epochlab
Dataset pathsCoursesPricingFAQAbout
Sign inGet started
Legal

Privacy Policy

What we collect, why, and the choices you have.

Last updated: 8 July 2026

1. Overview

This policy explains how EpochLab collects and uses your personal data. We handle data in line with the Malaysian Personal Data Protection Act 2010 (PDPA). By using EpochLab, you agree to this policy.

2. Data we collect

  • Account data: your name and email, from sign up or from Google sign-in.
  • Learning data: your course progress, completed lessons, checkpoint submissions (the notebook link and the approach you describe), badges, and certificates.
  • Payment data: pass tier, amount, and a toyyibPay reference. Payments are processed by toyyibPay; we do not store your full card number.
  • Technical data: a secure session cookie so you stay signed in. We do not use advertising trackers.

3. How we use your data

  • To run your account and show your progress and certificates.
  • To grant and gate access based on your active pass.
  • To generate assisted checkpoint reviews (your described approach is sent to Google Gemini to produce coaching feedback).
  • To process payments and send receipts and pass-expiry reminders.
  • To improve courses and keep the platform secure.

4. Service providers we share data with

  • Supabase: authentication, database, and storage.
  • Google: Google sign-in (OAuth) and Gemini for checkpoint review. Your described approach is processed to return feedback.
  • toyyibPay: payment processing for prepaid passes.
  • Google Cloud: hosting of the application.

We share only what each provider needs to deliver its service, and we do not sell your personal data.

5. Certificates are public by design

A certificate can be verified by its unique verification ID on a public verify page. This shows the holder name, course, and date so a certificate can be confirmed as genuine. Do not put sensitive information in your display name if you do not want it shown there.

6. Data retention

We keep your account and learning data while your account is active. If you delete your account, we remove your personal data within a reasonable period, except where we must keep records (for example, payment records) to meet legal obligations.

7. Your rights

  • Access and correct your profile from your account settings.
  • Request a copy of your data or ask us to delete your account.
  • Withdraw consent, though some features will stop working without it.

To exercise these rights, email us at hello@epochlab.my.

8. Security

Access is protected by authentication and row-level security so you can only read your own data. Secrets and API keys are stored server-side and never exposed to your browser. No system is perfectly secure, so please keep your password safe.

9. Children

EpochLab is intended for learners who can consent to these terms, or who have a parent or guardian consent on their behalf.

10. Changes and contact

We may update this policy and will post changes here with a new date. Contact us at hello@epochlab.my with any privacy question.

epochlab

Malaysia-first ML and Deep Learning, from zero to deployed. One epoch at a time.

Learn
CoursesPricingFAQAbout
Account
Sign inCreate accountDashboardMentorship
2026 epochlab, epochlab.myTermsPrivacyMade in Malaysia