Privacy Policy

1. Data Controller

Noosaga is currently run by Axel Pond ("we", "us"). For privacy questions or requests, reach out at axel@noosaga.com.

2. Data We Process

• Account data from your sign-in provider (e.g. your email address).
• Learning and product data (progress, concept completions, game scores, article ratings).
• Analytics and performance data, only if you’ve given consent.
• Technical logs needed for security and keeping the service running.

3. Purposes and Legal Bases (GDPR)

• Providing core product features and your account: GDPR Art. 6(1)(b) (contract).
• Service security, abuse prevention, and reliability: GDPR Art. 6(1)(f) (legitimate interests).
• Analytics and activation telemetry (optional): GDPR Art. 6(1)(a) (consent).

4. Cookies and Consent

We use a consent cookie (noosaga_analytics_consent) to remember your analytics choice for up to 180 days. Analytics data is only collected when you’ve opted in. To change your mind, clear your cookies and you’ll see the consent banner again.

5. Recipients and Processors

We use service providers to run Noosaga (hosting, authentication, infrastructure, analytics). We don’t sell personal data.

6. International Transfers

Some of our providers may process data outside the EEA/UK. Where that’s the case, we rely on appropriate safeguards (such as adequacy decisions or Standard Contractual Clauses) for those transfers.

7. Retention

• Account and learning data: kept until you request deletion or there’s no longer an operational need.
• Web vitals telemetry: up to 7 days.
• Activation analytics events: up to 30 days.
• Security and operational logs: kept for limited periods as needed for service protection.

8. Your GDPR Rights

If you’re in the EU/EEA, you may have the right to access, correct, erase, restrict, or port your data, as well as the right to object and to withdraw consent where consent is the legal basis. You can also lodge a complaint with your local supervisory authority.

You can delete account-linked data from your profile using the "Delete all my data" control, or reach out to us by email.

9. Automated Decision-Making

We don’t use automated decision-making that produces legal effects or similarly significant effects under GDPR Art. 22.

10. Contact

For privacy questions or requests: