Privacy Policy data collection illustration showing different types of data being collected

Privacy Policy

This Privacy Policy explains how My Nerdy Planet collects, uses, stores, and protects personal information when you use our website, mobile applications, newsletter, or other services. It describes the types of data we process, the purposes for processing, and the rights available to users.

Last Updated: October 25, 2023. We publish material changes on this page and update the date above; significant changes may also be notified to registered users by email.

Table of Contents

If you have questions about this Privacy Policy or need copies of any legal documents referenced here, please contact our privacy team through the Contact Us section.

Data Collection

We collect data and personal information when you interact with My Nerdy Planet. This section describes the categories of information we collect, how we collect data on our website, and why we collect it to provide and improve services for users.

Types of data we collect and how it’s gathered

Information You Provide Directly

When you use our website or contact our team, you may voluntarily provide personal information. Common examples include:

Contact Forms

We collect identifiers such as your name and email address and any additional details you include in messages so we can respond to inquiries and provide support. This data supports communication and account-related requests.

Newsletter Subscriptions

When you subscribe to our newsletter, we collect your name and email address to deliver updates, newsletters, and other marketing communications where you have consented to receive them. You can unsubscribe at any time.

Information Collected Automatically

We also collect certain information automatically when you visit or use our website. Typical automatically collected data includes:

Website Analytics

We use analytics tools that collect non-identifying usage information — for example, pages visited, time spent on pages, referring sites, and aggregate interaction patterns. This information helps us improve site performance and user experience. Analytics data is handled in accordance with our privacy policy and the analytics provider’s policy.

Technical Data

Technical data collected automatically may include IP address, browser type and version, operating system, device identifiers, and time zone settings. We use this technical information to ensure site security, troubleshoot issues, and optimize compatibility across devices.

We do not intentionally collect sensitive personal data (such as racial or ethnic origin, health information, or financial account details) through ordinary site interactions unless you expressly provide such information for a specific purpose. If you provide sensitive personal data, we will only use it with your explicit consent or as permitted by law.

Why we collect this information: to respond to requests, provide services, improve the website, prevent abuse, and comply with legal obligations. For details on specific uses and retention periods, see the How We Use Your Data and Data Storage and Security sections. To request access, correction, or deletion of your personal information, see the Your Rights section or contact our privacy team.

Data Storage and Security

Protecting your data and personal information is a priority for My Nerdy Planet. We apply technical and organizational measures designed to maintain confidentiality, integrity, and availability of the data we process, and we review these measures regularly to make sure they remain effective and aligned with current data protection standards.

Data security visualization showing encryption and secure storage methods

Security snapshot: encryption, access controls, and monitoring

How Long We Keep Your Data

We retain personal data only as long as necessary for the purposes described in this Privacy Policy or as required by law. Retention periods are set with consideration to the specific purpose and applicable compliance requirements. Examples of our retention practices include:

  • Contact form submissions: retained for up to 2 years to allow follow-up and support resolution, unless you request earlier deletion.
  • Newsletter subscription data: kept until you unsubscribe or withdraw consent.
  • Analytics data: retained for 26 months, unless anonymized earlier for aggregate reporting.
  • Account information: maintained while your account is active and for a limited period after account closure where required for legal or legitimate business purposes.

Security Measures

We employ a combination of administrative, technical, and physical safeguards to protect personal data, including but not limited to:

  • Encryption in transit (TLS/SSL) for data transfers and encryption at rest where appropriate
  • Regular security assessments, vulnerability scanning, and third-party penetration testing
  • Role-based access controls and least-privilege principles to limit data access to authorized personnel
  • Encrypted backups stored in geographically redundant facilities with controlled access
  • Routine software updates, patch management, and incident monitoring

Data Breach Response

Although no system is completely secure, we maintain an incident response plan to address potential security breaches. If we discover a data breach that affects personal information, we will take immediate steps to contain and investigate the incident, remediate vulnerabilities, notify regulators when required by law, and notify affected users without undue delay consistent with applicable data protection laws.

For details on the legal basis for processing and how long specific categories of personal data are retained, see the How We Use Your Data section. If you have concerns about our security practices or wish to request additional information, please contact our privacy team.

How We Use Your Data

We use collected data and personal information to provide, operate, and improve our website and related services. Below we summarize the primary uses, the legal basis for processing under applicable data protection laws, and practical examples to show when we rely on consent versus other grounds.

Diagram showing how collected data is used for different purposes

Primary ways we use data: communication, marketing, and website improvement

Primary Purposes

Communication

We use contact information (for example, name and email) to respond to user inquiries, provide customer support, and send important service or account notices. Legal basis: contract performance or legitimate interests (to maintain service quality and respond to requests). Retention: contact messages are retained for up to 2 years to allow follow-up and support resolution.

Marketing

With your consent where required, we send newsletters and promotional communications about features, updates, and services that may be of interest. You can withdraw consent or opt out at any time via the unsubscribe link in marketing emails or by contacting our privacy team. Legal basis: consent for marketing communications; in limited cases, legitimate interests may apply for non-intrusive informational messages. Retention: newsletter subscription data is kept until you unsubscribe.

Website Improvement

We analyze aggregated analytics and technical data to diagnose issues, improve functionality, and develop new features. This includes pages visited, session length, and performance metrics. Legal basis: legitimate interests in improving service and user experience. Retention: analytics data is retained for 26 months or anonymized earlier for aggregate reporting.

Other Uses

  • Fraud prevention and security monitoring to protect users and our platform (legal basis: legitimate interests and compliance with legal obligations).
  • Compliance with legal or regulatory obligations, such as responding to lawful requests from authorities (legal basis: legal obligation).
  • To complete transactions or provide requested services when processing is necessary for contractual performance (legal basis: contract).

Examples: When We Rely on Consent vs. Legitimate Interests

  • Consent: sending marketing newsletters and promotional emails — you opt in and may opt out at any time.
  • Legitimate interests: analyzing anonymous usage patterns to improve site performance and troubleshoot security incidents.
  • Contract: processing billing or account information necessary to deliver paid services or subscriptions.

If you have questions about the legal basis for a specific processing activity or ’ll need help changing your marketing preferences, please visit the Your Rights section or contact our privacy team. For full details on retention periods, see the Data Storage and Security section.

Your Rights

Under applicable privacy laws such as the GDPR, CCPA, and LGPD, users have specific rights concerning their personal information. My Nerdy Planet respects these rights and provides processes to exercise them. Below is a concise summary of those rights and practical instructions for submitting requests.

Illustration of user data rights under privacy regulations

Summary of user rights and how to exercise them

Your Data Rights Include:

Right to Access

You may request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, machine-readable format where technically feasible. To process a request we may require proof of identity.

Right to Correction

If any personal information we hold is inaccurate or incomplete, you can request correction. Provide the details to be corrected and supporting evidence where appropriate.

Right to Deletion

You can request deletion of your personal information when it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and no other legal basis for processing applies.

Right to Restrict Processing

You may ask us to restrict processing of your personal data in certain circumstances (for example, while a dispute about accuracy is being resolved).

Right to Object

You have the right to object to processing based on legitimate interests or to direct marketing. If you object, we will stop processing your data for those purposes unless we can demonstrate compelling legitimate grounds.

Right to Data Portability

Where applicable, you may request that we transfer personal data you provided to another organization in a commonly used, machine-readable format.

How to Submit a Request

  • Contact our privacy team via the Contact Us section or use the Privacy Inquiry Form. Indicate the right you wish to exercise (access, correction, deletion, portability, restriction, or objection).
  • Provide your full name, email address, and a clear description of your request. We may request additional information to verify your identity before fulfilling the request.
  • Typical response time: we will respond to legitimate requests within 30 days. In complex cases or where additional verification is required, we will inform you and extend the timeframe if permitted by law.

Additional Notes

  • Certain requests may be limited by legal obligations (for example, records we are required to retain for tax or accounting purposes).
  • The scope and terminology of rights can differ by jurisdiction (for example, CCPA provides rights to opt-out of sales and data portability with different mechanics). If you are subject to a specific law, please indicate that in your request so we can respond appropriately.
  • If we refuse a request, we will explain the reason and provide information about any available recourse under applicable law.

Exercise Your Data Rights

To exercise any of these rights or if you ’ll need assistance completing a request, please contact our privacy team or submit a request via the Privacy Inquiry Form. We take compliance seriously and will handle your request in accordance with this privacy policy and applicable law.

Submit a Request

Third-Party Services

We use third-party services to operate and improve our website and to deliver specific features. These third-party providers may collect, process, or store data on our behalf and maintain their own privacy policies. We use only necessary third-party services and, where required, enter into Data Processing Agreements or apply standard contractual clauses to protect user data.

Diagram showing third-party services used by the website and data flow

Summary of third-party services and the types of data they process

Third-Party Services We Use

Service Category Service Provider Purpose Data Collected Privacy Policy Link
Analytics Google Analytics To analyze website traffic and aggregate user behavior to improve site performance and content IP address, browser information, device data, pages visited (typically aggregated/anonymized for reporting) View Policy
Email Marketing Mailchimp To send newsletters and marketing communications with your consent Email address, name, subscription preferences View Policy
Form Processing Formspree To process contact form submissions and deliver messages to our privacy team Name, email, message content View Policy
Content Delivery Cloudflare To optimize website performance, caching, and security IP address, browser information View Policy

Third-Party Data Sharing

We do not sell personal information. We may share data with third parties only in the following limited circumstances:

  • With service providers and processors who perform services on our behalf (e.g., analytics, email delivery, hosting) — these relationships are governed by contractual safeguards such as Data Processing Agreements or standard contractual clauses where required for international transfers.
  • When necessary to comply with a legal obligation or to respond to lawful requests from public authorities.
  • To protect our rights, privacy, safety, or property, or that of our users.
  • In connection with a merger, acquisition, or sale of all or part of our assets; in such cases, we will notify users and take steps to protect personal information.

For each listed provider, consult the linked privacy policies for details on how they collect and use data. If you are a resident of a jurisdiction with specific rights (for example, under the CCPA), and you believe your data has been sold or shared in a manner inconsistent with this policy, contact our privacy team for assistance and to exercise applicable rights.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enable core site functions, analyze site traffic, and deliver a functional, secure user experience. This section explains the types of cookies we use, the information they collect, and how you can manage your preferences.

Illustration of different types of cookies used on websites

Types of Cookies We Use

Necessary Cookies

Necessary cookies are essential for the website to function. They enable core features such as session management, privacy preference settings, and secure form submission. These cookies do not typically collect personal information for marketing purposes and are usually session-based.

Functional Cookies

Functional cookies support enhanced site functionality and personalization (for example, remembering language or display preferences). They may be first-party or set by trusted third-party providers to deliver specific features.

Analytics Cookies

Analytics cookies collect aggregated, non-identifying information about how users interact with the website (pages visited, session duration, and error reports). We use this data to improve site performance and the user experience. Where possible, analytics data is anonymized or aggregated.

Examples and Lifespans

Below are representative examples of cookie categories and typical lifespans. For a full list of cookies in use, consult the cookie settings control referenced below.

  • Session cookies (necessary): expire when you close your browser.
  • Persistent cookies (functional/analytics): remain on your device for a specified period (e.g., 30 days to 26 months) depending on the cookie’s purpose.

Managing Cookies

You can manage cookies through your browser settings (commonly found under Options or Preferences) to refuse or delete cookies. Note that disabling necessary cookies may affect site functionality. For convenience, use our cookie preference center to review and change consent choices.

Manage Your Cookie Preferences

To review and modify the cookies set by this website, click the button below to open the cookie settings. If you require assistance or have questions about how we use tracking technologies, contact our privacy team.

Cookie Settings

Children’s Privacy

Our website and services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided personal information to us, please contact our privacy team immediately so we can take appropriate action.

Illustration representing children's online privacy protection

If you believe your child under 13 provided information, contact our privacy team for verification and deletion.

COPPA Compliance

In accordance with the Children’s Online Privacy Protection Act (COPPA), if we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will promptly:

  • Delete the information from our systems where practicable
  • Take reasonable measures to prevent further use or disclosure of the information
  • Notify the parent or guardian as appropriate and provide instructions for confirming deletion

How parents can submit a request: contact our privacy team via the Contact Us section and include the child’s name, the information you believe was provided, and a method for verifying your identity as the parent or guardian. We will respond and take action in accordance with applicable law.

International Data Transfers

My Nerdy Planet operates internationally. As a result, personal data you provide or that we collect on our website may be transferred to, stored in, and processed in countries other than your country of residence. Those countries may have different data protection laws than where you live.

Global map showing international data transfer flows with privacy safeguards

Data may be processed in multiple jurisdictions; safeguards are applied to protect personal data.

Data Transfer Safeguards

When we transfer personal data across borders, we implement appropriate safeguards to maintain an adequate level of protection consistent with this Privacy Policy and applicable data protection regulation. These safeguards may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA
  • Data Processing Agreements (DPAs) with third-party service providers that process data on our behalf
  • Adherence to recognized transfer frameworks where applicable, such as the EU‑US Data Privacy Framework
  • Technical and organizational measures (encryption, access controls, and monitoring) to protect data in transit and at rest

Example: backups or hosting services may be located in the United States or the European Union; analytics processing may occur in the United States under contractual safeguards. If you would like details about the specific safeguards used for a particular transfer, please contact our privacy team and we will provide the relevant information or copies of applicable agreements where permitted.

By using our website and services, you acknowledge and consent to these international data transfers, where applicable, subject to the protections described above.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or operational needs. Material changes will be posted on this page and the Last Updated date will be revised to indicate when the policy was changed.

Timeline showing privacy policy updates and notification process

We maintain a change log and notify users of material updates.

How We Notify You

For significant changes to this privacy policy, we will make reasonable efforts to notify affected users by one or more of the following methods:

  • Posting a prominent notice on the website summarizing the material changes
  • Sending an email to registered users when changes materially affect how we use personal data
  • Updating the “Last Updated” date at the top of this Privacy Policy

What constitutes a “material change”: a change that affects the legal basis for processing, expands the categories of personal data collected, adds new categories of recipients, or alters user rights in a substantive way. In some jurisdictions, additional notice or consent may be required by law; we will comply with such requirements where applicable.

We keep prior versions of this privacy policy available on request for transparency. We encourage users to review this privacy policy regularly; continued use of our website following posted changes constitutes acceptance of the revised policy unless a different action (such as re-consent) is required under applicable law.

Contact Us

If you have questions, concerns, or requests about this privacy policy or our data practices, contact our privacy team using the options below. We respond to legitimate privacy requests in accordance with applicable law.

Contact information and privacy team support illustration

Contact our privacy team for assistance with requests or questions about your personal data.

Privacy Team Contact Information

  • Email: privacy@mynerdyplanet.com
  • Address: My Nerdy Planet LLC, 123 Tech Avenue, Digital City, DC 12345, United States
  • Phone: +1 (555) 123-4567

Our privacy team is responsible for handling requests and will acknowledge receipt of your inquiry. Typical response time is within 30 days; complex requests or those requiring additional verification may take longer, and we will notify you if an extension is necessary.

Data Protection Officer

For regulatory or escalation matters related to data protection, you may contact our Data Protection Officer directly:

  • Name: Jane Smith
  • Email: dpo@mynerdyplanet.com

If you prefer to send a formal request by post, include the details below and mail to the address above. For urgent matters, call the phone number listed during business hours.

Contact Our Privacy Team

To exercise your rights (access, correction, deletion, portability, objection) or inquire about our privacy practices, please submit a request via email, phone, or the form below. You will receive an automated confirmation when your request is received.

Email Our Privacy Team

Privacy Inquiry Form

Use this form to submit privacy-related requests. To help us process your request, include as much detail as possible and any documents needed to verify your identity.





We will acknowledge receipt and aim to respond to your request within 30 days in accordance with applicable laws. To speed processing, please include any relevant date ranges, account identifiers, and a copy of an identity document when appropriate.

If you do not receive a response within the stated timeframe, you may escalate to the Data Protection Officer or file a complaint with a supervisory authority in your jurisdiction.

Commitment to Your Privacy

My Nerdy Planet is committed to protecting your privacy and maintaining the security of personal data. Our company adheres to applicable data protection regulation and continuously reviews technical and organizational controls to ensure compliance and to make sure your information is handled responsibly.

Our practical commitments to users include: transparency about data practices and retention; ongoing investment in security measures and monitoring; and prompt remediation and notification in the event of a data incident, consistent with applicable laws.

Please review this Privacy Policy periodically for updates. If you have questions, wish to exercise your rights, or need to make a complaint, contact our privacy team or the Data Protection Officer as described in the Contact Us section. Prior versions of this privacy policy are available on request for transparency.

By using our website and services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms where required by law.

Illustration representing commitment to data privacy and security