Privacy Policy

Welcome to Courage Library ("we", "our", or "us"). We operate the website couragelibrary.in and provide an online learning platform for government exam aspirants across India.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform, including our mock test engine, course content, and all related services.

By using Courage Library, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

2.1 Information You Provide Directly

• Account Registration: Email address and password when you sign up via email, or your name and email when you sign in via Google OAuth.
• Profile Information: Full name, date of birth, phone number, gender, address, qualification, target exam, and exam date — collected only during course enrollment.
• Contact Form: Name, email, and message when you submit a support query.
• Payment Information: We do not store card details. Payments are processed by third-party providers. We only store payment status and enrollment validity dates.

2.2 Information Collected Automatically

• Exam Attempt Data: Questions attempted, answers selected, time taken, score, accuracy, and submission timestamps.
• Usage Data: Pages visited, features used, session duration, and click patterns — collected via Google Analytics.
• Device & Technical Data: IP address, browser type, operating system, device type, and screen resolution.
• Session Data: Login timestamps, session tokens, and authentication state managed via Supabase Auth.

2.3 Information from Third Parties

• Google Sign-In: If you use Google OAuth, we receive your name, email address, and profile picture from Google.

We use your information solely to provide and improve our educational services:

1. Account Management: To create and manage your account, authenticate your identity, and maintain session security.
2. Mock Test Engine: To assign questions, record your answers, calculate scores, track attempt history, and display leaderboards.
3. Performance Analytics: To show you accuracy, subject-wise performance, rank comparisons, and improvement trends.
4. Course Access: To verify your enrollment status and grant access to paid or free course content.
5. Communication: To send account verification emails, password reset links, and important platform announcements.
6. Platform Improvement: To analyse usage patterns, fix bugs, and improve the learning experience.
7. Legal Compliance: To comply with applicable Indian laws including the IT Act 2000 and its amendments.

All user data is stored on Supabase, a secure cloud database platform. We implement the following security measures:

• Encryption in Transit: All data between your browser and our servers is encrypted using HTTPS/TLS.
• Encryption at Rest: Database storage is encrypted by Supabase infrastructure.
• Row-Level Security (RLS): Database policies ensure users can only access their own data.
• Authentication: Passwords are never stored in plaintext. We use Supabase Auth with bcrypt hashing.
• Answer Security: Correct answers to exam questions are never transmitted to the client browser during live exams.
• Session Management: Sessions auto-expire and are validated server-side on every request.
• Admin Access Control: Admin features are protected by role-based access with database-level enforcement.

We use the following third-party services that may process your data according to their own privacy policies:

• Supabase (supabase.com): Database, authentication, and backend infrastructure. Data is stored in compliance with global data protection standards.
• Google Analytics & Google Tag Manager: Anonymous usage analytics. No personally identifiable information is sent to Google Analytics.
• Google OAuth (accounts.google.com): Optional sign-in method. We receive only your name and email from Google upon login.
• Formspree (formspree.io): Contact form submissions are processed by Formspree and delivered to our support email.
• WhatsApp (wa.me): Used only for direct user-initiated support conversations. No data is sent automatically.
• Google Maps: Embedded map for our physical learning centre location. Subject to Google's privacy policy.
• Font & Icon CDN (cdnjs, Google Fonts): Fonts and icons loaded from CDN services may log your IP address as part of standard CDN operation.

We do not share your personal data with these services beyond what is strictly necessary for their intended function.

We use the following types of cookies and local storage:

• Authentication Cookies: Supabase stores your session token in browser localStorage to keep you logged in across visits. These are essential for platform functionality.
• Analytics Cookies: Google Analytics sets cookies to track anonymous usage statistics. These do not contain personally identifiable information.
• Preference Storage: We may store your exam preferences and UI settings in localStorage for a better experience.

We do not use advertising cookies, tracking pixels, or third-party behavioural targeting cookies of any kind.

You can clear cookies and localStorage at any time through your browser settings. Note that clearing authentication cookies will log you out of the platform.

As a user of Courage Library, you have the following rights regarding your personal data:

• Right to Access: You can request a copy of all personal data we hold about you.
• Right to Correction: You can update your profile information at any time through your account settings.
• Right to Deletion: You can request deletion of your account and all associated data. We will process deletion requests within 30 days.
• Right to Data Portability: You can request an export of your exam history and performance data in a readable format.
• Right to Withdraw Consent: You can withdraw consent for optional data processing such as analytics at any time.
• Right to Lodge a Complaint: If you believe your data rights have been violated, you may contact us directly or lodge a complaint with the relevant Indian data protection authority.

To exercise any of these rights, please contact us at support@couragelibrary.in with the subject line "Data Rights Request".

Courage Library is an educational platform intended for users aged 16 years and above, as our content is designed for government exam aspirants who are typically 18–30 years of age.

We do not knowingly collect personal information from children under the age of 13. If we become aware that a child under 13 has provided us with personal information, we will delete such information immediately.

If you are a parent or guardian and believe your child has provided personal information to us, please contact us at support@couragelibrary.in and we will take prompt action.

We retain your data for as long as your account remains active or as needed to provide services. Specifically:

• Account Data: Retained until you request deletion or your account is inactive for more than 3 years.
• Exam Attempt Data: Retained indefinitely to provide complete performance history. Deleted upon account deletion request.
• Payment Records: Retained for 7 years as required by Indian financial regulations (GST compliance).
• Support Communications: Retained for 2 years for quality assurance purposes.
• Analytics Data: Anonymous aggregated analytics data may be retained indefinitely as it cannot be linked to individual users.

Upon account deletion, all personally identifiable data is permanently removed from our active systems within 30 days. Backup copies may persist for up to 90 days before being purged.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

When we make significant changes, we will:

• Update the "Last Updated" date at the top of this page.
• Notify registered users via email at least 7 days before the changes take effect.
• Display a prominent notice on our platform homepage.

Your continued use of Courage Library after the effective date of any changes constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out to us. We aim to respond to all queries within 48 business hours.