Privacy Policy
This policy explains what GH600 Lab collects, why it is used, and the choices available to learners and buyers.
1. Information we collect
- Identity and contact: email address and information you submit through access, checkout-intent, team, support, or issue-report forms.
- Learning activity: diagnostic answers, scores, domain readiness, paid-scenario attempts, mock progress, and completion timestamps.
- Access and transaction metadata: plan, entitlement status, payment-provider references, access-code use, session identifiers, and refund status. We do not receive or store complete card details.
- Technical and analytics data: page path, campaign parameters, browser-stored identifiers, feature events, error information, and security logs.
2. How we use information
We use information to deliver diagnostics and reports, provide and verify paid access, grade scenarios, remember progress, process support and refunds, prevent abuse, correct content, secure the service, understand the purchase funnel, and meet legal or accounting obligations.
3. Legal bases
Depending on your location, processing may rely on performance of a contract, legitimate interests in operating and securing the product, consent where required, and compliance with legal obligations. You may withdraw consent for future processing where consent is the applicable basis.
4. Service providers and sharing
Information may be processed by suppliers needed to operate GH600 Lab, including Paddle for checkout and payment support, Supabase for database services, Cloudflare for hosting and security, and serverless or email providers used to deliver the service. They receive only the information necessary for their role.
We do not sell personal information. We may disclose information when legally required, to investigate fraud or security incidents, or as part of a business transfer subject to appropriate safeguards.
5. Browser storage
GH600 Lab uses local storage and similar browser technology for an anonymous session ID, diagnostic progress, analytics events, and paid-session continuity. Clearing site data may remove local progress or require you to verify access again. Payment-provider checkout may use its own necessary cookies under the provider’s policy.
6. Retention and security
We retain information only as long as reasonably needed for access delivery, support, security, product improvement, dispute handling, and legal obligations. Retention varies by record type. Session tokens are stored in hashed form on the server, access can be revoked, and database access is restricted to server-side systems.
No online service can promise absolute security. Please report suspected unauthorized access promptly.
7. Your choices and rights
Subject to applicable law, you may ask to access, correct, delete, restrict, or receive a copy of personal information, or object to certain processing. We may need to verify your identity and may retain records required for fraud prevention, transactions, or legal compliance.
To request assistance, email support@gh600lab.com. You may also contact your local data-protection authority where that right applies.
8. International use and children
Providers may process information in countries other than your own, using contractual or legal safeguards where required. GH600 Lab is intended for professional and certification learners and is not directed to children under 16.
9. Updates
We may update this policy when the product, providers, or legal requirements change. The effective date above identifies the current version.