+1781-467-9740 info@visnavigans.com
Login Sign Up
Login Sign Up

Privacy and your data

What we collect, what we do with it, what we don't do, and your rights. Short version: we collect what's needed to deliver the service and nothing else.

What we collect

Account info

  • Name and email (from registration)
  • Password hash (not the password itself — we never see it in plain text)
  • Profile info you enter (photo, bio, skills, links)
  • Role (mentee / mentor)

Usage info

  • Which courses you've enrolled in, which lessons you've watched
  • Sessions you've booked or delivered
  • Cart contents, wishlist contents
  • Your notifications, messages, reviews, comments
  • Support tickets you've opened

Payment info

  • Transaction records (amount, item, date) — required for tax and accounting.
  • NOT your card number — Stripe handles all card data. We get back a token that represents "this user's card" but can't reconstruct the card number, CVV, or expiry from it.

Technical info

  • IP address (for security — spotting suspicious logins)
  • Browser and OS version (for analytics and support)
  • Session cookies (for login state)

What we don't collect

  • We don't track you around the web with tracking pixels outside our domain.
  • We don't sell your data to anyone.
  • We don't use your content to train AI models.
  • We don't share your email or phone with third parties for marketing.

What we share with

Mentors you interact with

If you book with a mentor, they see your name, email, profile photo, and the message you sent with the booking. They need this to deliver the session. They don't see your payment details or purchase history on other mentors' products.

Service providers we use

  • Stripe — for payments. Stripe sees your card info (they store it) and your name/email.
  • Zoom — for live sessions. Zoom sees your name/email to generate meeting rooms.
  • Bunny CDN — for video hosting. Anonymous IP-based access only.
  • Email provider — for transactional emails. Sees your email + email contents.

Each of these has their own privacy policy and is contractually bound to use your data only for the service they provide us.

Nobody else

We don't share with data brokers, advertisers, or random partners. If law enforcement sends a valid court order, we comply with minimal disclosure.

Your rights

Access your data

Open a support ticket requesting a data export. We send a ZIP with:

  • Account info as JSON
  • Purchase history as CSV + PDF invoices
  • Messages as text files
  • Reviews and comments as JSON
  • Any files you uploaded (profile photo, etc.)

Delivered within 30 days (usually within a week).

Correct your data

Most data is editable directly in your Account Settings. For anything you can't edit yourself (e.g. an invoice with a typo), open a support ticket.

Delete your data

Use the account deletion flow (see "Deleting your account"). Some records are retained for legal reasons even after deletion, but they're anonymised.

Object to processing

Most data processing is necessary for the service — we can't deliver without it. For anything non-essential (marketing emails, analytics), you can opt out in Account Settings → Notifications.

Portability

The data export above is machine-readable and includes everything you'd need to move to another platform.

How long we keep data

  • While your account is active — indefinitely.
  • After deletion — profile and personal data deleted within 30 days.
  • Financial records — retained 7 years for tax compliance (as required by most jurisdictions).
  • Support tickets and dispute records — retained 3 years after resolution.
  • Anonymised usage stats — retained indefinitely for platform analytics.

Security

  • All data in transit is TLS-encrypted (HTTPS).
  • Passwords are hashed with bcrypt — even we can't read your password.
  • Payment card data never hits our database; Stripe's PCI-compliant infrastructure handles it.
  • Regular security audits and penetration testing.
  • Breach notification within 72 hours if anything affects your data.

Cookies

See "Cookies" for the full breakdown of what we use and how to manage them.

Children

Our platform is for users 16 and older. If we discover a minor account we delete it. Parents/guardians concerned their child made an account: contact support.

Changes to this

If our privacy practices materially change, we notify you in-app and by email at least 30 days before the change takes effect.

Contact

For privacy-specific questions: support ticket with subject "Privacy inquiry". For GDPR/legal requests: same.

Related

  • "Deleting your account" — most extreme privacy action
  • "Cookies" — specifics on what we store in your browser

Share On :

Account & Privacy

Resetting Your Password

Changing Your Email Address

Deleting Your Account

Privacy And Your Data

>