The following entities are collectively referred to as "Leap" in this Privacy Policy
Leap ( "we," "our," and "us") respects the privacy of online customers and visitors to (www.leapfinance.com, www.geebeeworld.com, leapscholar.com), affiliated pages, and any mobile application (an "App"), including the IELTS prep by Leap Scholar app available on Google Play Store (ID=com.knudge.ielts) (collectively, the "Site").
This Privacy Policy explains what information we collect when you visit or interact with the Site, how we use it, when we may share it, and the rights and choices available to you. It applies regardless of how you access the Site, including through a mobile device. It does not apply to information collected from or about you as a customer or applicant for a student loan unless a separate product-specific or service-specific notice says otherwise.
Our Sites may link to third-party services, apps, or social media sites that we do not control ("Third Party Sites"). Third Party Sites may have different privacy practices and security standards, and your use of them is governed by their own terms and policies.
Controller and contact details:Leap is responsible for the personal data described in this Privacy Policy unless another notice says otherwise. The relevant Leap entity responsible for your personal data is identified in the applicable service or product notice. You may contact us at contact@leapscholar.com. or by post at Leap, D409, Raheja Residency, 3rd Block Koramangala, Bengaluru 560034, Karnataka, India.
UK Representative :Article 27 of the UK GDPR does not apply to Leap. Leap does not offer services to, and does not process the personal data of, individuals residing in the United Kingdom. UK GDPR Article 3(2) territorial scope is therefore not engaged, and no UK Representative is required.
Data Protection Officer / privacy contact:If a Data Protection Officer, UK/EU representative, or equivalent privacy contact is appointed or required for a specific service, those details will be made available through the relevant notice or contact channel.
We collect personal data through the channels described in this Privacy Policy: when you provide it directly, when a business partner or service provider provides it in connection with a requested service, when you enable a Site/App feature or device permission, or when you give the required consent for cookies, analytics, advertising, or marketing. Some technical and device data — such as IP address, browser type, and usage logs — is collected automatically when you visit or use the Site or App, where necessary for security, service operation, troubleshooting, or consented analytics. This is described in the data table below.
You can browse the Site without submitting personally identifiable information, except where information is necessary to provide a requested feature or service, comply with law, maintain security, or operate the Site/App.
| Category | Examples | Source / trigger |
|---|---|---|
| Identifiers and contact details | Name, address, phone number, email address, registration details, enquiry details, and account or application details. | Provided by you or provided by partners / service providers for a requested service. |
| Application and service data | Forms, registrations, surveys, contests, promotions, product enquiries, applications, support interactions. | Provided by you or created through your requested interaction with Leap. |
| Communications data | Emails, support requests, feedback, survey responses, messages, call details, chat details. | Provided by you or generated during communications with us. |
| Marketing and preference data | Promotional preferences, unsubscribe choices, cookie choices, advertising choices, communication-channel preferences. | Provided by you or recorded through preference, consent, or unsubscribe tools. |
| Technical, device, and usage data | IP address, browser/device type, operating system, logs, app identifiers, pages viewed, clicks, search terms, and similar data. | Processed only where needed for service operation, security, fraud prevention, troubleshooting, consented analytics/advertising, or a feature you enable. |
Some information is required to respond to requests, create or manage an account, process an application, provide a service, send service communications, or meet legal or contractual requirements. Other information, such as optional survey responses, promotional preferences, or certain profile details, is voluntary. If required information is not provided, we may be unable to provide the requested feature, response, offer, product, service, application support, or transaction.
Leap does not treat continued browsing or use of the Site/App as valid consent for non- essential cookies or tracking technologies. Where applicable law requires opt-in consent, non-essential analytics, advertising, personalisation, pixels, web beacons, mobile identifiers, and similar technologies will not be used until the required consent is obtained.
We may use cookies or similar technologies that are strictly necessary to provide the Site/App, maintain security, remember privacy choices, manage sessions, or enable requested functions. Non-essential tools are controlled through the cookie banner, preference centre, device/app settings, browser settings, provider opt-out tools, or unsubscribe mechanisms where available.
| Technology category | Purpose | Choice/control |
|---|---|---|
| Strictly necessary cookies/local storage | Core functionality, security, session management, privacy-preference storage. | Required for service operation; browser/device controls may affect functionality. |
| Analytics tools | Performance measurement and service improvement. | Used only where consent or another valid legal basis applies; manage through banner/preference centre or provider tools. |
| Advertising/personalisation tools | Campaign measurement, frequency control, and relevant advertising where permitted. | Used only with required consent/legal basis; manage through banner/preference centre, unsubscribe tools, browser/device settings. |
| Mobile identifiers/device permissions | App features, security, fraud prevention, troubleshooting, analytics/advertising where permitted. | Device permissions, app settings, operating-system settings, and deletion of the App. |
Behavioural advertising:We or our service providers may use Site activity, such as pages visited and keywords used, to determine relevant advertisements or offers on the Site or Third Party Sites only where permitted by law and the required consent or legal basis is in place. Opting out may not stop all advertising, but ads may be less relevant.
We use personal data only for the purposes below. Where applicable data protection law requires it, the lawful bases are mapped to each activity. When we rely on legitimate interests, those interests include operating and improving services, responding to users, securing systems, preventing fraud, managing risk, conducting permitted analytics/marketing, enforcing rights, and maintaining records, balanced against your rights and expectations.
| Purpose | Data typically used | Lawful basis / justification |
|---|---|---|
| Provide, operate, and improve Site/App/services | Identifiers, contact, service, communications, technical and usage data. | Contract/pre-contract steps; legitimate interests (our interest in operating, maintaining, and improving a functional and reliable service for users). |
| Respond to enquiries, offers, alerts, surveys, registrations, promotions, support requests | Identifiers, contact, communications, service data, preferences. | Contract/pre-contract steps; legitimate interests (our interest in responding to user enquiries and providing relevant information about our services); consent for marketing/promotions. |
| Verify identity, qualify requested products/services, process transactions, billing and collection | Identifiers, contact, application/service data, transaction-related data. | Contract/pre-contract steps; legal obligations; legitimate interests in administration, billing and collection (our interest in managing accounts, recovering amounts owed, and maintaining accurate financial records). |
| Analytics, personalisation, advertising and campaign measurement | Preference, cookie, usage, advertising and aggregated/anonymised data. | Consent; legitimate interests only where permitted and balanced (our interest in understanding how users engage with our services in order to improve them, where this does not override user rights or expectations). |
| Security, fraud prevention, compliance, legal requests and recordkeeping | Identifiers, contact, service data, communications, security logs, technical data. | Legal obligations; legitimate interests (our interest in protecting the security of our systems, preventing fraud, and safeguarding users and the business against unlawful activity); establishment, exercise or defence of legal claims. |
We may also use aggregated or anonymised data that does not identify an individual for research, service improvement, trend analysis, and analytics.
We share personal data only where needed for the purposes in this Privacy Policy, where instructed or authorised by you, or where required or permitted by law. We do not authorise service providers to use information independently for their own marketing unless you consent.
| Recipient category | Why we share | Information shared |
|---|---|---|
| Service providers/vendors | Hosting, security, analytics, communications, support, transaction processing. | Data needed to perform the service. |
| Analytics/advertising partners | Performance measurement and relevant advertising where permitted. | Usage, preference, cookie/tracking and aggregated data, subject to consent/legal basis. |
| Loan servicing, payment, collection and business partners | Support requested products/services, transactions, payment or collection where relevant. | Data needed for the relevant process. |
| Professional advisers/corporate affiliates | Legal, audit, accounting, compliance, risk and business administration. | Data relevant to the advice or business purpose. |
| Regulators, courts, law-enforcement bodies | Comply with law, respond to requests, protect rights, prevent fraud, manage legal claims. | Data required or permitted by law or relevant to the request. |
| Successors/transaction parties | Merger, acquisition, financing, restructuring, sale or transfer. | Data relevant to the transaction, subject to safeguards. |
Recipients are expected to apply confidentiality, security, contractual, and purpose-limitation protections. Onward transfers use safeguards appropriate to the transfer and applicable law.
Marketing choices:You may unsubscribe from promotional emails through the unsubscribe link, follow SMS/WhatsApp instructions where available, adjust device/app controls, use cookie or consent tools, or contact contact@leapscholar.com Marketing consent is not a condition of receiving services unless a communication is necessary for the requested service. Transactional, legal, security, or service-related messages may still be sent where necessary or permitted by law.
Withdrawal of consent:Where we rely on consent, you may withdraw it at any time. Withdrawal will not affect processing that occurred before withdrawal or processing that continues under another lawful basis.
UK and other privacy rights:Depending on applicable law, you may request access, correction, deletion, restriction, objection including objection to direct marketing, portability, withdrawal of consent, and information about how we use/share your data. To exercise rights, contact contact@leapscholar.com. with enough information to identify you and your request. We may verify your identity. We aim to respond within one month unless an extension is permitted by applicable law. Some rights may be limited by law, contractual requirements, security needs, legal obligations, or the rights of others.
Leap maintains security standards designed to protect information transmitted from your device to the network hosting the Site, including SSL or similar encryption in transit. We use reasonable organisational, technical, and administrative safeguards designed to protect personal data against unauthorised access, loss, misuse, alteration, and disclosure. These safeguards may include encryption in transit, access controls, role-based or need-to-know access, staff confidentiality obligations and training, data minimisation, vendor due diligence, monitoring, incident-response procedures, and breach assessment and notification processes where required by law.
No website, app, transmission method, or storage system is completely secure. You should maintain up-to-date anti-virus and anti-malware software and should not send sensitive personal information through non-secure email. Leap will not request sensitive personal information through insecure electronic communications.
The Site and services described on the Site are intended for individuals who are at least 13 years old. We do not knowingly collect or retain personal information from children under 13. If you are under 13, do not visit the Site or provide personally identifiable information. Where our services — including IELTS and exam preparation services — are likely to be used by individuals aged 13 to 17, we apply appropriate privacy protections by default, process only the minimum personal data necessary, and do not use data from this age group for profiling or targeted advertising without explicit consent. We do not knowingly target services at under-13s.
Where a higher minimum age, parental-consent requirement, or other children's privacy rule applies under local law, we will follow that requirement. We do not knowingly target services to children below the applicable age threshold without required consent or safeguards. A parent or guardian who believes a child has provided personal data may contact contact@leapscholar.com. we will review the request and take appropriate steps under applicable law.
If you access the Site from outside India, your personal data may be stored or processed in India and in other countries where Leap, its affiliates, vendors, partners, cloud-hosting providers, analytics providers, communication providers, or service providers operate. This means personal data may be transferred outside the UK or the country where you live.
We do not rely on implied consent from Site/App use as the routine legal mechanism for international transfers. When applicable data protection law requires a transfer safeguard, we use an appropriate mechanism such as an adequacy decision, EU Standard Contractual Clauses, contractual protections, vendor due diligence, or another lawful mechanism required or permitted by applicable law. You may contact us for more information about relevant transfer protections.
We send marketing communications by electronic means (including email, SMS, and WhatsApp) only where we have obtained prior, freely given, specific, informed, and unambiguous consent, or where another valid legal basis applies under applicable law. Consent records are maintained and can be produced on request.
Registration or use of the Site does not constitute consent to marketing. We honour all opt- out and unsubscribe requests promptly. Transactional, legal, security, and service-related messages are not marketing communications and may still be sent where necessary or permitted by law. You may opt out using the methods described in this Privacy Policy.
We retain personal data no longer than necessary for the purpose for which it was collected, as described in the table below. When personal data is no longer needed, we delete it, anonymise it, aggregate it, or otherwise handle it in accordance with applicable law and our retention practices.
| Data type | Retention approach |
|---|---|
| Enquiry, account, application and service records | Kept for the duration of the relationship and for up to 6 years thereafter to meet legal, contractual, audit, dispute-resolution, and business-record requirements (reflecting standard UK limitation periods under the Limitation Act 1980). Longer retention applies only where a specific legal or regulatory obligation requires it. |
| Marketing and preference records | Active marketing data kept until opt-out or withdrawal of consent. Suppression records (recording the opt-out itself) kept for 6 years to demonstrate compliance with applicable law. Preference and consent records kept for the duration of the relationship and for 6 years after it ends. |
| Cookie, analytics, device and usage data | Strictly necessary cookies: session duration or up to 12 months. Analytics data (e.g. Google Analytics): up to 26 months. Advertising and personalisation data: up to 13 months or as required by applicable consent. Security and fraud-prevention logs: up to 12 months. All subject to consent settings, provider settings, and applicable law. |
| Financial, billing, transaction, collection and related records | Kept for 7 years from the end of the financial year in which the transaction occurred, as required by HMRC rules and UK Companies Act accounting obligations. Records relevant to pending disputes, regulatory investigations, or legal claims are kept until those matters are fully resolved, plus 1 year. |
| Security logs and legal/compliance records | Security logs: up to 1 year for routine monitoring; up to 3 years where an incident, investigation, or suspected fraud is identified. Legal and compliance records: kept for the duration of the relevant proceeding or obligation plus 6 years. Regulatory correspondence: 6 years from the date of the correspondence. |
We may use personal data, usage data, cookies, analytics, or advertising data to personalise content, recommend products or services, measure interest, prevent fraud, and improve services. We confirm that we do not make decisions based solely on automated processing that produce legal or similarly significant effects on individuals.
All personalisation and recommendation activities are used to improve the user experience and do not determine eligibility for services, produce binding outcomes, or otherwise significantly affect users’ rights or interests without human involvement. If this position changes for any specific product or service, we will update this notice and provide the required information about the logic involved, the significance, and the likely consequences before implementing such processing.
Complaints: privacy questions, requests, concerns, or complaints, contact contact@leapscholar.com. or write to Leap, D409, Raheja Residency, 3rd Block Koramangala, Bengaluru 560034, Karnataka, India. You may also have the right to complain to the data protection supervisory authority or regulator in your jurisdiction.
Changes:We may update this Privacy Policy from time to time. Where required by law, or where changes are material, we will provide additional notice through the website, App, email, or another appropriate channel. The Last updated date identifies when this Privacy Policy was most recently revised. Continued use after an update constitutes acceptance of the modifications where permitted by law.
Accessibility and additional notices:We aim to keep this Privacy Policy clear, easy to find, and regularly updated. We may provide additional privacy notices, just-in-time notices, consent prompts, cookie notices, or product-specific notices where this helps explain a particular use of personal data. If there is a conflict between this Privacy Policy and a product-specific notice, the product-specific notice will apply to the extent of the conflict. Note: Leap is not affiliated with the government or any government agency. Leap Inc. is located at D409, Raheja Residency, 3rd Block Koramangala, Bengaluru 560034, Karnataka, India.
Maharashtra:
Kerala:
Comments about GeeBee Education for American International Recruitment Council
We endorse "National Code of Ethical practice for UK Education Agents"
Leap GeeBee Edtech Private Limited, Singapore
.png)
