User Agreement

Aufum Team | 2024-08-05

Welcome to Aufum! This agreement is formulated to protect your legitimate rights and interests, clarify the rights and obligations of both parties, and ensure that our processing of your personal data strictly complies with the relevant laws and regulations in multiple regions. Please read this agreement carefully. By using our website, you are deemed to have consented to be bound by this agreement.

1 Collection of Personal Data

1.1 Clear Objectives

We only collect personal data that is necessary to provide website services, optimize user experience, ensure platform security, and fulfill legal obligations. For example, when you register, we may collect your email address to create an account; when you use website features, we collect cookies and relevant operational data to improve our services.

1.2 Principle of Minimization

The data we collect is strictly limited to the minimum scope required to achieve the above-mentioned purposes, and we will not engage in excessive collection. Sensitive information such as passport numbers and place of residence will not be recorded.

1.3 User Registration and Identity Verification

To comply strictly with child protection laws in various countries and confirm your exact age—so that parental consent is not required for legal registration—and to prevent malicious automated registrations, we use Didit, located in Spain, to verify your identity.

During the verification process, Didit will verify your identity information and may perform a liveness check. Once verified, Didit transmits your identity document information (such as name, date of birth, document number, gender, etc.) and liveness data to our servers located in Canada. Due to technical constraints of Didit’s KYC API, we receive this full data set and cannot selectively filter which fields we receive. However, Aufum only processes and retains your age information to comply with child protection laws and minimize data storage, and does not retain any other personal information.

For information on how Didit handles your personal data as well as their Information Security Policy, please refer to Didit’s Terms of Service.

1.4 Data Transmission

The backend of Aufum and the frontend used by users, including the website and the app, as well as all network communications with third parties, use HTTPS. At necessary steps, a secondary encryption is applied to ensure data security.

1.5 Areas Where Services Cannot Be Provided

Due to the complexity and specific requirements of personal data protection, privacy protection, and e-commerce laws in certain regions, as well as the need to adhere to international sanctions, we are currently unable to provide our services in the following areas. We are actively working to address these challenges and hope to expand our service coverage in the future.

• All EU/EEA Member States
• Cuba
• India
• Indonesia
• Iran
• Kazakhstan
• Mainland China
• Nigeria
• North Korea
• Russia
• Rwanda
• Turkmenistan
• United Arab Emirates
• Uzbekistan
• Vietnam

If there are other regions not listed above, please contact us. After verification, we will add them to the above list.”

2 Use of Personal Data

2.1 Lawfulness and Legitimacy

When using your personal data, we strictly adhere to the principles of lawfulness and legitimacy, and will never engage in any acts of misdirection, fraud, or coercion. We will only use data with your consent or as permitted by law. For instance, we may push personalized advertisements based on your authorization, or provide relevant data to law enforcement agencies as required by law.

2.2 Consistency of Purpose

The purpose of using personal data always remains consistent with the purpose at the time of collection. Without your explicit consent, we will not use the data for other purposes. If it is necessary to change the purpose of use, we will obtain your consent again.

2.3 Privacy and Data Sales Statement

We respect your privacy and do not sell your personal data under any circumstances. All users have the assurance that their personal information will never be sold to third parties.

3 Sharing of Personal Data

3.1 Restrictions on Third-Party Sharing

We will not proactively share your account data with third parties. For the courses you enroll in, instructors can only access a unique identifier that is valid only for that specific instructor.

3.2 Advertisements and their cookies

Due to being a small team, in order to sustainably provide our services, we may introduce advertising networks to display ads on our webpages for generating some revenue. Advertising networks may use cookies to store certain data, but we will not provide them with any information related to your identity.

To allow everyone to use our services for free, we display ads from our partners to generate enough revenue to support the normal operation of the website and app. If you prefer an ad-free experience, you can choose to subscribe to a paid plan. Please note that blocking ads may cause service interruptions or malfunctions.

4 Storage of Personal Data

4.1 Security Protection Measures

We adopt reasonable technical and management measures to comprehensively protect the security of your personal data, preventing data leakage, tampering, or loss.

The email address you use to register is stored in encrypted form and cannot be decrypted without your password. Your other data are only linked to the encrypted identity data via an identifier. In other words, all your data are desensitized and do not contain your real personal information.

4.2 Retention Period Provisions

Personal data will be stored for the shortest period necessary to achieve the processing purpose. Once the purpose is achieved and there is no legal requirement to continue storage, we will delete the relevant data in a timely manner.

4.3 Data Storage Location

Aufum’s main servers are located in the United States. In the future, if we set up servers in other regions, we will provide users with the option to migrate their data to a closer data center.

5 User Rights

5.1 Right to Information

You have the right to know the details of our collection, use, storage, and sharing of your personal data. We will fully disclose this information to you through this agreement and relevant privacy policies.

5.2 Right of Access

You can access the personal data we hold about you at any time. If you find that the data is inaccurate or incomplete, you have the right to request us to correct and supplement it.

5.3 Right to Erasure

Under circumstances permitted by law, such as when you withdraw your consent, the data processing purpose has been achieved, or it is no longer necessary, you have the right to request us to delete your personal data.

However, to comply with anti-money laundering and tax regulations in various countries, your transaction data will be retained for five years.

5.4 Right to Withdraw Consent

You can withdraw your consent to our processing of your personal data at any time. However, the withdrawal will not affect the legal validity of data processing activities that have been carried out based on your consent before the withdrawal.

6 Interpretation of the Agreement

The interpretation rights of this Agreement shall, in principle, belong to Aufum. However, this provision shall not and will not be applied in a manner that violates any applicable consumer protection laws or regulations. In case of any conflict or ambiguity, the interpretation shall be governed by the relevant legal provisions.

7 More Information

For more complete information, please refer to our Privacy Policy and Cookie Policy. We are always committed to protecting your personal data and privacy rights. If you have any questions or suggestions, please feel free to contact our customer support team at any time.

Email: support@aufum.com