to protect your data.

6. Cookies

We use essential cookies for authentication (keeping you logged in). We do not use advertising cookies or sell cookie data to third parties.

7. Your Rights

You can: access your data through your account settings; update your profile information at any time; request deletion of your account and associated data; and export your certificate data. To exercise these rights, email contact@cometsweb3.space.

8. Data Retention

Account data is retained for as long as your account is active. Certificates are retained indefinitely to support ongoing verification. Payment records are retained as required by law. You may request account deletion at any time.

9. Children's Privacy

Groow is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us.

10. Changes & Contact

We may update this policy periodically. We will notify users of material changes via email. For questions, contact contact@cometsweb3.space.