Privacy Policy

Controller: DELFOnline
Email: privacy@delfonline.com
Website: https://delfonline.com

DELFOnline is the controller of the personal data it collects through its platform and this website.

DELFOnline collects the following personal data:

Registration data:
- Full name
- Email address
- Password (stored encrypted, never in plain text)

Profile and progress data:
- Declared and assessed French level
- Exercise history and scores
- Learning preferences
- Achievements and usage statistics

Payment data (managed by Stripe):
- DELFOnline does not store credit card details. Payments are processed directly by Stripe under their own privacy and security policies.

Usage data:
- IP address
- Browser and device type
- Pages visited and session duration
- Technical and analytics cookies

Contact data:
- Messages sent via the contact form
- Email correspondence

We process your personal data for the following purposes:

a) Service delivery: Managing your account, providing access to platform content and features, personalising your learning experience and tracking your progress.

b) Payment management: Processing subscriptions and payments via Stripe, managing renewals and cancellations.

c) Service communications: Sending you notifications related to your account, service changes and essential subscription communications.

d) Marketing communications (with consent): Sending newsletters, DELF/DALF/TCF preparation tips and platform updates. You may withdraw consent at any time.

e) Analysis and improvement: Analysing platform usage to improve our content and features.

f) Legal obligations: Complying with our legal obligations and responding to requests from competent authorities.

Processing of your data is based on:

- Contract performance: For processing necessary to provide the service you have contracted.
- Consent: For sending marketing communications and the use of non-essential cookies. You may withdraw consent at any time.
- Legitimate interest: For analysing platform usage and improving the service.
- Legal obligation: For complying with our fiscal and legal obligations.

We retain your personal data for as long as necessary for the described purposes:

- Account data: While your account is active. If you delete your account, data will be erased within 90 days unless retention is required by law.
- Payment data: According to applicable tax regulations (typically 5–7 years).
- Contact data: 3 years from the last communication.
- Anonymous usage data: May be retained indefinitely.

DELFOnline may share your data with the following categories of third parties:

Service providers:
- Supabase (database and infrastructure): Data stored on EU servers.
- Stripe (payments): Payment processing. See Stripe's privacy policy.
- Anthropic (AI tutor): Processing of chatbot queries. Messages are transmitted anonymously without unnecessary identifying data.

We do not sell, rent or transfer your personal data to third parties for commercial purposes.

Transfers outside the UK/EU: When we use providers with servers outside the UK/European Economic Area, we ensure appropriate safeguards are in place (standard contractual clauses, adequacy decisions, etc.).

As a DELFOnline user, you have the following rights regarding your personal data:

- Right of access: You may request a copy of the data we hold about you.
- Right to rectification: You may request correction of inaccurate or incomplete data.
- Right to erasure ('right to be forgotten'): You may request deletion of your data when it is no longer necessary.
- Right to restriction: You may request that we restrict processing of your data in certain circumstances.
- Right to data portability: You may request your data in a structured, commonly used format.
- Right to object: You may object to processing based on legitimate interest or for marketing purposes.

To exercise any of these rights, contact us at: privacy@delfonline.com

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK, or your national data protection authority in the EU.

DELFOnline uses cookies to improve your experience. The types of cookies we use are:

Technical cookies (essential): Required for platform operation (user session, language preferences). No consent required.

Analytics cookies: Help us understand how users interact with the platform to improve it. We use anonymous, aggregated analytics.

Preference cookies: Remember your personal settings and preferences.

You can manage your cookie preferences through your browser settings. Disabling technical cookies may affect platform functionality.

DELFOnline implements appropriate technical and organisational measures to protect your personal data:

- Password encryption using modern algorithms (bcrypt)
- Encrypted communications via HTTPS/TLS
- Restricted internal access to data
- Regular security reviews
- Regular data backups
- Robust password policy for system access

In the event of a security breach affecting your data, we will notify you in accordance with GDPR/UK GDPR timeframes.

DELFOnline is not directed at children under 16. We do not knowingly collect personal data from children under 16 without the verifiable consent of their parents or legal guardians.

If you are a parent or guardian and believe your child has provided personal data to DELFOnline without your consent, please contact us at privacy@delfonline.com to arrange deletion of that data.

DELFOnline reserves the right to modify this Privacy Policy at any time. Changes take effect upon publication on the Platform.

For material changes affecting your rights, we will notify you by email at least 15 days in advance.

The date of the last update always appears at the top of this document.

For any query, rights request or complaint relating to the processing of your personal data, you can contact us:

Email: privacy@delfonline.com
Subject: 'Data Protection — [your request]'

Response time: We respond to rights requests within a maximum of 30 calendar days.