Legal

Privacy Policy

How Usul Learning collects, uses, and protects your information.

Last updated: April 2026. This Privacy Policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDP Act") of India. It describes how Usul Learning ("we", "our", or "us") collects, uses, stores, and protects personal data when you visit usullearning.com.

1. Identity of the Data Fiduciary

Name: Usul Learning (sole proprietorship of Muhammed Faheem M A)
Udyam Registration: UDYAM-KL-05-0038423
State: Kerala, India
Email: contact@usullearning.com

2. Personal Data We Collect

We collect only the minimum personal data necessary for the purposes described below. We do not require account creation to access any content on this website. Personal data may be collected when you:

  • Submit a message via our contact form (name, email address, message content)
  • Subscribe to release notifications (email address only)

We do not collect sensitive personal data or information as defined under the SPDI Rules (such as financial information, health data, passwords, or biometric data). We do not sell, rent, or share personal data with third parties for commercial purposes.

3. Purpose and Lawful Basis for Processing

All personal data is processed on the basis of your free, specific, informed, and unambiguous consent, provided through a clear affirmative action (submitting a form or entering your email). Under the DPDP Act, you may withdraw consent at any time by contacting us. Processing is limited to the following purposes:

  • Responding to your enquiries and messages
  • Sending release notifications for new educational volumes, where you have requested this
  • Improving the website and its content

Your data will not be processed for any purpose beyond what you have consented to.

4. Cookies

Our website may use basic functional cookies necessary for the operation of the site. We do not use tracking cookies, behavioural advertising cookies, or any third-party analytics cookies. You may disable cookies through your browser settings; this will not affect your access to any content.

5. Data Retention

Personal data you voluntarily provide is retained only for as long as necessary to fulfil the stated purpose. Contact form submissions are retained for a maximum of 12 months or until your enquiry is resolved, whichever is sooner. Email addresses provided for release notifications are retained until you withdraw consent or request deletion. After the retention period, data is securely deleted.

6. Security Practices

We implement reasonable security practices and procedures as required under Rule 8 of the SPDI Rules to protect personal data against unauthorised access, loss, or misuse. These include access controls, secure communication protocols (HTTPS), and limited internal access to personal data on a need-to-know basis. While we take all reasonable precautions, no method of data transmission over the internet is entirely secure.

7. Children's Data

Under the DPDP Act, any person under the age of 18 is considered a child. We do not knowingly collect personal data from children without verifiable parental or guardian consent. If you are under 18, please do not submit personal data through this website without the knowledge and consent of a parent or guardian. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.

8. Third-Party Links

Our website contains links to external platforms including social media. We are not responsible for the privacy practices of those platforms. We encourage you to review the privacy policies of any third-party sites you visit.

9. Your Rights Under the DPDP Act

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the right to:

  • Access: Obtain a summary of the personal data we hold about you and how it is being processed
  • Correction and Completion: Request correction, completion, or updating of inaccurate or incomplete personal data
  • Erasure: Request deletion of your personal data, subject to any legal obligation to retain it
  • Withdrawal of Consent: Withdraw consent to processing at any time; withdrawal does not affect the lawfulness of processing prior to withdrawal
  • Nomination: Nominate another individual to exercise your rights in the event of death or incapacity
  • Grievance Redressal: Lodge a grievance with us, and if unresolved, with the Data Protection Board of India

To exercise any of these rights, contact the Grievance Officer below. We will respond within a reasonable period as required by law.

10. Grievance Officer

In accordance with Rule 5(9) of the SPDI Rules and the DPDP Act, the following person is designated to address privacy-related grievances:

Grievance Officer: Muhammed Faheem M A
Organisation: Usul Learning
Email: contact@usullearning.com
Response time: We will endeavour to acknowledge your grievance within 72 hours and resolve it within 30 days.

If your grievance is not resolved to your satisfaction, you may approach the Data Protection Board of India once it is operational.

11. California Residents (CCPA)

We do not sell personal information. California residents have the right to: know what personal information is collected, request deletion, and opt out of the sale of personal information (not applicable as we do not sell data). To exercise these rights, contact our Grievance Officer at contact@usullearning.com.

12. GDPR — Third-Party Services & International Transfers

This website uses the following third-party services which may process technical data:

  • Google Fonts (Google LLC, USA): Web fonts are served from Google's servers. This may involve transfer of your IP address to Google. We rely on Google's Standard Contractual Clauses for cross-border data transfers. See Google's Privacy Policy.
  • Cloudflare (Cloudflare Inc., USA): We use Cloudflare for website delivery and security. Cloudflare may process connection data. See Cloudflare's Privacy Policy.

For EU/EEA residents: You have the right to access, rectify, erase, restrict, or object to the processing of your personal data, and the right to data portability. You may also lodge a complaint with your supervisory authority.

13. Data Breach Notification

In the event of a personal data breach, we will notify affected individuals and the Data Protection Board of India in accordance with the Digital Personal Data Protection Act, 2023 and applicable rules. Where required, we will also notify relevant supervisory authorities in the EU within 72 hours of becoming aware of a breach.

14. Unsubscribe

If you have provided your email address for release notifications, you may unsubscribe at any time by emailing contact@usullearning.com with the subject "Unsubscribe". We will process your request promptly.

11. Changes to This Policy

We reserve the right to update this policy at any time to reflect changes in law or our practices. Material changes will be noted on this page with an updated date. Your continued use of the website after any change constitutes acceptance of the revised policy.