PRIVACY POLICY
Last updated: 10.06.2026
1. Introduction
C-kata ("we," "our," "us") respects your privacy and is committed to protecting your personal data.
This Privacy Policy explains how TECH HAVEN LIMITED collects, uses, stores, shares, and protects personal data when you access or use c-kata.com, create an account, purchase CKC digital credits, complete coding exercises, contact support, or otherwise interact with the Service.
We process personal data in accordance with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.
2. Data Controller
Controller: TECH HAVEN LIMITED
Registration No: 14287322
Address: 72 Halliwick Road, London, N10 1AB, United Kingdom
Email: [email protected]
TECH HAVEN LIMITED is the data controller responsible for the personal data processed through c-kata.com.
3. Data We Collect
We may collect and process the following categories of personal data:
Account Data: email address, securely hashed password, optional phone number, social login identifiers, account settings, account status, and account creation date.
Payment Metadata: transaction ID, order ID, payment reference, amount, currency, transaction status, payment method metadata, CKC digital credits purchased, receipt information, refund status, and related payment records. We do not store full card numbers, CVV/CVC codes, or sensitive card authentication data.
Billing, Refund, and Dispute Data: payment reference, transaction status, refund request details, refund status, chargeback evidence, fraud-screening indicators, support correspondence, CKC delivery records, and transaction logs related to CKC purchases.
Progress Data: XP, rank, CKC balance, completed tasks, task history, usage history, learning progress, and other account-based platform activity.
Technical Data: IP address, browser type, device information, operating system, approximate location derived from technical data, security logs, server logs, authentication logs, and error logs.
Support Data: messages sent to support, issue descriptions, attachments or screenshots provided by the user, support history, and resolution notes.
Cookies Data: essential cookies and optional analytics or marketing cookies, subject to consent where required. For more information, please refer to our Cookie Policy.
User-Created Code and Content: code, submissions, or other content created while using the Service, only to the extent necessary to provide the Service, run task checks, maintain account progress, provide support, and operate platform functionality.
We do not collect or store users' source code beyond what is necessary to provide the Service within their account and support the functionality of the platform.
4. How We Use Your Data
We process your personal data to:
Provide, operate, and maintain the Service.
Create, authenticate, and secure user accounts.
Process payments and manage CKC digital credit balances.
Deliver CKC digital credits to user accounts after successful payment confirmation.
Provide receipts, transaction records, billing support, refunds, and dispute handling.
Track learning progress, XP, rank, task completion, and platform usage.
Provide customer support and respond to billing, delivery, refund, technical, and account-related requests.
Prevent fraud, abuse, unauthorized access, payment misuse, and security incidents.
Maintain platform security, diagnose technical issues, and improve service reliability.
Comply with accounting, tax, legal, regulatory, and card-scheme obligations.
Improve the platform through aggregated, anonymized, or consent-based analytics.
Send service-related communications, such as account, payment, security, and support notifications.
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
5. Legal Basis for Processing
We process personal data based on the following legal bases:
Contractual necessity: to create and manage your account, provide the Service, process purchases of CKC digital credits, deliver digital content, maintain balances, and provide customer support.
Legal obligations: to comply with accounting, tax, regulatory, fraud-prevention, dispute, and legal record-keeping requirements.
Legitimate interests: to maintain platform security, prevent fraud and abuse, improve the Service, resolve disputes, protect our rights, and ensure reliable operation of the platform.
Consent: for optional cookies, analytics cookies, marketing communications where applicable, and any other processing that requires consent under applicable law.
6. Data Sharing
We may share personal data with trusted third parties where necessary to operate the Service, process payments, provide support, comply with legal obligations, or protect the platform.
Payment processing: we share necessary transaction and payment metadata with payment service providers for payment processing, fraud prevention, refunds, dispute handling, chargeback handling, and compliance. We do not store full card numbers, CVV/CVC codes, or sensitive authentication data.
Operational service providers: we may share necessary data with hosting providers, infrastructure providers, analytics providers where enabled with consent, email and support providers, fraud-prevention providers, security providers, and technical service providers.
Legal and regulatory authorities: we may share personal data where required by law, court order, regulatory request, tax requirement, law enforcement request, or to protect our legal rights.
Payment disputes and chargebacks: if a chargeback, payment dispute, refund request, or billing issue occurs, we may share transaction, delivery, account, technical, and support records with the payment provider, acquirer, card issuer, card network, or relevant dispute-handling body.
We do not sell or rent personal data to third parties.
Where personal data is transferred outside the United Kingdom or European Economic Area, we use appropriate safeguards where required, such as Standard Contractual Clauses or other lawful transfer mechanisms.
7. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Account data: retained while the account remains active and deleted or anonymized after account deletion, unless retention is required for legal, security, fraud-prevention, billing, or dispute reasons.
Progress data: retained while the account remains active and deleted or anonymized after account deletion, unless retention is required for legal, security, fraud-prevention, billing, or dispute reasons.
Payment records: retained for up to 7 years where required for accounting, tax, legal, and compliance purposes.
Billing, refund, and dispute records: retained for up to 7 years where required for accounting, tax, legal, fraud-prevention, and card-scheme dispute purposes.
Support tickets: retained for up to 3 years after resolution unless a longer period is required for legal, fraud-prevention, security, or dispute reasons.
Technical logs: retained for up to 30 days unless a longer period is required to investigate security incidents, fraud, abuse, technical issues, legal requests, or disputes.
Fraud-prevention and security logs: retained only as long as necessary for security, abuse prevention, fraud prevention, legal compliance, and dispute handling.
Cookie data: retained according to the periods stated in our Cookie Policy or cookie settings tool.
8. Your Rights
Under applicable data protection laws, you may have the right to:
Access your personal data.
Request correction of inaccurate or incomplete personal data.
Request deletion of your personal data.
Request restriction of processing.
Object to processing based on legitimate interests.
Request data portability.
Withdraw consent at any time where processing is based on consent.
Lodge a complaint with a data protection authority.
To exercise your data protection rights, contact us at [email protected].
We may need to verify your identity before processing your request. We aim to respond within one month unless an extension is permitted by law.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe that your data protection rights have been violated.
9. Security Measures
We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, disclosure, or destruction.
These measures may include:
Encryption in transit using HTTPS/TLS.
Secure password hashing and salting.
Access controls and restricted access to personal data.
Logging, monitoring, and security review procedures.
Protection against unauthorized access, abuse, fraud, and malicious activity.
Use of secure payment integrations provided by payment service providers.
No storage of full card numbers, CVV/CVC codes, or sensitive card authentication data on TECH HAVEN LIMITED servers.
However, no online service can be guaranteed to be completely secure. Users are responsible for keeping their account credentials confidential and notifying us immediately of any suspected unauthorized access.
10. Children's Data
The Service is intended for users aged 18 and older.
We do not knowingly collect personal data from children. If we become aware that personal data has been collected from a person under 18, we may delete the relevant account and data, subject to applicable law.
11. Cookies
Essential cookies are required for the operation, security, authentication, and functionality of the Service.
Optional cookies, including analytics or marketing cookies, are used only where the user has provided consent through the cookie banner or cookie settings tool, where required by applicable law.
You can change or withdraw cookie consent as described in our Cookie Policy.
For more details, please refer to our Cookie Policy.
12. Third-Party Content and Open Source Materials
Some educational materials may be adapted from open-source resources, including Exercism open-source repositories, and may be distributed under the MIT License.
These materials are provided "as is" without warranty, and their use is described in more detail in our Terms & Conditions.
C-kata is operated independently by TECH HAVEN LIMITED and is not affiliated with, sponsored by, or endorsed by Exercism.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the Service, legal requirements, operational practices, or data processing activities.
The latest version will always be available at:
The "Last updated" date at the top of this page indicates when this Privacy Policy was last revised.
14. Contact Information
For questions about this Privacy Policy or to exercise your data protection rights, please contact us:
TECH HAVEN LIMITED
72 Halliwick Road, London, N10 1AB, United Kingdom