Privacy policy

The data controller responsible for personal data processed through the MyLanGo website and related marketing and support channels is the MyLanGo operating entity (“MyLanGo”, “we”, “us”). Where course delivery, authentication, or grading is performed through a partner LMS, that platform operator may also act as an independent or joint controller for data processed on its systems. This policy covers processing we perform; the LMS provider's privacy notice will apply additionally to processing on its infrastructure.

This policy applies to visitors, registered learners, institutional contacts, and others who interact with the Services as defined in our Terms of use. It does not apply to third-party sites that we link to.

We may collect the following categories of information, depending on how you use the Services:

• Identity and contact data: name, email address, telephone number, organisation, country, and similar details you provide when registering, subscribing, or contacting us.
• Account and learning data: username, enrolment status, course progress, assessment outcomes, certificates, forum or support messages, and preferences you set in your profile when those features are available through our integrations.
• Technical and usage data: IP address, device type, browser type and version, time zone, operating system, pages viewed, referring URLs, and diagnostic events collected through logs, cookies, and similar technologies (see our Cookies policy).
• Payment data: where purchases are offered, payment-related information is processed by certified payment service providers; we typically receive limited transaction metadata rather than full card numbers.
• Communications: records of emails, chat transcripts, and feedback you send to us.

We process personal data for purposes that include:

• Providing the Services — account creation, authentication, course discovery, enrolment orchestration, customer support, and security monitoring (contract necessity; legitimate interests in operating a secure platform).
• Improving and personalising the experience — analytics, A/B testing, product development, and relevance of recommendations where enabled (legitimate interests or consent where required).
• Legal and compliance — fraud prevention, audit, responding to lawful requests from authorities, and enforcing our terms (legal obligation or legitimate interests).
• Marketing — where permitted, sending updates about courses and features; you may opt out of promotional communications at any time (consent or legitimate interests, depending on channel and jurisdiction).

We may share personal data with:

• Learning platform and infrastructure providers (for example, LMS hosting, content delivery, email delivery, and cloud storage) under written agreements requiring appropriate confidentiality and security measures.
• Partner institutions and instructors where necessary to deliver courses you have chosen or where your organisation sponsors access.
• Professional advisers (lawyers, auditors) where required.
• Authorities when we believe disclosure is required by law or necessary to protect rights, safety, or security.
• Business transfers — in connection with a merger, acquisition, or asset sale, subject to appropriate safeguards and notice where required.

We do not sell personal data in exchange for money.

Our service providers may process data in Myanmar and other countries. Where personal data is transferred across borders, we implement safeguards consistent with applicable law (such as contractual clauses, adequacy decisions, or your explicit consent where required) and assess the risks to your rights.

We retain personal data only as long as necessary for the purposes described, including to satisfy legal, tax, accounting, and dispute-resolution requirements. Retention periods vary by data category; for example, marketing consents may be retained until withdrawn, while transaction records may be kept for statutory periods. When data is no longer needed, we delete or anonymise it in line with our internal schedules.

We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit where standard for the channel, logging, and staff training. No method of transmission or storage is completely secure; please use a strong, unique password and protect your credentials.

Subject to applicable law (including the Myanmar PDPL where it applies to you), you may have the right to:

• request access to the personal data we hold about you;
• request correction of inaccurate or incomplete data;
• request deletion where there is no overriding legitimate ground to continue processing;
• object to or restrict certain processing, including direct marketing;
• withdraw consent where processing is consent-based, without affecting prior lawful processing;
• lodge a complaint with a competent data-protection or consumer authority.

To exercise these rights, contact privacy@mylango.app. We may need to verify your identity before responding. We will answer within the timeframe required by law, typically within thirty (30) days unless an extension is permitted.

The Services are not directed to children below the age of digital consent. We do not knowingly collect personal data from children without verifiable parental consent where required. If you believe we have collected such data, contact us and we will take prompt steps to delete it.

We do not use solely automated decision-making that produces legal or similarly significant effects concerning you without human review, except where required or permitted by law and disclosed to you in advance.

We may update this Privacy policy to reflect operational, legal, or regulatory changes. We will publish the revised policy on this page and revise the “Last updated” date. Where changes are material, we will provide additional notice as required by law.

Data protection enquiries: privacy@mylango.app