This Policy applies as between you, the User of this Web Site and Shiminly Inc. the owner and provider of this Web Site. This Policy applies to our use of any and all Data collected by us in relation to your use of the Web Site and any Services or Systems therein.
Shiminly Inc. ("Shiminly," "we," "our," or "us") is committed to protecting the privacy of our learners, parents, educators, and website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your Personal Data when you access our selfpaced lifeskills courses, mobile applications, and related services (collectively, the "Services").
Quick read: We collect only the data we need to run engaging courses, never sell your Personal Data, and give you clear control over your information.
-
Who We Are & How to Contact Us
-
Data We Collect
-
Legal Bases for Processing (USA / UAE / India + GDPR)
-
Cookies & Similar Technologies
-
Disclosure to Third Parties
-
International Transfers & Hosting
-
Data Retention
-
Your Rights & Choices
-
Children & Student Privacy
-
Security Measures
-
SubProcessors
-
Changes to This Policy
-
Contact Information
Shiminly Inc. provides online lifeskills education to learners aged 7 – 18. If you have questions, please email privacy@shiminly.com or write to:Shiminly Inc.293 Boston Post Rd, Suite 301Marlborough, MA 01752, USARegional privacy contacts- EU (GDPR): GDPR@shiminly.com
- India (DPDPA): DPDPA@shiminly.com
- UAE (PDPL): PDPL@shiminly.com
- Account Data
Examples: Name, email, password, age or birth year, school affiliation
Collected When: You register or your school enrolls you
- Course Progress
Examples: Check-in answers, quiz scores, certificates
Collected When: You participate in lessons
- Payment Data
Examples: Last 4 digits of card, transaction ID, billing country
Collected When: You purchase a subscription (processed by secure gateway)
- Device & Usage
Examples: IP address, browser type, pages viewed, time spent
Collected When: You browse our site or app
- Communications
Examples: Support tickets, feedback forms, survey responses
Collected When: You contact us or fill forms
- Marketing Preferences
Examples: Opt-in status, preferred channels
Collected When: You set preferences
We do not intentionally collect governmentissued IDs, precise geolocation, or biometric data.
- Provide the Services
Description: Create accounts, deliver lessons, track progress, issue certificates
Lawful Basis: Contract
- Process Payments
Description: Handle subscription fees, refunds, tax compliance
Lawful Basis: Contract; Legal obligation
- Improve & Secure the Platform
Description: Debug, analyse usage, prevent fraud
Lawful Basis: Legitimate interests
- Communicate with You
Description: Transactional emails, support, policy updates
Lawful Basis: Contract; Legal obligation
- Marketing (opt-in only)
Description: Send newsletters or offers
Lawful Basis: Consent
- Contract: We need certain data to fulfil our agreement with you (e.g., provide courses, process payments).
- Consent: We rely on your consent for optional activities like marketing emails.
- Legitimate Interests: To keep our Services safe and improve them, we process minimal analytics data that does not override your rights.
- Legal Obligation: We retain invoices for tax authorities (USA, UAE VAT, India GST) and comply with childprotection laws.
If GDPR applies, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
- We use strictly necessary cookies to log you in and remember progress, plus optional analytics cookies to improve content. For full details and optout choices, see our Cookie Policy.
We disclose Personal Data only to: - Service providers (e.g., payment gateways, email, cloud hosting) under data processing agreements.
- Subprocessors listed in our SubProcessor Registry (see § 12).
- Legal authorities when required by law or to protect rights.
We do not sell or rent Personal Data.
- Primary hosting: Shiminly’s selfpaced courses are hosted by LearnWorlds, a GDPRcompliant platform located in Cyprus, EU. Course data is stored in EU datacenters.
- US backups & analytics: Some data may be processed in the United States under Standard Contractual Clauses (SCCs).
- Crossborder safeguards: We implement SCCs or equivalent safeguards for transfers to the US and other countries.
We keep:
Account & course data: While you have an active account + 3 years (for reenrolment convenience).
Payment records: 7 years for tax compliance.
Support communications: 2 years.
We anonymize or delete data once retention periods lapse, unless legally required to keep it longer.
Depending on your location, you may have the right to: -
Access the Personal Data we hold about you
-
Request correction or deletion
-
Object to or restrict processing
-
Withdraw consent (marketing)
-
Data portability (GDPR)
To exercise these rights, email privacy@shiminly.com (or the regional address listed above).We may verify your identity before fulfilling any request.
Shiminly is designed for learners aged 7 – 18+. Accounts for children under the digitalconsent age are created and managed by parents, guardians, or schools under a separate student data agreement compliant with COPPA (US), DPDPA (India), and PDPL (UAE). For details, see our Student Privacy Explainer.
We employ:
-
TLS 1.2+ encryption in transit & AES256 at rest
-
Regular penetration testing & vulnerability scans
-
Rolebased access controls & logging
-
Incidentresponse plan with 72hour breach notice (GDPR standard)
A live list of thirdparty subprocessors (e.g., Stripe, AWS) is maintained at SubProcessor Registry. We audit each provider for security and privacy compliance.
We may update this Privacy Policy to reflect changes in law or our practices. Material changes will be announced via email or an inproduct banner 15 days before they take effect.
Questions or concerns? Contact
privacy@shiminly.com or the relevant regional email listed in § 1.
© 2025 Shiminly Inc. All rights reserved.
