๐Important Notice
- โขThis Privacy Policy applies to the Destination Hub website, Android application, and iOS application.
- โขBy accessing or using Destination Hub, you acknowledge that you have read, understood, and agree to the practices described in this Policy.
- โขIf you do not agree with any part of this Policy, please discontinue use of the platform.
Introduction
Destination Hub ("we", "us", "our", or the "Platform") is a technology-driven Learning Management System (LMS) designed to facilitate academic administration, attendance management, and personalized learning experiences for students and educators.
We are committed to protecting the privacy of every individual who interacts with our Platform โ including students, instructors, and institutional administrators. This Privacy Policy ("Policy") describes:
- What personal information we collect and why
- How we use, store, and protect that information
- Your rights with respect to your personal data
- How you can contact us with questions or requests
This Policy applies to all products and services offered by Destination Hub, including our website (the "Site"), Android application, and iOS application (collectively, the "Services").
This Policy is designed to comply with applicable privacy laws including the GDPR (EU Regulation 2016/679), the Information Technology Act 2000 (India), Google Play Developer Policy, and Apple App Store Review Guidelines.
Information We Collect
We follow a strict data minimization principle โ collecting only information strictly necessary to provide, maintain, and improve our Services.
2.1 Information You Provide Directly
- Full Name โ to identify your account and personalize your experience
- Email Address โ used for authentication, account management, and essential platform communications
- Profile Picture โ retrieved from your Google account at sign-in, displayed within the platform for account identification only
2.2 Information We Collect Automatically
We collect a minimal set of operational data to ensure security and stability:
- Device Type and OS Version โ collected solely to ensure compatibility and diagnose technical issues; never linked to your identity
- Session Timestamps โ date and time of login/logout events, used for security and audit purposes
We do NOT collect: IP addresses, browser fingerprints, behavioral tracking data, advertising identifiers, or detailed usage analytics tied to individuals.
2.3 Location Data
๐Location Data โ Important Details
- โขLocation is accessed solely during live, opt-in attendance verification sessions.
- โขWe verify whether you are within a pre-defined radius of approximately 20โ30 meters from the registered institution's coordinates.
- โขYour precise location coordinates are NOT stored after the verification check is complete.
- โขLocation data is NEVER shared with third parties, used for tracking, or processed for advertising or profiling.
- โขYou will always be informed before location access is requested.
2.4 Google OAuth Login Data
When you sign in with Google, we receive only the following via OAuth 2.0:
- Your full name
- Your email address
- Your Google profile picture URL
We do NOT receive your Google password, Contacts, Calendar, or any other Google service data.
2.5 Information We Do NOT Collect
How We Use Your Information
3.1 Core Platform Operations
- Account Creation & Authentication โ to create, verify, and manage your user account
- Attendance Verification โ to confirm your physical presence at a registered institution during scheduled sessions using one-time location checks
- Personalized Learning Experience โ to display enrolled courses, progress tracking, and relevant academic content
- Platform Security โ to detect and prevent unauthorized access, fraud, and abuse
- Customer Support โ to respond to your queries, complaints, and requests
3.2 Platform Improvement and Analytics
๐Anonymized Analytics Disclaimer
- โขDestination Hub may use aggregated and fully anonymized data (e.g., total active sessions per day, feature usage rates) to improve our Services.
- โขThis data does NOT include your name, email address, or any other personally identifiable information.
- โขAnonymized data cannot be used to identify any individual user.
3.3 What We Do NOT Do
- We do not use your data for targeted advertising or behavioral profiling
- We do not sell, rent, lease, or trade your personal information to any third party
- We do not use your data to make automated decisions with legal or significant effects
- We do not use your email address for unsolicited marketing communications
Legal Basis for Processing (GDPR)
If you are located in the EEA or a jurisdiction governed by GDPR-equivalent laws, we process your personal data on the following legal bases:
๐
Contractual Necessity
Processing required to fulfill our agreement and provide the Services you requested (e.g., account management, attendance verification).
๐ข
Legitimate Interests
Minimal operational data (e.g., session timestamps, device type) to maintain platform security, where not overridden by your rights.
โ
Consent
Where we rely on consent (e.g., location access), you may withdraw at any time without affecting the lawfulness of prior processing.
โ๏ธ
Legal Obligation
We may process data to comply with applicable laws, court orders, or regulatory requirements.
Leaderboard & Competitive Features
Destination Hub includes leaderboard and performance ranking features designed to encourage healthy academic competition. We take the following privacy-protective measures:
- Your real name and profile picture will be displayed publicly on any leaderboard or ranking feature
- Participants are identified using their real name on all leaderboard or ranking features
- User profile information used for leaderboard display may include data you provide, such as your name and profile picture
- Any future opt-in public identification feature will require your explicit written consent
Data Sharing and Disclosure
We do not sell, trade, or share your personal information with third parties for commercial purposes. Your data may be shared only in the strictly limited circumstances below.
6.1 Authorized Service Providers
Trusted third-party providers assist us in operating the Platform. They:
- Act only as data processors on our behalf
- Are contractually bound to process your data solely for the purposes we specify
- May not use your data for their own purposes, including advertising
- Are required to implement appropriate security measures
6.2 Legal Compliance and Protection
We may disclose your personal information when:
- Required by applicable law, regulation, legal process, or enforceable governmental request
- Necessary to enforce our Terms of Service or protect rights, property, or safety
- Required to prevent or respond to fraud, security breaches, or technical issues
6.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the successor entity. We will notify you before your data becomes subject to a different privacy policy.
6.4 With Your Consent
We may share your information with third parties in any circumstance where you have provided your prior, explicit, and informed consent.
Cookies and Tracking Technologies
Destination Hub does not use third-party tracking cookies, advertising pixels, cross-site tracking technologies, or behavioral analytics tools that collect personally identifiable data.
Our platform may use essential session tokens strictly necessary for platform operation:
- Session authentication tokens โ to keep you securely logged in during a session
- CSRF protection tokens โ to prevent cross-site request forgery attacks
๐ชNo Advertising Tracking
- โขThese functional tokens are NOT used for tracking, advertising, or profiling.
- โขThey expire at the end of your session or upon logout.
- โขWe do not integrate any advertising networks, social media pixels, or cross-device tracking technologies.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer period is required or permitted by law.
8.1 Retention Periods
| Data Type | Retention Period |
|---|---|
| Account Data (name, email, picture) | Deleted upon user request without undue delay. If the system is temporarily unavailable due to server downtime, maintenance, or technical failure, deletion requests will be queued and executed promptly once services are restored, and in any case within a reasonable timeframe after restoration. |
| Location Data | NOT stored beyond completion of each attendance verification event |
| Session Logs | 12 months retained for security, abuse prevention, and system integrity purposes |
| Anonymized Analytics Data | May be retained indefinitely, provided it does not identify any individual user |
| Legal Hold Data | Retained for the duration required to comply with applicable legal obligations or valid legal requests |
8.2 Account Deletion
Upon receipt of a verified deletion request, we will:
- Permanently delete your personally identifiable information instantly upon receiving a confirmed deletion request, where technically feasible and when systems are operational
- Remove your account from active systems and production databases, making it immediately inaccessible for normal use
- Residual data may persist in encrypted backups for a limited period and will be removed automatically according to standard backup rotation policies
Data Security
Encryption in Transit
TLS encryption for all data between your device and our servers
Encryption at Rest
AES-256 equivalent encryption for all stored personal data
Access Controls
Strict need-to-know access controls for all personnel
9.1 Organizational Safeguards
- Internal data handling policies and staff confidentiality obligations
- Regular security reviews of third-party service providers
- Incident response procedures for suspected data breaches
9.2 Breach Notification
In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify you and/or the relevant supervisory authority without undue delay, and in any event within [INSERT: e.g., 72 hours] of becoming aware, as required by applicable law.
๐Security Disclaimer
- โขWhile we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure.
- โขWe encourage you to use strong, unique passwords and contact us immediately if you suspect unauthorized access to your account.
Your Privacy Rights
Right to Access
Request a copy of the personal data we hold about you
Right to Correction
Request correction of inaccurate or incomplete personal data
Right to Deletion
Request permanent deletion of your account and data
Right to Portability
Receive your data in a structured, machine-readable format
Withdraw Consent
Withdraw consent (e.g., location) at any time via device settings
Right to Object
Object to certain types of processing, including analytics
Right to Restriction
Request restriction of processing in certain circumstances (EEA)
Supervisory Authority
Lodge a complaint with your local data protection authority (EEA)
10.1 Exercising Your Rights
๐งPrivacy Rights Requests
- โขEmail: destinationhub1.in@gmail.com
- โขSubject Line: "Privacy Rights Request โ Destination Hub Team"
- โขResponse Time: We aim to respond within 30 days of receiving a verified request.
- โขVerification: We may need to verify your identity before processing your request.
Children's and Student Privacy
Destination Hub is designed to serve students, which may include individuals under the age of 18. We take student privacy with the utmost seriousness.
11.1 Age Restrictions
Our Services are intended for students enrolled in accredited educational programs, typically aged 13 years and above. We do not knowingly collect personal data from children under 13 without verifiable parental or guardian consent.
If we discover we have inadvertently collected personal data from a child under 13 without appropriate consent, we will promptly delete such data.
11.2 Student Data Protections
- We collect only the minimum personal data necessary from student accounts
- Student data is never used for advertising, profiling, or commercial purposes
- Student data is not sold or shared with third parties for any commercial purpose
- Leaderboards use anonymized identifiers โ no student's real identity is ever publicly displayed
- Institutional administrators may access only aggregate, anonymized data about enrolled students for educational administration purposes
11.3 Parental Rights
Parents or legal guardians of students under 18 may contact us to review, correct, delete, or withdraw consent for data uses relating to their child. Please email destinationhub1.in@gmail.com.
Mobile Application Permissions
Our Android and iOS applications request only the following device permissions, each strictly necessary for core platform functionality:
Location Permission
One-time proximity check for attendance verification during active sessions only โ never in the background.
Internet Permission
Required for the application to communicate with our servers for authentication, content delivery, and attendance verification.
Permissions We Do NOT Request
International Data Processing
Destination Hub is operated from India. Our servers and service providers may be located in India or other countries, including those within the EEA, the United States, or other jurisdictions.
Where we transfer personal data internationally, we take steps to ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission (for transfers to/from the EEA)
- Contractual data processing agreements with all service providers
- Ensuring recipient countries provide an adequate level of data protection
Third-Party Services and Links
14.1 Google OAuth
Sign-in via Google is governed by Google's Privacy Policy and Terms of Service. We encourage you to review your Google account privacy settings.
14.2 Cloud Infrastructure
We use cloud infrastructure providers to host our Platform. These providers process data on our behalf as data processors and are contractually bound by our data protection requirements.
14.3 No Advertising Networks
โ Ad-Free Commitment
- โขWe do not integrate any advertising networks into our Platform or applications.
- โขWe do not include affiliate tracking systems or ad-monetization SDKs.
- โขYour data is never used for advertising by us or our partners.
Consent and Withdrawal
Where our processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing carried out before the withdrawal.
15.1 How Consent Is Obtained
- Account Registration โ by completing registration and agreeing to our Terms of Service and this Privacy Policy
- Location Access โ your device OS will prompt you explicitly before location access is granted; you must affirmatively grant this permission
- Google OAuth โ by selecting 'Sign in with Google', you authorize us to receive your name, email, and profile picture
15.2 How to Withdraw Consent
- Location Permission โ revoke via device Settings โ Apps โ Destination Hub โ Permissions โ Location โ Deny
- Account Data โ submit an account deletion request (see Section 16)
- General Data Use โ contact us at destinationhub1.in@gmail.com
Account Deletion
You have the right to permanently delete your Destination Hub account and all associated personal data at any time, free of charge and without providing a reason.
16.1 How to Request Deletion
In-App
Navigate to Settings โ Account โ Delete Account (if available in your app version)
By Email
Send a request to destinationhub1.in@gmail.com with subject "Account Deletion Request โ [Your Registered Email]"
Web Form
https://destination-dashboard-one.vercel.app/delete-account
16.2 What Happens Upon Deletion
- Your account will be deactivated immediately upon confirmation
- All personally identifiable data will be permanently deleted within 30 days, subject to technical feasibility and system availability
- Anonymized data that cannot be linked back to you may be retained
- Data required for legal obligations will be held for the applicable statutory period only
Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time. We will use commercially reasonable efforts to provide advance notice of material changes.
17.1 How We Notify You
- Material changes โ prominent notice via in-app notification and/or email at least 15 days before the change takes effect
- Minor or clarificatory changes โ we will update the 'Last Updated' date at the top of this Policy
- Continued use of the Platform after the effective date of any change constitutes your acceptance of the revised Policy
- If you do not agree to the revised Policy, you must discontinue use and may request account deletion
The most current version of this Policy is always accessible at https://mydestinationhub.in/privacy-policy.
Legal Compliance
Destination Hub is committed to complying with applicable data protection and privacy laws. Our practices are designed to meet the requirements of the following frameworks:
IT Act 2000 (India)
Information Technology Act, 2000 and SPDI Rules, 2011
GDPR
EU Regulation 2016/679 (to the extent applicable to EEA users)
Google Play Policy
Data Safety and Privacy requirements under Google Play Developer Policy
Apple App Store
App Store Review Guidelines Section 5.1 (Privacy)
Contact Information & Grievance Redressal
We take all privacy concerns seriously. If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us below.
19.1 General Privacy Inquiries
destinationhub1.in@gmail.com
Privacy / Grievance queries
Response Time
Within 30 days
For verified requests
Address
[INSERT Business Address]
Registered office
Website
https://mydestinationhub.in/privacy-policy
Policy always available here
19.2 Data Protection Officer (DPO)
[INSERT: DPO name and contact, or: "We are in the process of designating a Data Protection Officer. In the interim, all data protection queries should be directed to the email address above."]
19.3 Grievance Officer (India โ IT Act 2000)
๐Grievance Officer Details
- โขName: Navneet Kumar
- โขDesignation: Grievance Officer
- โขEmail: destinationhub1.in@gmail.com
- โขAddress: Andal, West Bengal, India
- โขAvailability: Monday โ Friday, 09:00 AM โ 05:00 PM IST
- โขGrievances will be acknowledged within 24 hours and resolved within 30 days of receipt.
19.4 Regulatory Complaints (EEA Users)
If you are located in the EEA and believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at: edpb.europa.eu.