PCL Logo
CoursesCommunityPricing
Get StartedLogin

Privacy Policy

Version: 1.0 (Global Compliance Edition)

Last Updated: June 2, 2026

Effective Date: June 2, 2026

Introduction

Kunbyte (Hangzhou) Intelligent Technology Co., Ltd. (“we,” “us,” or “our”) fully understands the importance of personal information to you. We strictly comply with major global privacy laws and regulations and adopt mature industry-standard security measures to protect your personal information. This Privacy Policy (the “Policy”) is intended to explain to global users how we process your personal information when you use our PCL course publishing and learning platform (the “Platform”). This Policy is strictly aligned with and complies with the Personal Information Protection Law of the People’s Republic of China (“PIPL”), the EU/UK General Data Protection Regulation (“GDPR”), and the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”).

Please note that this Policy describes the Platform’s current data processing practices, as well as features planned for future launch, such as embedded payment functions and advanced AI tools. The relevant data processing activities will be notified to you through pop-up notices, email, or other appropriate means before such features officially go live, and we will obtain your consent again where required by law.

[Important Notice]The Platform adopts an explicit informed consent mechanism with unchecked-by-default boxes. Checkboxes must not be pre-selected by default. Once you actively check the consent box during login or registration and use our services, it means that you understand and agree that we may process your relevant information in accordance with this Policy.

1. How We Collect and Use Your Personal Information

We strictly follow the principles of data minimization and purpose limitation. The Platform collects only the minimum data set necessary to maintain basic account operations, deliver courses, and ensure secure reconciliation of third-party payments. We will never collect, store, or process on the server side your mobile phone number, real-name salary/personal income information, biometric data (such as facial data), or any point-cloud three-dimensional trajectory assets.

1.1. Registration, Login, and Account Activation (Default Password Assignment)

When a school or administrator imports accounts in bulk, or when you create an account on your own, we collect your full name and email address in order to establish your user identity, provide personalized course recommendations, generate course certificates, and fulfill platform management obligations.

Full Name: Used for course certificate attribution, identity recognition between teachers and students, and customer service verification.

Email Address: Used as the sole credential for account login, for receiving course notifications, and for password recovery.

In line with the principle of data minimization, we do not collect your phone number, address, or any sensitive personal information at this stage.

Default Password Compliance and Security Requirement: After an account is successfully created, the system will automatically assign an initial temporary default password. To meet global cybersecurity compliance requirements, when you log in for the first time, the front-end system will enforce a strict access block, and you must immediately change the initial password in order to activate full course learning and publishing functions.

1.2. Normal Operation of the Product and Security Risk Control

When you access and use the Platform, in order to ensure the basic operation of the SaaS multi-tenant system and troubleshoot faults, we automatically record necessary technical log information, including your IP address, login status, browser type and User Agent, operating system, time zone settings, and core operation timestamp logs. These logs do not include any sensitive network hardware physical addresses such as MAC addresses.

1.3. Future Course Payments and Masked Credentials

To complete future online course subscriptions, license purchases, or seat quota payments, we plan to integrate secure third-party payment gateways such as Stripe and PayPal, meaning that you will make payments through dedicated secure embedded components within the Platform. When payment functions are officially launched in the future, we will follow the principles below:

  1. PCI-DSS Financial Security Compliance: The Platform will fully comply with global cardholder data protection standards.
  2. Data Minimization: Our servers will never access, collect, or store your full bank card number (PAN), CVV security code, or any payment password.
  3. Tokenization: All payment transactions will be completed through encrypted redirection to official payment gateways. We will only receive and retain masked transaction credentials returned by the third-party gateway, such as “Visa ending in 4242,” PayPal customer ID, or transaction hash values, for financial invoicing, after-sales dispute reconciliation, and anti-money laundering (AML) legal obligations.
  4. Notice Before Launch: Before the payment function is officially launched, we will provide you with prominent notice through on-site messages or email and update this Privacy Policy.

1.4. Retention of Platform Operation Logs

To ensure the normal operation of the Platform, troubleshoot technical failures, and satisfy legal requirements for traceability, when you use the Platform’s core functions, such as publishing courses or submitting assignments, the system will automatically record necessary operation logs in accordance with law, including your user identity, operation time, operation type, and behavior. Such logs will be retained for no less than six months from the date of the relevant activity. We will not use these logs for user profiling or for any processing beyond legal requirements.

At present, the Platform does not yet provide a standalone AI content generation tool. If such functionality is launched in the future, we will provide you with prominent notice through on-site messages or email and update this Privacy Policy.

1.5. Unified Customer Service and Dispute Resolution

When you submit a course refund request, pre-sales inquiry, or technical dispute to us, we need to verify your name and registered email address in order to protect account security in the multi-tenant system. We may retain records of your communications with customer service, including email content, account information, order numbers, and other materials you provide to prove relevant facts. The foregoing information will be retained only for up to one year after the matter has been resolved.

1.6. Circumstances Where Authorization and Consent Are Not Required

In accordance with applicable laws and regulations, we may process your personal information without obtaining your authorization and consent under the following circumstances:

  1. Where directly related to national security, national defense security, or significant public interests;
  2. Where directly related to criminal investigation, prosecution, trial, or enforcement of judgments;
  3. Where necessary to protect major lawful rights and interests such as life or property, but it is difficult to obtain your consent;
  4. Where necessary for the conclusion and performance of a contract at your request, such as maintaining your course subscription rights;
  5. Where necessary to maintain the secure and stable operation of the Platform, such as detecting and handling product failures.

2. How We Share, Transfer, and Publicly Disclose Your Personal Information

  1. Sharing: We will never share your personal information with any organization or individual outside our company. However, in order to process cross-border course billing, you agree that we may transmit necessary encrypted order tokens to authorized partners such as Stripe, PayPal, and GoPay. We have signed strict Data Processing Agreements (DPAs) with such service providers, and they have no right to use the data for advertising or any other purposes.
  2. Transfer: We will not transfer your personal information to any third party unless we have obtained your explicit separate consent. In the event of a merger, acquisition, or asset transfer involving the transfer of personal information, we will provide prominent notice by pop-up or email and require the new holding entity to continue to be bound by this Policy.
  3. Public Disclosure: We will disclose your necessary information only where required by mandatory law, such as administrative law enforcement or judicial rulings, and only upon receipt of a lawful subpoena or investigation letter, in accordance with the type of request and applicable jurisdictional procedures.

3. Personal Information Security Protection and Retention Period

  1. Technical Safeguards: We implement strong technical controls to ensure data security, including full HTTPS/TLS encryption during transmission, complete logical isolation of multi-tenant back-end data, anti-brute-force protection mechanisms, and tamper-proof system auditing for all back-end query and modification interfaces.
  2. Retention Periods:
    • Basic account identity information (including your name and email address): retained for one year after you voluntarily cancel your account, so that your basic identity may be restored if you reactivate the account, or to resolve disputes arising before cancellation;
    • Masked payment records and invoice credentials: retained for seven years in accordance with cross-border financial, tax audit, and anti-money laundering requirements;
    • System operation technical logs and AI operation logs: mandatorily retained for six months in accordance with law.

After the applicable retention period expires, we will physically erase the data completely from the system or irreversibly anonymize it.

4. Localized Protection of User Rights in Specific Jurisdictions

4.1. EU / UK Users (GDPR Applicable Provisions)

Under the GDPR, you enjoy full statutory rights and may at any time request access to, correction of, restriction of processing of, objection to processing of, portability of, or permanent erasure (“right to be forgotten”) of your personal data. Where data must be transferred outside the EU due to cloud infrastructure services, such as AWS or Alibaba Cloud International, we will sign the European Commission’s Standard Contractual Clauses (SCCs) with service providers to ensure an equivalent level of encryption protection.

4.2. Mainland China Users (PIPL Applicable Provisions)

Under the PIPL, when you use this system within mainland China, you are legally entitled to the right to know, the right to decide, the right to restrict or refuse processing, the right of access, the right to correction, and the right to deletion. Your name and email address collected within China will by default be stored within China. Where it is necessary to provide essential transaction token information overseas for the settlement of cross-border bills through PayPal or Stripe, the system will obtain your separate consent in accordance with law and implement full TLS high-strength encryption during transmission.

4.3. U.S. / California Users (CCPA/CPRA Applicable Provisions)

We hereby solemnly state and undertake that we will never sell your personal information to any third-party data broker, nor share your name or email address for cross-context behavioral advertising. You have the legal right to know and may request disclosure of the specific categories of data we hold, and you also have the right to request complete deletion at any time.

4.4. International Anti-Spam and One-Click Unsubscribe

To strictly comply with international anti-spam rules, including the U.S. CAN-SPAM Act, all automated system receipts and course update emails sent by the Platform will contain a clear and conspicuous one-click “Unsubscribe” link at the bottom. We undertake to process your unsubscribe request free of charge within 10 business days.

5. How to Contact Us and Judicial Remedies

If you wish to exercise any of your statutory privacy rights, withdraw part of your consent, or apply to cancel your account (account cancellation is irreversible, and all course history records and quotas will be erased), please send a written request from your registered email address to our official compliance contact channel:

  • Personal Information Protection and Compliance Email:
  • Official Response Time: We will complete identity verification and respond within 15 business days.
  • Judicial Remedy and Jurisdiction: If you are dissatisfied with our response or handling, especially where you believe that our processing of your personal information has harmed your lawful rights and interests, and the dispute cannot be resolved through consultation, both parties agree that the dispute shall be brought before the competent People’s Court with jurisdiction over the domicile of Kunbyte (Hangzhou) Intelligent Technology Co., Ltd. in Hangzhou, China. The formation, performance, and interpretation of this Policy shall be governed by the laws of the People’s Republic of China.
PCL

Master the future of technology through hands-on GPU-accelerated curriculum.

Platform

All CoursesCommunityPricing

Support

Help CenterTerms of ServicePrivacy PolicyContact us
(c) 2026 PCL Platform. All rights reserved.Practice-centered AI education for modern classrooms.