PRIVACY POLICY

This Privacy Policy explains what personal data is collected when you use the website located at: https://edumio.ai/ (the “Service”), how such personal data will be processed.

BY USING THE SERVICE, YOU PROMISE US THAT (I) YOU HAVE READ, UNDERSTAND AND AGREE TO THIS PRIVACY POLICY, AND (II) YOU ARE OVER 16 YEARS OF AGE (OR THE MINIMUM AGE REQUIRED UNDER APPLICABLE LAW, WHICHEVER IS GREATER), OR HAVE HAD YOUR PARENT OR GUARDIAN READ AND AGREE TO THIS PRIVACY POLICY FOR YOU. If you do not agree, or are unable to make this promise, you must not use the Service. In such case, you must (a) contact us and request deletion of your data; (b) delete the App from your device or leave the Service and not access or use it; and (c) cancel any active subscriptions or trials.

Any translation from the English version is provided for your convenience only. In the event of any difference in meaning or interpretation between the English language version of this Privacy Policy available at https://edumio.ai/privacy-policy, and any translation, the English language version will prevail. The original English text shall be the sole legally binding version.

“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

“EEA” includes all current member states to the European Union, the European Free Trade Association and the Central European Free Trade Agreement. For the purpose of this policy EEA shall include the United Kingdom of Great Britain and Northern Ireland.

Terms not defined in this policy shall have the meanings set out in the GDPR, unless stated otherwise.

TABLE OF CONTENTS

1. CATEGORIES OF PERSONAL DATA: HOW WE COLLECT, WHY WE PROCESS, AND ON WHAT LEGAL BASIS

2. WITH WHOM WE SHARE YOUR PERSONAL DATA

3. HOW YOU CAN EXERCISE YOUR PRIVACY RIGHTS

4. ADDITIONAL INFORMATION FOR EEA-BASED USERS

5. ADDITIONAL INFORMATION FOR THE U.S.-BASED USERS

6. BRAZIL DATA SUBJECT RIGHTS

7. AGE LIMITATION

8. INTERNATIONAL DATA TRANSFERS

9. DATA RETENTION

10. CHANGES TO THIS PRIVACY POLICY

11. PERSONAL DATA CONTROLLER AND CONTACTS

We may collect your personal data from you directly, fully or partially automatically, or from third parties, through our website or mobile apps, forms, call center, e-mail, phone, mail/courier, social media, app stores, in-person or online interactions, push notifications, integrations with third-party services, in-app analytics, and any other channels we may use in the future.

For more details on how we collect data, the nature and purpose of its processing, and the legal basis for processing, see below.

Type of personal dataNature and Purpose of processingLegal basis for processing
Data you give us
Email addressIf you decide to register or make a purchase on the Service, we will ask you to provide an email address. We use it to provide access to the Service, send transactional emails such as invoices and subscription renewals, and communicate with you about the Service (for example, reminders or notifications about new features). To opt out of receiving push notifications, you need to change the settings on your device. To opt out of receiving emails, you should click the unsubscribe link in the footer of each email. We may also process your email for our marketing campaigns. As a result, you will receive information about our products, such as special offers or new features and products available on the Service. If you do not want to receive marketing emails from us, you can unsubscribe following instructions in the footer of the marketing emails.To perform our contract with you. Without your email address we cannot provide our Service to you or provide you customer support. Compliance with legal obligations regarding transactional emails and/or our legitimate interest to send you such emails. Your consent in case of marketing emails.
NameIf you choose to provide your name, we use it to display in your profile and to issue virtual certificates upon successful course completion. Providing your name is voluntary.Your consent.
PhotoIf you choose to upload a photo to your profile, we use it to display in your profile. Providing a photo is voluntary.Your consent.
Age and onboarding answersWe process your age bracket and the answers you provide during onboarding (quiz/survey responses, general persona traits such as hobby and digital skills) to adjust the content of the Service and provide content tailored to your personal preferences. As a result of such processing, you get access, for example, to a learning experience designed for your goals.To perform our contract with you. Without your age and onboarding answers we cannot customize your experience.
Data we collect automatically
Device and system dataWe collect data from your device. Examples of such data include: IDFV, UUID and other unique identifiers, browser type, device type and model and hardware specifications, display and system settings (screen resolution, system language), operating system version, Internet service provider and mobile carrier, Facebook ID and other social media identifiers. We also record the ads in our Service with which you interact (and the Internet links to which those ads lead).To perform our contract with you. We cannot provide you access to the Service without collecting some device data. Our legitimate interest to analyse your interaction with the ads and to better understand what categories of users use our Services. As a consequence, we often decide how to improve the Service based on the results obtained from this processing.
IP address and time stamp dataWe collect your IP address and time stamp and time zone to provide access to the Service, ensure security, and tailor the Service to your region.To perform our contract with you and our legitimate interest to ensure security of the Service.
Referring App or URLWe collect data about your referring app or URL (that is, the app or place on the Web where you were when you tapped/clicked on our ad).Our legitimate interest to estimate the efficiency of our ads.
Usage dataWe record how you interact with our Service. For example, we log what pages you have viewed, the features and content you interact with, how often you use the Service, how long you are on the Service, your purchases, and your interactions with ad campaigns. We also collect performance and stability logs (crash reports, load times).Our legitimate interest to better understand our business, analyze our operations, maintain, improve, innovate, plan, design, and develop the Service and our new products. We also use such data for statistical analysis purposes, to test and improve our offers.
Transaction dataWhen you make payments through the Service, you need to provide financial account data, such as your credit card number, to our third-party service providers. We do not collect or store full credit card number data, though we may receive credit card-related data, data about the transaction, including: date, time and amount of the transaction, the type of payment method used.To perform our contract with you. Without transaction data we cannot process your payments for the Service.
CookiesA cookie is a small text file that is stored on a user’s computer for record-keeping purposes. Cookies can be either session cookies or persistent cookies. A session cookie expires when you close your browser and is used to make it easier for you to navigate our Service. A persistent cookie remains on your hard drive for an extended period of time. We also use tracking pixels that set cookies to assist with delivering online advertising. Cookies are used, in particular, to automatically recognize you the next time you visit our Service. As a result, the information, which you have earlier entered in certain fields on the Service may automatically appear the next time when you use our Service. Cookie data will be stored on your device and most of the times only for a limited time period.To perform our contract with you – in case of necessary cookies. Without necessary cookies we will not be able to provide you access to the Service. Our legitimate interest in collecting statistics to enhance our Service and ads and/or your consent – in case of cookies that are not necessary.
Data provided by third parties
Google account personal dataWhen you decide to log in using Google, we receive personal data from your Google Account: name, email address, profile picture associated with your Google Account. You can revoke access provided to us on Apps Permissions page. To know more about how Google processes your data, visit its Privacy Policy.To perform our contract with you. If you choose to log in using Google account, we cannot provide our Service to you without processing your Google account personal data.
Advertising IDsWe collect your Apple Identifier for Advertising (“IDFA”), Identifier for Vendor (“IDFV”) or Google Advertising ID (“GAID”) (depending on the operating system of your device) when you access our Service from a mobile device. You can typically reset these numbers through the settings of your device’s operating system (but we do not control this).Our legitimate interest in making ads more relevant for users.

2. WITH WHOM WE SHARE YOUR PERSONAL DATA

We share information with third parties that help us operate, provide, improve, integrate, customize, support, and market our Service. We may share some sets of personal data, in particular, for purposes indicated in Section 1 of this Privacy Policy. The types of third parties we share information with include, in particular:

2.1. Service providers

We share personal data with third parties that we hire to provide services or perform business functions on our behalf, based on our instructions. We may share your personal information with the following types of service providers:

Categories of Third Party recipientNature of Third Party RecipientCategories of personal information shared
Cloud storage service providersProviders of cloud infrastructure and storage solutions used to securely host, store, and manage data (e.g. Amazon Web Services).All categories of personal data mentioned in Section 1
Gateway service providers and payment processorsProviders enabling payment processing, transaction authorization, and secure handling of payment-related data (e.g. Solidgate, PayPal and Stripe).Identifiers Onboarding and product usage data Commercial information Device and geolocation data
Data analytics providersProviders of analytics tools and services used to analyze usage patterns, measure performance, and improve services (e.g. Amplitude, Microsoft Clarity).All categories of personal data mentioned in Section 1
Communication service providersProviders enabling delivery of communications such as emails, notifications, messages, and customer support interactions (e.g. Zendesk, Firebase).Identifiers Onboarding and product data Online activity Commercial information Device and Geolocation data Conversation with us Purchases data
Marketing partnersThird-party partners assisting with marketing activities, including campaign distribution, targeting, and performance measurement (e.g. Google Ads, Facebook Ads).Identifiers Advertising IDs Onboarding and product data Online activity Commercial information Purchases data

2.2. Law enforcement agencies and other public authorities

We may use and disclose personal data to enforce our Terms and Conditions of Use, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, and to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, or in other cases provided for by law.

2.3. Third parties as part of a merger or acquisition

As we develop our business, we may buy or sell assets or business offerings. Customers’ information is generally one of the transferred business assets in these types of transactions. We may also share such information with any affiliated entity (e.g. parent company or subsidiary) and may transfer such information in the course of a corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

2.4. Affiliates

We may share your personal information with our partner organizations that are part of our corporate group – these are companies that are owned by, own, or are jointly-owned with us. These partner organizations will use the information in ways that align with this Privacy Policy, ensuring that your privacy is respected and protected across all our affiliated services.

3. HOW YOU CAN EXERCISE YOUR PRIVACY RIGHTS

To be in control of your personal data, you have the following rights:

  • Accessing / reviewing / updating / correcting your personal data. You may review, edit, or change the personal data that you had previously provided on the Service.

  • Deleting your personal data. You can request erasure of your personal data as permitted by law. When you request deletion of your personal data, we will use reasonable efforts to honor your request. In some cases, we may be legally required to keep some of the data for a certain time; in such event, we will fulfill your request after we have complied with our obligations.

  • Objecting to or restricting the use of your personal data. You can ask us to stop using all or some of your personal data or limit our use thereof.

  • How to opt out or influence personalized advertising

    • iOS: On your iPhone or iPad, go to Settings > Privacy > Apple Advertising and deselect Personalized Ads.

    • Android: To opt-out of ads on an Android device, go to Settings > Privacy > Ads and enable Opt out of Ads personalization. In addition, you can reset your advertising identifier in the same section (this also may help you to see less of personalized ads).

    • macOS: On your MacBook, you can disable personalized ads: go to System Preferences > Security & Privacy > Privacy, select Apple Advertising, and deselect Personalized Ads.

    • Windows: On your laptop running Windows 10, you shall select Start > Settings > Privacy and then turn off the setting for Let apps use advertising ID to make ads more interesting to you based on your app activity. If you have other Windows version, please follow the steps available on the Microsoft account ad settings page.

  • In addition, you may get useful information and opt out of some interest-based advertising, by visiting the following links:

To exercise your rights, please provide a request that includes sufficient detail to verify your identity and clearly describe the right you wish to exercise at contact@metilexlimited.com. We will only use the personal data provided in a request to verify your identity and respond to it.

Responses will be provided within the time limits required by applicable law. We may refuse requests that are manifestly unfounded, repetitive, or excessive, in which case we will explain our decision.

4. ADDITIONAL INFORMATION FOR EEA-BASED USERS

If you are based in the EEA, you have the following rights:

  • Access – obtain information about the personal data we hold about you and receive a copy of it.

  • Rectification – request correction of inaccurate or incomplete data.

  • Erasure – ask for your data to be deleted from our systems.

  • Withdraw Consent – where processing is based on consent, revoke that consent at any time.

  • Portability – receive your data in a structured, machine-readable format and have it transferred to another controller, where technically feasible.

  • Object – oppose processing of your data for certain purposes, such as direct marketing.

  • Restriction – request that we limit further processing of your data.

  • Complaint – lodge a complaint with a data protection authority in your country or member state (applicable for EU countries).

To exercise any of your privacy rights, please send a request at contact@metilexlimited.com. Where available, you may also exercise certain rights through tools or settings provided directly within the Service.

5. ADDITIONAL INFORMATION FOR THE U.S.-BASED USERS

Depending on the state in which you reside (including but not limited to California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, and other states to the extent they enact privacy laws), you may be entitled to specific privacy rights under state law. These rights apply only to the extent that the relevant state privacy law is applicable to you and to our processing of your personal data. The scope of these rights can vary, and they may be subject to legal conditions or exceptions. If you are uncertain whether these rights apply to you or would like further clarification, you may reach out to us at contact@metilexlimited.com.

For California residents, this also serves as our California Notice at Collection.

The definition of “Personal Information” may vary by state law. Generally, it refers to “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household”. Terms mentioned in this Section shall have the meanings set out in the respective state privacy laws.

Categories of Personal Information We Collect and Share

The table below outlines the categories of Personal Information we collect and the third parties with whom such data may be shared. For more details, refer to Section 1. Please note that certain categories of such personal information may qualify as sensitive personal information as defined under applicable U.S. privacy laws.

Categories of Third Party recipientCategories of personal information shared
Cloud storage service providersAll categories of personal data mentioned in Section 1
Gateway service providers and payment processorsIdentifiers Onboarding and product usage data Commercial information Device and geolocation data
Data analytics providersAll categories of personal data mentioned in Section 1
Communication service providersIdentifiers Onboarding and product data Online activity Commercial information Device and Geolocation data Conversation with us Purchases data
Marketing partnersIdentifiers Advertising IDs Onboarding and product data Online activity Commercial information Purchases data

Why we use personal information

We process Personal Information for the following purposes:

  • To provide and maintain our Services, including account creation, authentication, and access management.

  • To improve user experience through personalized content, recommendations, and service customization.

  • To process payments, subscriptions, and transactions.

  • To conduct analytics and research for product development and service enhancements.

  • To communicate with users, including customer support, service updates, and promotional offers.

  • To prevent fraud, security threats, and unauthorized activities.

  • To comply with legal and regulatory requirements.

For additional details, refer to our Section 1.

What Personal Information We Share

In addition to the table above, our Privacy Policy provides further details regarding the categories of third parties with whom we share Personal Information (see Section 2).

Certain state privacy laws, such as those in California require us to disclose the categories of Personal Information that we have shared with third parties for business purposes over the past 12 months. During this period, we have disclosed all categories of Personal Information outlined in the “Categories of Personal Information We Collect” section for business purposes. For example, we may share IP addresses and device identifiers with service providers that assist us with crash monitoring and reporting.

Some U.S. states grant residents the right to opt out of sharing their Personal Information with third parties in exchange for valuable consideration (which may be classified as a “sale” or “share” under state privacy laws, even if no monetary transaction occurs). If you reside in one of these states and would like to limit the disclosure of your Personal Information to third parties for advertising or marketing purposes, please refer to the “Your Rights” section below.

Privacy laws in some U.S. states broadly define the term “sale” and “share” to include sharing of information via cookies, pixels, and similar tracking technologies for certain targeted advertising activities. We do not sell Personal Information for monetary compensation. However, when you visit our websites, we and our advertising partners may collect device data and behavioral insights through tracking technologies, which could be interpreted as a “sale” or “sharing” under state laws, even if no money is exchanged. We do not knowingly engage in sales, sharing, or targeted advertising using the personal information of individuals under 18.

Your Rights

Certain U.S. state privacy laws grant residents specific rights regarding their personal information. If you reside in a state with such laws, your rights may include:

Right to Data Portability/Access – you may have the right to request access to the specific pieces of personal information we have collected about you in the 12 months preceding your request. Where applicable, we may provide this data in an electronic, portable, and readily usable format.

Right to Know – you may be entitled to receive information regarding the categories of Personal Information we collected, the sources from which we collected Personal Information, the purposes for which we collected and shared Personal Information, the categories of Personal Information that we sold and the categories of third parties to whom the Personal Information was sold, and the categories of Personal Information that we disclosed for a business purpose in the 12 months preceding your request.

Right to Deletion – you may have the right to request that we delete the personal information we have collected from you. We will use commercially reasonable efforts to fulfill your request, subject to applicable laws. However, we may be required to retain certain information for legitimate business purposes or as required by law.

Right to Correction/Rectification – you may have the right to request correction of inaccurate personal data.

Right to Limit the Use of Sensitive Personal Information – certain states provide the right to restrict how businesses use sensitive personal information.

Right to Withdraw Consent – where applicable, you have the right to withdraw your consent for data collection and sharing.

Opt-out of Data Sharing – you may have the right to opt out of certain uses of your personal information, including:

  • The “sale” or “sharing” of your personal information as defined under state privacy laws.

  • The use of your personal information for targeted advertising.

To opt out, you can:

  • Visit our “Do Not Sell/Share My Personal Data” form.

  • Use a legally recognized opt-out mechanism, such as the Global Privacy Control (GPC) signal, when accessing our websites.

  • Submit a request via our support team.

Non-Discrimination

You have the right to exercise your privacy rights without fear of discrimination or retaliation. However, we may provide different levels of service or pricing based on the value of your personal information, as permitted by applicable law.

Submitting a Request

To exercise any of the available privacy rights, please send a request to contact@metilexlimited.com or use the privacy features available in our products.

Verification. To ensure that we properly process your requests regarding your rights, we are required to verify your identity. The verification process may vary depending on the type of request and the Service you use. It may include confirming details such as your name, age, email address, date of subscription purchase, date of last activity, date of account creation, or other relevant Service usage data that reasonably identify you as the account owner. We may also request additional proof of identity if necessary, but we strive to minimize the information required. For certain requests, we may send a verification code or link to authenticate your identity.

Authorized Agent. You may designate an authorized agent to exercise your rights on your behalf. If you have provided the authorized agent with a valid power of attorney, we will work directly with them to process your request. If a power of attorney or similar authorization has not been provided, we will contact you directly to confirm the agent’s authority and collect the necessary verification information. The authorized agent must verify both their own identity and that of the consumer they are representing.

Responses will be provided within the time limits required by applicable law. We may refuse requests that are manifestly unfounded, repetitive, or excessive, in which case we will explain our decision.

Appeals

In certain states, if your request is denied, you have the right to appeal. An appeal must provide enough information to identify the original request and state the grounds for the appeal. We will review and respond within the timeframe set out in applicable laws. If the appeal is again denied, you may escalate the matter to your state’s Attorney General.

Data Retention

We retain the categories of personal information listed above as reasonably necessary to fulfill the purposes outlined in this notice, unless a longer retention period is required or permitted by law. In many situations, we must retain all, or a portion, of your personal information to comply with legal obligations, resolve disputes, enforce our agreements, protect against fraudulent, deceptive, or illegal activity, or for another one of our business purposes.

6. BRAZIL DATA SUBJECT RIGHTS

In accordance with Article 18 of the General Personal Data Protection Law (“LGPD”) the following rights are stipulated for individuals in Brazil:

  • Confirmation of the existence of processing;

  • Access to personal data;

  • Correction of incomplete, inaccurate, or outdated data;

  • Anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data;

  • Portability of data to another service or product provider, upon express request, in accordance with Brazilian regulations and subject to commercial and industrial secrecy;

  • Deletion of personal data processed with the data subject’s consent, except in the cases provided for in Article 16 of the LGPD;

  • Information on public and private entities with which personal data has been shared;

  • Information about the possibility of refusing consent and the consequences of such refusal;

  • Revocation of consent, pursuant to Article 8(5) of the LGPD.

You can submit a request to exercise these rights at contact@metilexlimited.com. Please note that in certain circumstances, full compliance with a request may not be possible (for example, if the request is manifestly unfounded, impractical, affects the rights of others, or is not required by law). In such cases, a response will still be provided to inform the requester of the decision.

7. AGE LIMITATION

We do not knowingly process personal data from persons under 16 years of age. If you learn that anyone younger than 16 has provided us with personal data, please contact us.

8. INTERNATIONAL DATA TRANSFERS

We may transfer personal data to countries other than the country in which the data was originally collected in order to provide the Service set forth in the Terms and Conditions of Use and for purposes indicated in this Privacy Policy. If these countries do not have the same data protection laws as the country in which you initially provided the information, we deploy special safeguards.

In particular, if we transfer personal data originating from the EEA to countries with not adequate level of data protection, we use one of the following legal bases: (i) Standard Contractual Clauses approved by the European Commission, or (ii) the European Commission adequacy decisions about certain countries.

9. DATA RETENTION

We will store your personal data for as long as it is reasonably necessary for achieving the purposes set forth in this Privacy Policy (including providing the Service to you). We will also retain and use your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

10. CHANGES TO THIS PRIVACY POLICY

We may modify this Privacy Policy from time to time. If we decide to make material changes to this Privacy Policy, you will be notified by available means such as email and will have an opportunity to review the revised Privacy Policy. By continuing to access or use the Service after those changes become effective, you agree to be bound by the revised Privacy Policy.

11. PERSONAL DATA CONTROLLER AND CONTACTS

Metilex Limited, a company registered under the laws of the Republic of Cyprus, having its registered office at Florinis, 7, Greg Tower, 2nd Floor, 1065, Nicosia, Cyprus, will be the controller of your personal data.

You may contact us at any time for details regarding this Privacy Policy and its previous versions. For any questions concerning your account or your personal data please contact us at contact@metilexlimited.com.

Effective as of: 13 May 2026