Privacy Policy
Last updated: 22 March 2026
Privacy Policy
JM Learns, operated by Joytek Motion Ltd ("we," "us," "our"), respects your privacy. This policy explains how we collect, use, share, and protect your information when you use our platform and services.
We do not sell your personal information.
Information We Collect
Information You Provide
- Account information (name, email address, password, date of birth, phone number)
- Profile information (display name, bio, avatar, gender)
- Billing information (processed securely by Paystack — we do not store your full card numbers)
- Enrollment records and course registrations
- Assessment submissions and quiz responses
- Communications with tutors, students, or our support team
- Bank account details (for tutors receiving payouts)
Information Collected Automatically
- Usage data (pages visited, courses viewed, time spent on content)
- Course progress and completion records
- Live session participation records
- Device information (browser type, operating system)
- IP address and approximate location (country/region)
- Activity logs (login events, enrollment actions, payout requests)
- Security logs (login attempts, suspicious activity)
Information from Third Parties
- Payment confirmation and transaction data from Paystack
- Bank account verification data from Paystack
- Fraud prevention signals from payment processors
How We Use Your Information
We use your information to:
- Process enrollments and provide access to course content
- Manage your account and maintain your course progress
- Process tutor payouts and financial transactions
- Conduct live classroom sessions
- Generate and store assessment results
- Verify your identity and secure your account
- Send transactional emails (enrollment confirmations, invoices, receipts)
- Send service notifications (course updates, schedule changes, policy updates)
- Send marketing communications (with your consent, unsubscribe anytime)
- Analyse platform usage to improve our services
- Prevent fraud and enforce our Terms of Service
- Comply with legal obligations
Legal Basis for Processing (GDPR)
| Purpose | Legal Basis |
|---|---|
| Processing enrollments and delivering courses | Contract performance |
| Account management and course progress tracking | Contract performance |
| Tutor payout processing | Contract performance |
| Identity verification and security | Contract performance / Legitimate interest |
| Transactional emails | Contract performance |
| Analytics and service improvement | Legitimate interest |
| Fraud prevention | Legitimate interest |
| Marketing communications | Consent (you can withdraw anytime) |
| Legal compliance | Legal obligation |
Children's Privacy
Our services are available to users aged 13 and above. For users between the ages of 13 and 17, we require verifiable parental or guardian consent before account creation, in accordance with our Terms of Service.
For minor users, we apply additional safeguards:
- We limit data collection to what is strictly necessary to provide the service
- We do not display targeted advertising based on a minor's data
- Parents or guardians may contact us to review, correct, or delete their child's data
- We do not knowingly collect data from children under 12. If we discover such data, we will delete it promptly
If you believe a child under 12 has created an account, please contact us at [email protected] immediately.
How We Share Your Information
We do not sell your personal information. We may share information with the following third parties:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Paystack | Payment processing and payout disbursement | Billing details, bank account details (tutors), transaction data |
| Hosting providers | Server infrastructure | Server logs (IP addresses) |
| Email delivery providers | Transactional and notification emails | Email address, name |
We may also disclose information when required to comply with legal process (court orders, subpoenas), to protect our legal rights, to prevent fraud, or in connection with a business acquisition (you will be notified).
Analytics
We use Umami for platform analytics. Umami is a privacy-respecting, cookieless analytics tool — it does not use tracking cookies, does not fingerprint your browser, and does not share your data with third parties. No analytics cookies are stored on your device.
Data Security
We implement reasonable technical and organisational security measures:
- HTTPS encryption on all pages
- Secure password hashing using industry-standard methods
- Two-factor authentication (optional, for additional account security)
- Payment data handled exclusively by PCI-compliant Paystack infrastructure
- Access controls and audit logging
- Employee access limited on a need-to-know basis
- Regular security updates and assessments
In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities within 72 hours of discovery, as required by law.
Note: No system is 100% secure. You are responsible for maintaining the confidentiality of your login credentials and using a strong, unique password.
Cookies
| Type | Purpose | Duration |
|---|---|---|
| Essential | Login sessions, CSRF protection, security | Session |
| Remember Me | Keep you logged in across sessions | 30 days |
| Functional | Language preferences, settings | 1 year |
We do not use marketing or tracking cookies. You can manage cookies via your browser settings, but disabling essential cookies may prevent some features from working correctly.
Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of account |
| Transaction and enrollment records | 7 years (legal/tax requirements) |
| Activity and security logs | 1 year |
| Support communications | 2 years |
| Analytics data | 14 months |
| Deleted account data | 30 days (then purged) |
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the data we hold about you |
| Correction | Request correction of inaccurate information |
| Deletion | Request deletion of your data (subject to legal retention requirements) |
| Restriction | Request that we limit how we use your data |
| Portability | Receive your data in a portable format |
| Objection | Object to certain processing activities (e.g., marketing) |
| Withdraw Consent | Where processing is based on your consent |
To exercise any of these rights, email [email protected] with your name, email address, and your specific request. We will respond within 30 days. Verification may be required.
EU/EEA Users: You have the right to lodge a complaint with your local data protection supervisory authority.
Nigerian Users: You have rights under the Nigeria Data Protection Regulation (NDPR). You may lodge complaints with the Nigeria Data Protection Commission (NDPC).
International Data Transfers
Our servers are hosted by cloud infrastructure providers. By using our services, you consent to the processing of your data in accordance with this Privacy Policy. For EU/EEA users, we ensure appropriate safeguards are in place for any data transfers outside the European Economic Area.
Third-Party Links
Our platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites. Please review their privacy policies before sharing any information with them.
Changes to This Policy
We may update this Privacy Policy periodically. For material changes, we will notify registered users by email at least 14 days before the changes take effect and display a prominent notice on our platform.
Contact Us
For privacy-related questions or to exercise your rights:
- Email: [email protected]
- General: [email protected]
Response time: 30 days (may extend to 60 days for complex requests, with notice).
By using JM Learns, you acknowledge that you have read and understood this Privacy Policy.