Privacy Policy

Version: 1.0  ·  Effective Date: March 23, 2026

This Policy is part of the Terms of Service and regulates the collection, use, and protection of personal data when using the Tyfoon platform.

• Data Provided by the User: first name, last name, email address, authorization data via third-party services (Google OAuth).
• Educational Activity Data: written source code, completed homework assignments, test and exam results.
• Learning Pace Data: streaks and the pace of completing the program — to personalize the learning process.
• Mentorship Consultation Data: audio and video recordings of calls, text transcriptions of meetings collected using the Fireflies.ai service.
• Technical Data: IP address, device and browser data, cookies, server logs — to ensure security and stability.
• Payment Data: The Provider does not collect, process, or store bank card data; all payments are made externally by the User through banking applications.

2.1. Personal data is used to provide access to the Service, save learning progress, and provide feedback on assignments.

2.2. The User's source code and answers are transferred to authorized processors (OpenAI, Google) solely for automated review and the generation of recommendations. The Provider strives to transmit only the content of the tasks without unnecessary association with the User's identity where technically feasible.

2.3. Mentorship session data is transferred to the Fireflies.ai service for automated transcription and the creation of lesson summaries.

3.1. Data processing by authorized processors (OpenAI, Google, Fireflies.ai) involves its transfer to servers located outside the Republic of Kazakhstan.

3.2. The Provider ensures appropriate contractual data protection guarantees when interacting with each authorized processor (contractual safeguards / Data Processing Agreements).

3.3. By using the Platform, the User consents to such data transfer under the conditions described in this Policy.

4.1. Cookies are used by the Platform to save sessions and protect against cyberattacks (CSRF). The User may restrict their use in the browser settings, which may affect the functionality of certain features.

4.2. In the event of integrating web analytics tools (e.g., Google Analytics), this Policy will be updated with the corresponding disclosure.

5.1. The Provider applies technical data protection measures, including SSL/HTTPS encryption and password hashing.

5.2. The Provider may disclose User information only upon a formal reasoned request from the state authorities of the Republic of Kazakhstan in accordance with the law.

6.1. The User has the right to request information about their data stored on the Platform, as well as demand its update or correction. Requests are sent to support@tyfoon.kz.

6.2. The User has the right to request the deletion of their account and associated personal data by contacting support. The Provider processes such requests in accordance with the legislation of the Republic of Kazakhstan within 30 working days.

6.3. Deleting an account entails the irretrievable deletion of data on progress and learning pace. The deletion of personal data does not apply to aggregated or anonymized data already used to train the Platform's AI models — such data cannot be identified and is not subject to separate deletion.

6.4. The Provider undertakes to stop processing data upon achieving the purposes of its collection or upon withdrawal of consent by the User, unless otherwise provided by the laws of the Republic of Kazakhstan.

The Provider reserves the right to update this Policy. The current version is always available on the Platform's website. In the case of significant changes, the User is notified through the Platform interface.

For personal data protection inquiries: support@tyfoon.kz