Privacy Policy

1. Introduction & Scope

This Privacy Policy is issued by LearnerX EdTech Private Limited ("LearnerX", "Codebasics", "we", "our", "us"), a company incorporated in India and operating the Codebasics website and related online services ("Website/Services"). LearnerX EdTech Private Limited is the Data Fiduciary responsible for determining the purposes and means of processing personal data under the Digital Personal Data Protection Act, 2023 ("DPDPA").

Registered Address: WeWork Krishe Emerald, Survey No. 11, Whitefields, Serilingampally Mandal, Laxmi Cyber City, Kondapur Main Road, Hyderabad, Telangana – 500081, India. (GSTIN: 36AAFCL1588C1ZK)

This Privacy Policy explains how we collect, use, store, process, disclose, and safeguard personal information when you access or use https://codebasics.io and any services provided through it.

This Policy applies only to data collected through our online Services. Any data collected offline, through third-party channels, or via non-digital interactions is governed by the applicable terms notified at the time of collection, unless explicitly stated otherwise in this Policy.

Applicability of Laws:
We comply with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as applicable to the processing of personal data through our Website.

Where personal data of individuals located outside India (including the European Union) is processed, we follow applicable data-protection principles to the extent required, without claiming blanket compliance with foreign data-protection laws unless expressly stated.

Eligibility:
Our Website and Services are intended solely for individuals who are 18 years of age or older. We do not knowingly collect personal data from minors (individuals below 18 years of age). If you are under 18, you must not use our Services.

2. Information We Collect

We collect the following categories of information, either voluntarily provided by you or automatically through standard website mechanisms. We collect only what is necessary for delivering our services.

a. Personal / Personally Identifiable Information (PII) Provided by You

When you register, update your profile, or use our services, you may voluntarily provide information such as:

  • Full name
  • Gender
  • Mobile number / WhatsApp-enabled phone number (optional)
  • Email address
  • Profile or display picture
  • Location details (country, state, city, postal code)
  • Educational details (institutions attended, grades, year of graduation)
  • Employment information (company names, job titles, experience)
  • Resume/CV (if uploaded)
  • Links to external profiles (e.g., LinkedIn, GitHub, portfolio websites)
  • Course-related preferences or selections

Payment Information:
We do not collect or store your payment card, UPI, bank account, or other financial information. All payments are processed securely by our third-party payment providers who are compliant with applicable industry standards.

b. Information Collected Through Social Login Providers

If you choose to sign up or log in using third-party authentication providers (e.g., Google, LinkedIn), we may receive limited profile information such as:

  • Name
  • Email address
  • Public profile details available through that provider

We only receive information with your explicit consent during login, and you may revoke access at any time through the provider's settings.

c. Support / Contact Information

When you contact us for support, feedback, or questions, we may collect:

  • Your name
  • Email address
  • Phone number
  • Content of your message
  • Any attachments you voluntarily provide
  • Call and Session Recordings
    • We may record customer support calls, sales calls, or live learning sessions (including webinars or mentorship interactions) for quality assurance, training, compliance, and dispute resolution purposes. Where required by law, such recordings are made only after providing appropriate notice or obtaining consent.
d. Automatically Collected Data / Log Data

When you access our Website or Services, certain technical data is collected automatically, such as:

  • IP address
  • Browser type and version
  • Device information
  • Internet service provider (ISP)
  • Date/time stamp
  • Referring and exit pages
  • Pages viewed, number of clicks, and usage patterns

Log Retention:
As required under CERT-In guidelines, system logs and related metadata are securely retained for a minimum of 180 days.

e. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Remember your preferences
  • Improve user experience
  • Personalize content
  • Analyse Website performance and usage

You may control or disable cookies through your browser settings.

f. Optional Information

We may collect additional information only when you voluntarily submit it, such as:

  • Survey responses
  • Feedback forms
  • Participation in community forums or discussion channels
  • Profile updates within your account

We limit collection to information necessary for providing or improving our services. We do not request or encourage sharing of unnecessary or sensitive personal data.

When you choose to create or publish a portfolio through our Services, we may collect and display information such as your name, photo, skills, projects, and other details you choose to provide. Portfolios are intended to be publicly accessible via a generated link. By submitting such information, you acknowledge and consent to its public visibility.

When submitting or publishing portfolio content, you represent and warrant that you own or have the necessary rights, licenses, or permissions to display such content, including any third-party materials, trademarks, logos, images, code, or work samples. Codebasics does not claim ownership over user-submitted content and is not responsible for any infringement of third-party intellectual property rights arising from content submitted by users.

3. How We Use Your Information

We use the information we collect only for the specific purposes described below, and only to the extent necessary for delivering and improving our services:

a. Providing and Operating Our Services
  • Creating and managing your account
  • Enabling course access, dashboard functionality, and learning features
  • Maintaining and ensuring the proper functioning of the Website and Services

This includes hosting and displaying publicly accessible portfolio pages where users have explicitly consented to public visibility of their information.

b. Improving User Experience
  • Enhancing, personalizing, and updating website features
  • Understanding how users engage with content to optimize performance
  • Conducting analytics, monitoring usage patterns, and performing A/B testing
c. Communication and Support
  • Responding to your queries, support requests, and feedback
  • Sending essential service communications such as:
    • Course access information
    • Schedule changes
    • Technical updates
    • Transaction confirmations (e.g., invoices, receipts)
d. Security and Fraud Prevention
  • Monitoring for suspicious activity
  • Detecting and preventing fraud, unauthorized access, or misuse
  • Ensuring platform integrity and compliance with applicable laws
e. Marketing Communications (Sent Only With Explicit Consent)

If you explicitly opt in, we may send you:

  • New course announcements
  • Offers, discounts, and promotions
  • Product or feature updates
  • WhatsApp/SMS/email notifications you have chosen to receive

You may withdraw consent at any time by contacting us.

f. Testimonials, Alumni Achievements & Placement Information

If you voluntarily submit testimonials, alumni achievements, placement details, success stories, photos, or related content through our Website or Services (including alumni or placement forms), you expressly consent to Codebasics using, displaying, and publishing such information on:

  • our Website,
  • our official social media platforms, and
  • promotional or marketing materials.

Such information is published only after obtaining your explicit consent at the time of submission. You may withdraw this consent by contacting us; however, withdrawal will apply prospectively and may not affect content already published or distributed prior to withdrawal.

Where testimonials, alumni achievements, or placement details include references to employer names, company logos, or trademarks, such content is submitted by users based on their own representations. Codebasics does not claim any affiliation with, endorsement by, or authorization from such employers, and does not independently verify the ownership or authorization of such logos or trademarks. Any use of third-party names or logos is for informational purposes only, as provided by the user.

g. Automated Processing and Decision-Making

We do not engage in fully automated decision-making, including profiling, that produces legal or similarly significant effects on users without meaningful human involvement. Any automated tools used are intended to support operational efficiency and user experience and do not replace human judgment in decisions related to learning access, certifications, or job assistance.

h. Accuracy of Information Provided by Users

You are responsible for ensuring that all information you submit through the Website or Services, including resumes, portfolios, testimonials, placement details, achievements, and profile information, is accurate, complete, and up to date. Codebasics does not independently verify user-submitted information and shall not be responsible for inaccuracies, misrepresentations, or omissions in such content.

i. Additional Purposes (Only With Fresh Consent)

We will not use your personal information for any purpose beyond what is listed above without obtaining your separate, informed consent at that time. Some processing activities are necessary to provide the Services or comply with legal obligations (for example, enabling course access, maintaining accounts, or complying with tax and accounting laws), while others are based on your consent (for example, marketing communications, non-essential cookies, and WhatsApp/SMS promotions).

j. Legal Basis of Processing

We process personal data only where we have a valid legal basis to do so. Depending on the nature of the interaction, processing is carried out on one or more of the following grounds:

  • Performance of a contract – where processing is necessary to provide access to courses, learning services, dashboards, certificates, invoices, and account management;
  • Consent – where you have provided explicit consent, including for marketing communications, WhatsApp/SMS messages, testimonials, placement disclosures, portfolio public visibility, and non-essential cookies;
  • Legal obligations – where processing is required to comply with applicable laws, tax regulations, accounting requirements, cybersecurity obligations, or regulatory directions; and
  • Legitimate operational purposes – such as platform security, fraud prevention, service integrity, analytics, and internal reporting, conducted in a manner consistent with applicable data-protection laws.

4. WhatsApp / SMS Communications & Phone Number Use

a. How We Use Your Phone/WhatsApp Number

If you voluntarily provide your phone number or WhatsApp-enabled number and explicitly opt in through a consent checkbox, you authorize us to use this number to communicate with you via WhatsApp or SMS.

We may send:

  • Essential service-related messages (e.g., course access details, schedules, technical notifications)
  • Support communications
  • Promotional or marketing messages—but only if you provide a separate, explicit opt-in for promotional content
b. Consent and Opt-In Requirements
  • Phone/WhatsApp number collection is voluntary.
  • Essential notifications are sent only when necessary for service delivery.
  • Promotional WhatsApp/SMS messages are sent solely if you have provided separate, explicit consent for marketing communications.
c. Withdrawal of Consent (Opt-Out)

You may withdraw your consent for WhatsApp/SMS communications at any time by emailing [email protected].

  • We process opt-out requests within 72 hours.
  • After opt-out:
    • Promotional and announcement messages will stop.
    • Essential service-related messages will be sent only when strictly necessary to support your ongoing access to paid services, such as course or bootcamp enrolment, and participation in events or sessions.
d. Data Handling, Security & Retention
  • Your phone/WhatsApp number is treated as Personally Identifiable Information (PII).
  • It is stored securely, with access limited to authorized personnel and protected by appropriate technical and organizational safeguards.
  • If you request deletion or unsubscribe, we will delete or anonymize your phone number and related consent records unless retention is required for legal, audit, fraud-prevention, or operational purposes.
e. Cross-Border Processing

WhatsApp and certain SMS gateway providers may process data on servers located outside India.

By opting in to WhatsApp/SMS communications, you acknowledge and consent that your phone number and messaging metadata may be transferred and processed in jurisdictions outside India, in accordance with their data protection frameworks.

5. Cookies, Tracking & Advertisement / Third-Party Services

a. Use of Cookies and Tracking Technologies

We use cookies and similar technologies to support the functionality, performance, and security of our Website and Services. Cookies help us recognize your browser, remember your preferences, and understand how you interact with our platform.

b. Types of Cookies We Use
i. Essential Cookies (Strictly Necessary)

These cookies are required for the Website to function properly. They enable features such as:

  • Secure login and authentication
  • Account/session management
  • Site security and fraud prevention
  • Core learning and dashboard features

These cookies do not require consent because they are necessary to provide the services you request.

ii. Analytics & Performance Cookies (Non-Essential)

Used to understand how users engage with our content and improve site performance. Examples include:

  • Page visits, time spent, user behavior patterns
  • A/B testing performance metrics

These cookies are used only with your explicit consent.

c. Managing Your Cookie Preferences
  • You may disable, restrict, or block cookies through your browser settings at any time.
  • Essential cookies cannot be disabled, as they are required for core service functionality.
d. Third-Party Tools and Services

We may use third-party service providers for:

  • Analytics (e.g., Google Analytics)
  • Payment processing
  • Messaging and communication services
  • Advertising and performance tracking
  • Error monitoring or infrastructure services

These third parties may use their own cookies, tracking technologies, or data-processing mechanisms. Their use of your information is governed by their respective privacy policies, which you are encouraged to review.

We do not control or take responsibility for the data practices of third-party providers.

6. Data Sharing, Third-Party Disclosure & Use of External Services

a. No Sale of Personal Data

We do not sell, rent, or trade your personal information to any third party for marketing or commercial purposes.
Any third-party marketing communication is sent only if you have provided explicit, separate consent.

b. Sharing with Service Providers (Processors)

We may share your information with trusted third-party service providers who assist in operating and delivering our services, such as:

  • Payment gateways
  • Messaging and communication providers (e.g., WhatsApp API partners, email delivery tools)
  • Analytics platforms (e.g., Google Analytics, Microsoft Clarity, Matomo)
  • Cloud hosting and infrastructure providers
  • Customer support tools
  • Identity/authentication providers (e.g., Google/LinkedIn login)

These service providers act strictly as data processors, and:

  • Are required to implement appropriate technical and organizational safeguards
  • Are prohibited from using your information for their own independent purposes

Payment Processor Disclosure (India): For subscription and one-time payments processed within India, your name, email address, registered phone number, and transaction amount are shared with Razorpay Software Limited solely to process your payment, register or manage your UPI AutoPay or eNACH mandate, and comply with RBI and NPCI regulatory requirements. Razorpay does not receive or store your UPI PIN, bank account passwords, or card CVV. Razorpay is PCI-DSS Level 1 compliant and ISO 27001 certified. Its data practices are governed by its Privacy Policy at razorpay.com/privacy.

Payment Processor Disclosure (International): For international payments, equivalent transaction data (name, email, transaction amount) is shared with PayPal (US) Private Limited or Stripe Inc. as applicable, solely for payment processing. These processors are governed by their respective privacy policies.

c. Job Assistance & Hiring Partner Data Sharing

If you opt to use our job assistance or career support services, you acknowledge and consent that certain profile information (such as resume, skills, experience, and contact details) may be shared with external recruiters, employers, or hiring partners strictly for job assistance purposes.

Submission of job assistance forms does not guarantee job placement. Data is shared only after obtaining your explicit consent through the relevant form.

d. Advertising & Marketing Partners (Used Only With Consent)

If you opt in to receive marketing communications or allow marketing cookies, certain third-party advertising or remarketing platforms may receive limited data (e.g., device identifiers or cookie data).

Key points:

  • These partners operate under their own privacy policies and tracking practices
  • We do not allow advertising partners to use your personal data unless you have provided explicit consent
  • You may withdraw consent at any time
e. Cross-Border Data Transfers

Some third-party service providers, processors, or cloud hosting platforms may store or process your information on servers located outside India.

Where such transfers occur, we ensure:

  • Transfers are permitted under applicable Indian data protection laws
  • Appropriate contractual and security safeguards are in place
  • Data is handled with a level of protection consistent with this Privacy Policy

By using our Services or providing your information, you acknowledge that your data may be transferred outside India for lawful processing.

Codebasics Inc., our affiliated entity incorporated in the United States, may receive limited personal information strictly on a need-to-know basis for purposes such as international billing support, payment reconciliation, analytics, or customer assistance.

Codebasics Inc. acts solely as a Data Processor and does not independently determine the purposes or means of processing personal data. All such processing is carried out only in accordance with our documented instructions, applicable law, and this Privacy Policy, and is subject to appropriate contractual and technical safeguards.

f. Legal Compliance & Protection

We may disclose personal information if required to:

  • Comply with applicable laws, court orders, or lawful government requests
  • Protect our rights, users, or platform integrity
  • Detect or prevent fraud, security incidents, or misuse

Such disclosures are made only when legally necessary and with proper documentation.

7. Data Retention & Security

a. Data Retention Principles

We retain personal data only for as long as necessary to fulfil the specific purposes for which it was collected, or as required to comply with legal, operational, or regulatory obligations.

Once the purpose has been fulfilled, data is deleted or anonymized in accordance with our retention policies.

b. Retention Timelines (Purpose-Based)

To comply with DPDPA standards, we apply the following retention rules:

  • Account Information (name, email, profile details):
    Retained for as long as your account remains active, and up to 24 months (2 years) after account deletion for audit, fraud prevention, dispute resolution, or legal compliance.
  • Course Enrollment, Payment Records & Transaction History:
    Retained for 7 years as required under applicable tax, accounting, and statutory record-keeping laws.
  • WhatsApp/SMS Consent Records:
    Retained until you withdraw consent, and for an additional 12 months thereafter for compliance verification.
  • Support Tickets, Communications & Feedback:
    Retained for 12–24 months depending on the nature of the interaction, unless longer retention is legally required.
c. Log Data Retention (CERT-In Requirement)

System logs, security logs, and related metadata are stored in secure systems, including within India where required, for a minimum of 180 days, or longer if required for legal investigations, cybersecurity compliance, or dispute resolution.

d. Deletion & Anonymization

If you request deletion of your personal data (e.g., phone number, profile details, consent history), or withdraw consent:

  • We will delete or irreversibly anonymize such data within 2 working days.
  • Retention will continue only where necessary for:
    • Legal obligations
    • Fraud detection
    • Enforcement of terms
    • Accounting or compliance requirements

Automatic deletion or anonymization processes are applied when retention periods expire.

e. Security Measures

We implement reasonable and appropriate technical and organizational safeguards, including but not limited to:

  • Access controls and role-based permissions
  • Data encryption (in transit and at rest, where applicable)
  • Secure servers and cloud infrastructure
  • Periodic security reviews and monitoring
  • Restricted access for authorized personnel only

While no system is fully immune to security risks, we take all reasonable steps to protect data from unauthorized access, misuse, alteration, or disclosure.

8. Your Rights Under the Digital Personal Data Protection Act, 2023 (DPDPA)

As a Data Principal under the DPDPA, you have the following rights regarding your personal data processed by us. We will honour and facilitate these rights in a fair, transparent, and timely manner.

a. Right to Access

You may request confirmation about whether we process your personal data and obtain a summary of the personal data we hold about you, subject to legal limitations.

b. Right to Correction and Updating

You may request correction, completion, or updating of any inaccurate or incomplete personal data. We may require verification before correcting certain information.

c. Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data when:

  • the data is no longer necessary for the original purpose of processing;
  • you withdraw consent and no other legal basis exists;
  • the processing is unlawful.

We may retain certain personal data where required for legal, tax, audit, fraud prevention, regulatory, or compliance obligations.

d. Right to Withdraw Consent

Where processing is based on your consent (e.g., WhatsApp/SMS marketing, non-essential cookies), you may withdraw such consent at any time. Withdrawal does not affect processing already undertaken before withdrawal.

This includes withdrawal of consent previously provided for marketing communications, testimonial or placement display, portfolio public visibility, and job assistance data sharing.

Withdrawal of consent may impact our ability to provide certain services that rely on such consent. For example, withdrawal of consent for portfolio public visibility may result in the portfolio being unpublished; withdrawal of consent for job assistance data sharing may limit our ability to connect you with hiring partners; and withdrawal of consent for testimonial or placement display will apply prospectively and may not affect content already lawfully published prior to withdrawal.

e. Right to Grievance Redressal

You have the right to raise a grievance regarding the collection, use, disclosure, or retention of your personal data. Your grievance will be:

  • acknowledged within 7 days; and
  • resolved within a reasonable period in accordance with DPDPA requirements.
f. Right to Nominate

You may nominate another individual to exercise your rights under the DPDPA in the event of your death or incapacity, as permitted under Section 14 of the Act.

g. Right to Be Informed

You have the right to receive clear and transparent information about how your data is collected, used, stored, processed, and shared, including any updates to this Policy.

h. Right to File a Complaint with the Data Protection Board of India

If you are not satisfied with the resolution provided by our Grievance Officer, you may escalate the matter to the Data Protection Board of India as permitted under the DPDPA.

How to Exercise These Rights

To exercise any of the rights listed above (access, correction, deletion, withdrawal of consent, nomination, or grievance redressal), please contact our designated Grievance Officer. We will acknowledge your request within 48 hours and respond within 30 days as required under the DPDPA, 2023.

Grievance Officer (as required under DPDPA)
Name: Singaram Harish Kumar
Email: [email protected]

Postal Address:

WeWork Krishe Emerald, Survey No. 11, Whitefields,
Serilingampally Mandal, Laxmi Cyber City, Kondapur Main Road,
Hyderabad, Telangana – 500081, India.

The Grievance Officer will:

  • Acknowledge your grievance within 48 hours; and
  • Provide a resolution within a reasonable timeline as mandated by law.

9. Protection of Minors / Children's Data

Our Website and Services are intended only for individuals who are 18 years of age or older. We do not knowingly collect, process, or solicit personal information from anyone under the age of 18, as defined under the Digital Personal Data Protection Act (DPDPA), 2023.

If we become aware that personal data belonging to a minor (under 18) has been collected without appropriate safeguards or verification:

  • We will promptly delete or anonymize such data
  • We may disable the associated account, if applicable
  • We may request verification of age for continued use of the Services

If you believe that a minor under the age of 18 has provided personal information to us, please contact us immediately at [email protected] so we can take appropriate action.

10. Policy Changes & Updates

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, new features or services, or updates required by applicable laws and regulations.

  • The "Last Updated" date at the bottom of this document indicates the most recent revision.
  • When changes are non-material, updates will be reflected on this page.
  • When changes materially affect your rights, how your personal data is used, or how it is shared, we will notify you through:
    • Email communication, and/or
    • A prominent notice on our Website or dashboard

Renewed Consent When Required

If the change involves:

  • A new purpose for which your data will be processed,
  • New categories of personal data being collected, or
  • New types of third-party sharing or transfers,

We will obtain fresh, explicit consent from you before applying such changes.

Your continued use of the Website or Services after updates indicates your acknowledgment of the revised policy, unless a consent-based change requires a new opt-in.

11. Additional Disclaimers & Compliance

We adhere to the requirements of the Digital Personal Data Protection Act, 2023 (DPDPA) and commit to implementing "reasonable security practices and procedures" for the protection of personal data, including sensitive personal data, in accordance with applicable Indian data-security regulations.

We follow recognized security standards and good industry practices, including but not limited to:

  • Access control and role-based permissions
  • Encryption (where applicable)
  • Secure server infrastructure
  • Regular monitoring and security reviews
  • Mandatory log retention and cybersecurity practices as guided by CERT-In

Where data is processed or transferred outside India (e.g., by third-party service providers or cloud partners), we ensure such transfers comply with applicable Indian laws and are supported by appropriate contractual and organizational safeguards.

We ensure that this Privacy Policy is clearly accessible to all users, including through the Website footer and other appropriate locations.

Nothing in this Policy limits your rights under applicable law or our obligations to comply with regulatory authorities.

In the event of a personal data breach, we will notify the appropriate regulatory or governmental authority and affected users without undue delay and within the timelines prescribed under applicable law, including the Digital Personal Data Protection Act, 2023 and CERT-In Directions, where such notification is required.

Governing Law and Jurisdiction: This Privacy Policy and any disputes arising out of or related to it shall be governed by and construed in accordance with the laws of India. Any disputes relating to this Policy shall be subject to the exclusive jurisdiction of the courts in Hyderabad, Telangana, India, without prejudice to your rights under applicable data protection laws.

Last Updated: 26-02-2026
Talk to us Chat with us