Legal
Privacy Policy
This policy explains what personal information CEPI Pakistan (“CEPI”, “we”, “us”, “our”) collects through www.cepi.pk and the CEPI mobile apps, why we collect it, and the choices you have.
Last updated: July 8, 2026
CEPI Pakistan operates the website www.cepi.pk and companion Android, iOS, and Windows apps (together, the “Platform”) to deliver structured courses, video lectures, quizzes, and progress tracking to students. This Privacy Policy applies to anyone who visits the Platform, creates an account, enrolls in a course, or otherwise interacts with our services. By using the Platform you agree to the collection and use of information as described here. If you do not agree, please do not use the Platform.
1. Information we collect
a. Information you give us
- Account details: name, email address, password, phone number, and gender when you register directly or via Google Sign-In.
- Profile information: optional avatar, bio, and social links you choose to add.
- Enrollment & payment details: for manual bank transfer payments — payer name, phone number, transfer reference number, and any notes or receipt you submit. We do not collect or store your bank card numbers or online banking credentials.
- Support & contact requests: the name, email, mobile number, category, message, and optional attachment you submit through our contact form, or details you share when requesting a device reset.
- Course activity: lesson watch time, resume position, completion status, and quiz/module-quiz answers and scores, used to track your learning progress.
- Reviews: ratings and written reviews you choose to submit for a course.
b. Information collected automatically
- Device & browser data: a device fingerprint (derived from your browser and language settings, or your mobile device identifier), IP address, browser/app version, and operating system — used for our one-device account security policy described in Section 4.
- Usage data: pages visited, login timestamps, and general interaction with the Platform, used for analytics and to keep the service secure.
- Cookies and local storage: see Section 5.
c. Information from third parties
If you sign in using Google, we receive your name, email address, and profile photo from Google as permitted by your Google account settings. We do not receive your Google password.
2. How we use information
- To create and maintain your account, verify your email address, and authenticate your logins.
- To enroll you in courses, track lesson and quiz progress, and show your dashboard and certificates of progress.
- To process and review bank transfer payments and confirm enrollment once a payment is approved.
- To operate our device-binding security policy and detect unauthorized account sharing.
- To respond to support requests, contact form submissions, and device-reset requests.
- To send transactional emails (email verification codes, payment status, important account notices).
- To maintain the security, integrity, and proper functioning of the Platform, including preventing fraud and abuse of our video content.
- To improve our courses and Platform based on aggregated usage patterns.
- To comply with legal obligations.
We do not use your personal information for automated decision-making that produces legal effects concerning you, and we do not sell your personal information.
3. Video delivery & third-party services
Our lesson videos are hosted and streamed by Bunny.net, a third-party video CDN. When you play a lesson, your device requests a short-lived, tokenized playback URL generated by our servers; Bunny.net processes the request needed to stream the video to you (which may include your IP address as part of normal content delivery). We do not share your account password, payment details, or personal contact information with Bunny.net.
We use Google OAuth for optional social sign-in, and may use Google Tag Manager/Analytics to understand aggregate traffic to our public website. Where a payment gateway other than manual bank transfer is enabled in the future (for example JazzCash or Stripe), that provider will process your payment details directly under its own privacy policy, and we will update this section accordingly.
4. Device binding & account security
To protect our course content and keep accounts from being shared, CEPI enforces a one trusted-device policy per account (one browser on the web, and one mobile/desktop device per platform class in the app). We store a device fingerprint and a hashed device token — never the raw token — linked to your account, along with a cookie on web or secure on-device storage in the app. If you sign in from a new device, the previous device may be subject to a cooldown period before it can be used again; you can request a device reset through the app or by contacting support, and our admin team can reset device bindings on request.
7. Data retention
We retain account and course-progress data for as long as your account is active, and for a reasonable period afterward to comply with legal, accounting, or dispute-resolution requirements. Payment records are retained as required for financial record-keeping. You may request deletion of your account as described in Section 9.
8. Data security
We use industry-standard safeguards to protect your information, including bcrypt password hashing, HMAC-signed device tokens, signed and time-limited video and download URLs, and role-based access controls that restrict staff access to student data. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security, but we work to continually improve our safeguards.
9. Your rights & choices
You may, at any time, contact us to:
- Request a copy of the personal information we hold about you.
- Ask us to correct inaccurate or incomplete information (you can also update your name, phone, gender, and bio directly from your profile).
- Request deletion of your account and associated personal data, subject to records we must legally retain.
- Object to or ask us to limit certain uses of your information.
- Withdraw consent for optional communications at any time.
To exercise any of these rights, contact us using the details in Section 13.
10. Children's privacy
CEPI's courses are aimed at FSc, entry-test, and competitive-exam students, many of whom are minors under the age of 18. Where a student is a minor, we expect a parent or guardian to review this policy and supervise the student's use of the Platform, including any payment submissions. We do not knowingly collect more personal information from minors than is necessary to provide the course and account features described in this policy.
11. Where your data is processed
CEPI is based in Lahore, Pakistan, and our servers and service providers may process data within Pakistan or in other countries where our hosting, email, or video-delivery providers operate. By using the Platform, you consent to this processing.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes to our Platform or legal requirements. We will post the updated policy on this page with a revised "Last updated" date. Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.
13. Contact us
If you have questions about this Privacy Policy or how we handle your information, contact us:
- Address: 27, C-Block, New Muslim Town, Lahore
- Email: helpdesk@cepi.pk
- Phone: 0321 111 4882
- WhatsApp: 0321 111 4882