1. Information We Collect About You

Types of Personal Information

Student Information We Collect:

• Identity Information: Full legal name, preferred name, date of birth, age, gender
• Contact Information: Email address, telephone number, postal address, emergency contact details
• Educational Information: Current school name and address, grade level, curriculum type (NAPLAN, PSLE, NCEA, GCSE, A-Level, IB, AP, etc.), academic subjects studied, current academic performance levels
• Learning Data: Academic assessment results, test scores, assignment grades, learning preferences, educational goals and objectives, special educational needs or learning disabilities, tutoring session recordings (with explicit consent)
• Technical Information: Learning progress analytics, platform usage patterns, session participation data, homework completion rates

Parent/Guardian Information We Collect:

• Identity Information: Full name, relationship to student, parental responsibility status
• Contact Information: Email address, telephone numbers (primary and secondary), postal address
• Financial Information: Payment method details, billing address, transaction history, refund requests
• Communication Preferences: Preferred contact methods, language preferences, notification settings

Technical Information We Automatically Collect:

• Device Information: IP address, device type, operating system, browser type and version, screen resolution
• Usage Information: Pages visited, time spent on platform, click patterns, search queries, feature usage
• Location Information: General geographic location based on IP address (with consent for precise location)
• Performance Data: Platform performance metrics, error logs, system diagnostics

How We Collect Information

Direct Collection Methods:

• Account registration forms at www.guruathome.com
• Academic assessment questionnaires and placement tests
• Tutoring session interactions and communications
• Customer service inquiries and support requests
• Payment processing through our secure billing system
• Surveys and feedback forms for service improvement

Automatic Collection Methods:

• Website cookies and similar tracking technologies
• Platform analytics tools for usage monitoring
• Session recording software for quality assurance (with consent)
• Security monitoring systems for fraud prevention
• Performance monitoring tools for service optimization

Third-Party Collection:

• Social media platforms when you connect your accounts (with permission)
• Educational institutions when they provide academic records (with consent)
• Payment processors for transaction verification
• Identity verification services for account security

2. How We Use Your Personal Information

Primary Purposes for Data Processing

Educational Service Delivery:

• Tutor Matching: Analyzing student academic needs, learning styles, and curriculum requirements to match with appropriately qualified tutors who specialize in your country’s educational system
• Personalized Learning: Creating customized lesson plans, selecting appropriate learning materials, adapting teaching methods to individual learning preferences and academic goals
• Academic Progress Monitoring: Tracking learning outcomes, measuring improvement over time, identifying areas needing additional support, generating progress reports for students and parents
• Assessment and Evaluation: Conducting academic assessments, providing feedback on performance, preparing students for examinations, measuring achievement against curriculum standards

Platform Operations and Administration:

• Account Management: Creating and maintaining user accounts, authenticating user identity, managing subscription services, processing account modifications
• Payment Processing: Handling billing transactions, processing refunds, managing subscription renewals, maintaining financial records for tax and legal compliance
• Customer Support: Responding to inquiries, resolving technical issues, providing platform guidance, handling complaints and feedback
• Platform Security: Monitoring for unauthorized access, preventing fraud and misuse, maintaining data integrity, ensuring platform stability and reliability

Communication and Engagement:

• Service Communications: Sending essential service notifications, tutoring session reminders, platform updates, policy changes, security alerts
• Academic Communications: Sharing progress reports with parents, facilitating tutor-student-parent communication, providing academic recommendations and guidance
• Marketing Communications: Sending promotional materials about new services, educational resources, platform improvements (only with explicit consent)
• Research and Development: Analyzing usage patterns to improve services, developing new educational features, enhancing user experience

Legal Basis for Processing (GDPR and Similar Laws)

Consent-Based Processing:

• Marketing communications and promotional materials
• Optional tutoring session recordings for quality improvement
• Precise geolocation data for enhanced service delivery
• Non-essential cookies and tracking technologies
• Participation in research studies and surveys

Contract-Based Processing:

• Delivering online tutoring services as requested
• Processing payments and managing subscriptions
• Providing customer support and technical assistance
• Maintaining platform security and user authentication

Legitimate Interest Processing:

• Improving platform functionality and user experience
• Conducting security monitoring and fraud prevention
• Analyzing usage patterns for service optimization
• Maintaining business records for operational purposes

Legal Obligation Processing:

• Complying with tax reporting requirements
• Responding to valid legal requests and court orders
• Meeting regulatory compliance obligations
• Protecting user safety and preventing illegal activities

3. When and How We Share Information

Authorized Information Sharing

With Educational Service Providers:

• Qualified Tutors: We share relevant student academic information, learning preferences, educational goals, and progress data with assigned tutors to enable effective personalized instruction. Tutors receive only information necessary for educational service delivery and are bound by strict confidentiality agreements.
• Curriculum Specialists: Academic subject matter experts may receive anonymized learning data to improve educational content and teaching methodologies specific to different national curricula.

With Parents and Guardians:

• Academic Progress Reports: Detailed information about student performance, learning achievements, areas for improvement, and tutor recommendations
• Platform Usage Analytics: Data about session attendance, homework completion, time spent learning, and engagement levels
• Communication Records: Copies of important communications between tutors and students, educational guidance provided, and service-related notifications

With Trusted Service Partners:

• Payment Processors: Credit card companies and payment platforms receive necessary financial information to process transactions securely (Stripe, PayPal, and other certified payment providers)
• Technology Infrastructure Providers: Cloud hosting services (Amazon Web Services, Google Cloud) receive encrypted data for platform hosting and security
• Analytics Providers: Anonymized usage data shared with analytics platforms (Google Analytics, Mixpanel) for service improvement
• Customer Support Platforms: Ticketing and communication systems receive necessary information to provide technical assistance

With Legal and Regulatory Authorities:

• Legal Compliance: When required by valid court orders, subpoenas, legal processes, or regulatory investigations
• Safety Protection: To protect the safety and rights of students, parents, tutors, or other users when we believe disclosure is necessary
• Fraud Prevention: Sharing information with law enforcement agencies to prevent or investigate suspected illegal activities
• Regulatory Reporting: Providing required information to educational authorities, tax agencies, or data protection regulators

Information We Never Share

Strict Confidentiality Standards:

• We never sell, rent, lease, or trade personal information to third parties for marketing purposes
• We do not share sensitive academic information with unauthorized parties
• We never disclose learning disabilities, family circumstances, or confidential educational records without explicit consent
• We do not provide student contact information to external organizations for solicitation purposes

4. Protecting Your Data Security

Comprehensive Security Framework

Technical Security Measures:

• Encryption Standards: All data transmissions use TLS 1.3 encryption, and stored data is protected with AES-256 encryption
• Access Controls: Multi-factor authentication required for all accounts, role-based access permissions, automated session timeouts
• Network Security: Firewall protection, intrusion detection systems, DDoS protection, secure VPN access for staff
• Data Backup: Automated daily backups with geographically distributed storage, regular recovery testing, version control systems

Physical Security Protections:

• Data Centers: Enterprise-grade facilities with 24/7 security monitoring, biometric access controls, environmental monitoring
• Office Security: Restricted access to facilities, visitor management systems, secure document storage, clean desk policies
• Device Management: Encrypted laptops and mobile devices, remote wipe capabilities, approved software lists, regular security updates

Administrative Security Controls:

• Staff Training: Comprehensive privacy and security training for all employees, regular updates on emerging threats, incident response procedures
• Background Checks: Thorough screening of all personnel with access to personal information, ongoing security clearance monitoring
• Policy Enforcement: Regular audits of security practices, disciplinary measures for policy violations, continuous improvement processes
• Vendor Management: Due diligence assessments of third-party providers, contractual security requirements, ongoing monitoring

Security Incident Response

Immediate Response Procedures:

1. Detection and Assessment: 24/7 monitoring systems automatically detect potential security incidents and alert our security team
2. Containment: Immediate steps to isolate affected systems, prevent further unauthorized access, and preserve forensic evidence
3. Investigation: Thorough analysis to determine the scope, cause, and impact of the security incident
4. Notification: Users affected by data breaches are notified within 72 hours as required by applicable laws
5. Recovery: Implementation of remediation measures, system restoration, and enhanced security controls to prevent recurrence

User Protection Measures:

• Immediate password reset requirements for affected accounts
• Enhanced monitoring of potentially compromised accounts
• Identity theft protection resources and guidance
• Regular security status updates throughout incident resolution
• Post-incident security improvements and policy updates

5. Your Privacy Rights and Choices

Universal Privacy Rights

Access and Transparency Rights:

• Right to Access: Request complete copies of all personal information we hold about you, including data sources, processing purposes, and sharing details
• Data Portability: Receive your personal information in a structured, machine-readable format for transfer to other services
• Processing Information: Obtain detailed explanations of how your information is processed, stored, and protected

Control and Correction Rights:

• Right to Correction: Update, modify, or correct any inaccurate or incomplete personal information in your account
• Right to Restriction: Limit how we process your personal information for specific purposes while maintaining essential services
• Objection Rights: Object to processing based on legitimate interests, direct marketing, or automated decision-making

Deletion and Withdrawal Rights:

• Right to Deletion: Request complete removal of your personal information, subject to legal retention requirements and ongoing service needs
• Consent Withdrawal: Withdraw previously given consent for marketing communications, session recordings, or optional data processing
• Account Closure: Permanently close your account and request deletion of associated personal information

How to Exercise Your Privacy Rights

Online Account Management:

• Account Dashboard: Log into your account at learning.guruathome.com to update personal information, communication preferences, and privacy settings
• Privacy Control Center: Access comprehensive privacy controls at guruathome.com/privacy-settings to manage data sharing, marketing preferences, and consent options

Direct Contact Methods:

• Email Communication: Send privacy inquiries to contact@guruathome.com with “Privacy Request” in the subject line
• Telephone Support: Call our support no. at +1 251 901 5077 for immediate assistance with privacy concerns

Response Timeline and Process:

• Initial Acknowledgment: All privacy requests acknowledged within 5 business days of receipt
• Processing Time: Complete response provided within 30 calendar days (or as required by applicable law in your jurisdiction)
• Identity Verification: Secure identity confirmation required before processing sensitive privacy requests
• Status Updates: Regular progress updates for complex requests requiring extended processing time

6. Cookies and Similar Technologies

Types of Cookies and Tracking Technologies

Essential Cookies (Always Active):

• Authentication Cookies: Maintain secure login sessions, verify user identity, prevent unauthorized account access
• Security Cookies: Detect suspicious activities, prevent fraud, protect against cyber attacks and data breaches
• Platform Functionality: Remember user preferences, maintain shopping cart contents, enable core platform features
• Performance Monitoring: Track system performance, identify technical issues, ensure optimal user experience

Analytics and Performance Cookies (Optional):

• Usage Analytics: Google Analytics and similar tools to understand how users interact with our platform
• Performance Optimization: Identify popular features, measure page load times, optimize user experience
• A/B Testing: Compare different versions of features to improve platform effectiveness
• Error Tracking: Monitor technical issues to provide better service reliability

Marketing and Personalization Cookies (Consent Required):

• Targeted Advertising: Deliver relevant educational content and service recommendations
• Social Media Integration: Enable sharing on Facebook, Twitter, LinkedIn, and other social platforms
• Remarketing: Show relevant ads to users who have previously visited our platform
• Personalization: Customize content based on user interests and educational needs

Cookie Management and Control

Browser-Level Controls:

• Chrome: Settings > Privacy and Security > Cookies and Other Site Data
• Firefox: Options > Privacy & Security > Cookies and Site Data
• Safari: Preferences > Privacy > Cookies and Website Data
• Edge: Settings > Cookies and Site Permissions > Cookies and Stored Data

Platform-Level Controls:

• Cookie Preferences: Manage cookie settings through guruathome.com/cookie-preferences
• Consent Management: Update marketing cookie consent through your account privacy settings
• Third-Party Controls: Opt-out of third-party advertising cookies through industry opt-out programs
• Regular Reviews: Receive periodic requests to review and update your cookie preferences

Impact of Cookie Restrictions:

• Disabling essential cookies may prevent platform login and core functionality
• Blocking analytics cookies limits our ability to improve user experience
• Restricting marketing cookies reduces personalization but doesn’t affect educational services
• Cookie settings can be modified at any time through browser or platform controls

7. Protecting Children’s Privacy

Special Protections for Minor Users

Age Verification and Consent Requirements:

• Age Verification: All users must verify their age during account registration through secure identity confirmation
• Parental Consent: Users under 13 (USA/COPPA) or 16 (EU/GDPR) require explicit parental consent before account creation
• Consent Documentation: Verifiable parental consent obtained through secure methods including credit card verification, digital signatures, or video conferences
• Regular Consent Renewal: Annual review and renewal of parental consent for ongoing service provision

Enhanced Privacy Protections for Minors:

• Limited Data Collection: Only essential information necessary for educational service delivery is collected from minor users
• No Behavioral Advertising: Marketing cookies and targeted advertising are disabled for all users under 16 years of age
• Restricted Data Sharing: Strict limitations on sharing minor users’ information with third parties, even with parental consent
• Enhanced Security: Additional security measures including extended session timeouts, enhanced encryption, and restricted account access

Comprehensive Parental Rights and Controls:

• Complete Access: Parents can review all personal information collected about their children through secure dashboards
• Deletion Rights: Parents can request immediate deletion of their child’s account and all associated personal information
• Communication Control: Parents manage all communications between tutors and children, including session content and feedback
• Service Modification: Parents can modify or restrict their child’s access to specific platform features or services
• Progress Monitoring: Real-time access to academic progress, tutoring session summaries, and platform usage analytics

Educational Privacy Compliance

FERPA Compliance (United States):

• Educational Records Protection: Student academic records protected under Family Educational Rights and Privacy Act
• Parental Access Rights: Parents have the right to inspect and review their child’s educational records
• Consent for Disclosure: Written parental consent required before sharing educational information with unauthorized parties
• Amendment Rights: Parents can request corrections to inaccurate or misleading educational records

International Educational Privacy Standards:

• Curriculum Confidentiality: Academic performance data and learning assessments kept strictly confidential
• Learning Disability Protection: Special educational needs information shared only with authorized educational professionals
• Assessment Security: Test scores and academic evaluations protected from unauthorized disclosure
• Educational Goal Privacy: Learning objectives and academic aspirations kept confidential unless disclosure is necessary for service delivery

8. International Data Transfers

Cross-Border Data Processing Framework

Global Service Architecture: Guru At Home operates as an international educational platform serving students across multiple countries and time zones. To provide seamless tutoring services, academic progress tracking, and customer support, we may transfer personal information between countries where we operate or maintain technology infrastructure.

Data Transfer Safeguards and Legal Mechanisms:

• Standard Contractual Clauses (SCCs): EU-approved Standard Contractual Clauses for all personal data transfers from European Economic Area to countries without adequacy decisions
• Adequacy Decisions: Reliance on European Commission adequacy decisions where available (UK, Switzerland, and other approved countries)
• Binding Corporate Rules: Internal data protection policies ensuring consistent global privacy standards across all Guru At Home operations
• Additional Safeguards: Supplementary measures including encryption, access controls, and audit procedures for enhanced protection

Data Localization Compliance:

• Regulatory Requirements: Compliance with data localization laws in countries requiring in-country data storage
• Regional Infrastructure: Maintaining data processing facilities in key regions to minimize international transfers
• Local Hosting: Using local cloud infrastructure providers where mandated by national data protection laws
• Cross-Border Restrictions: Respecting limitations on personal data exports imposed by local privacy regulations

International Transfer Transparency

Transfer Notification: Users are informed when their personal information may be processed in countries other than their residence

Destination Countries: Primary data processing occurs in United States, United Kingdom, European Union, and Australia with appropriate safeguards

Purpose Limitation: International transfers limited to specific purposes including service delivery, technical support, and regulatory compliance

User Control: Users can request information about specific international transfers affecting their personal information

9. Country-Specific Privacy Rights

European Union and United Kingdom (GDPR/UK GDPR)

Enhanced Data Subject Rights:

• Data Portability: Right to receive personal information in structured, machine-readable format for transfer to other services
• Processing Objection: Right to object to processing based on legitimate interests, including profiling and automated decision-making
• Processing Restriction: Right to restrict processing while verifying accuracy, assessing legal challenges, or pending objection resolution
• Automated Decision-Making: Protection against decisions based solely on automated processing with significant effects

Supervisory Authority Cooperation:

• Lead Supervisory Authority: Information Commissioner’s Office (ICO) for UK operations, relevant EU authorities for European operations
• Complaint Procedures: Direct complaint mechanisms with supervisory authorities independent of internal Guru At Home complaint processes
• Regulatory Coordination: Active cooperation with data protection authorities for compliance monitoring and improvement

United States Privacy Rights (CCPA and Emerging State Laws)

California Consumer Privacy Act (CCPA) Rights:

• Right to Know: Detailed information about personal information collection, use, sharing, and sale practices
• Right to Delete: Request deletion of personal information collected directly from consumers (subject to legal exceptions)
• Right to Opt-Out: Opt-out of sale of personal information (Note: Guru At Home does not sell personal information)
• Non-Discrimination: Protection against differential treatment for exercising CCPA privacy rights

Expanding State Privacy Protections:

• Virginia Consumer Data Protection Act (VCDPA): Consumer rights to access, correct, delete, and port personal information
• Colorado Privacy Act (CPA): Similar consumer rights with additional protections for sensitive personal information
• Emerging State Laws: Ongoing compliance with developing state privacy legislation across the United States

US-Specific Contact Information:

• USA Privacy Portal: www.guruathome.org/privacy-rights
• California Privacy Rights: www.guruathome.org/ccpa
• State Privacy Requests: privacy@guruathome.com (Subject: “[State] Privacy Request”)

Australia Privacy Rights (Privacy Act 1988)

Australian Privacy Principles (APPs) Compliance:

• Open and Transparent Handling: Clear information about personal information management practices
• Anonymity and Pseudonymity: Options for anonymous or pseudonymous interactions where practicable
• Collection Limitation: Personal information collected only when necessary for educational service functions
• Data Quality: Reasonable steps to ensure personal information accuracy, completeness, and currency

Notifiable Data Breach Scheme:

• Mandatory Notification: Office of the Australian Information Commissioner notified of eligible data breaches within 72 hours
• Individual Notification: Affected individuals notified when data breach likely to result in serious harm
• Breach Response: Comprehensive incident response procedures aligned with Australian requirements

New Zealand Privacy Rights (Privacy Act 2020)

Information Privacy Principles Compliance:

• Purpose Limitation: Personal information collected only for lawful purposes directly related to educational functions
• Collection Method: Direct collection from individuals unless alternative collection is authorized or necessary
• Storage and Security: Appropriate safeguards against loss, unauthorized access, use, modification, or disclosure
• Individual Participation: Rights to access, correct, and request deletion of personal information

Mandatory Breach Notification:

• Privacy Commissioner Notification: Notifiable privacy breaches reported to Privacy Commissioner without delay
• Individual Notification: Affected individuals notified when breach causes or likely to cause serious harm
• Harm Assessment: Comprehensive evaluation of potential harm to determine notification requirements

Singapore Privacy Rights (Personal Data Protection Act)

PDPA Compliance Framework:

• Consent Management: Clear, specific consent for personal data collection, use, and disclosure
• Purpose Limitation: Personal data used only for purposes disclosed at collection or with additional consent
• Notification Obligations: Individuals informed of purposes, types of organizations receiving data, and contact information
• Access and Correction: Individual rights to access personal data and request corrections to inaccurate information

Do Not Call (DNC) Registry Compliance:

• Marketing Restrictions: Compliance with Singapore DNC Registry for voice calls, text messages, and fax communications
• Consent Requirements: Explicit consent required for marketing communications to Singapore phone numbers
• Opt-Out Mechanisms: Clear procedures for individuals to opt-out of marketing communications

United Arab Emirates Privacy Rights

UAE Data Protection Law Compliance:

• Lawful Processing: Personal data processed only for legitimate purposes with appropriate legal basis
• Data Subject Rights: Rights to access, rectify, erase, restrict processing, and data portability

Switzerland Privacy Rights (Federal Act on Data Protection)

Swiss Data Protection Compliance:

• Information Rights: Right to information about data processing, including purposes, recipients, and retention periods
• Access Rights: Right to obtain confirmation of data processing and access to personal data
• Correction Rights: Right to rectify inaccurate personal data and complete incomplete data
• Supervisory Authority: Federal Data Protection and Information Commissioner oversight and complaint procedures

10. How Long We Keep Your Data

Data Retention Framework and Schedules

Educational Records Retention:

• Learning Assessments and Progress Reports: Maintained for 1 year after completion to enable educational research, service improvement, and potential re-enrollment
• Curriculum-Specific Materials: Retained for 1 year after last use to support ongoing educational development and intellectual property protection

Account and Profile Information:

• Active Account Data: Maintained throughout duration of service relationship to enable ongoing educational services
• Inactive Account Data: Retained for 1 year after account closure to facilitate potential re-enrollment and resolve post-closure issues
• Marketing Consent Records: Kept for 3 years after consent withdrawal to demonstrate compliance and prevent unauthorized marketing
• Legal and Compliance Records: Maintained as required by applicable laws and regulations, potentially extending beyond standard retention periods

Data Deletion and Destruction Procedures

Automated Deletion Processes:

• Systematic Schedule Reviews: Monthly automated assessment of all data against retention schedules
• Secure Data Destruction: Cryptographic erasure and physical destruction of storage media according to industry standards
• Deletion Verification: Comprehensive auditing to confirm complete removal of data from all systems and backups
• Process Documentation: Detailed records of deletion activities for compliance and auditing purposes

User-Initiated Deletion Requests:

• Request Processing: Identity verification and legal review completed within 15 business days
• Deletion Timeline: Complete data removal executed within 30 calendar days of verified request
• Exception Handling: Clear explanation provided when legal obligations prevent immediate deletion
• Completion Confirmation: Written notification sent to users upon successful data deletion

Legal and Regulatory Exceptions:

• Ongoing Legal Proceedings: Data relevant to active litigation, regulatory investigations, or legal disputes
• Regulatory Requirements: Information required by tax authorities, educational regulators, or law enforcement
• Safety and Security: Data necessary for fraud prevention, security monitoring, or user safety protection
• Anonymized Research: De-identified data used for educational research and service improvement (cannot be re-identified)

11. Privacy Policy Changes and Updates

Change Management Process

Material Changes to Privacy Practices:

• Prominent Website Notice: Homepage banner and platform notifications highlighting significant policy updates
• Detailed Change Summary: Comprehensive explanation of modifications, reasons for changes, and user impact assessment
• User Choice Preservation: Opportunity to review changes and exercise data rights before implementation

Non-Material Changes and Updates:

• Updated Policy Publication: Revised privacy policy posted on website with highlighted changes and effective date
• Platform Notifications: In-app notifications for active users about minor updates and clarifications
• Annual Policy Reviews: Comprehensive annual assessment of privacy practices and policy effectiveness
• Legal Monitoring: Continuous tracking of evolving privacy laws and regulatory requirements

User Consent and Acceptance:

• Continued Service Agreement: Continued use of Guru At Home services after effective date constitutes acceptance of updated policy
• Granular Consent Options: Separate consent requests for new processing purposes or material changes to existing practices
• Service Termination Option: Clear information about how to terminate services if policy changes are unacceptable
• Historical Policy Access: Previous policy versions available for reference and comparison

Change Communication Strategy

Multi-Channel Notification:

• Email notifications to registered email addresses
• Platform notifications during user login sessions
• Website banners and pop-up notifications
• Social media announcements for major changes

Clear Change Documentation:

• Side-by-side comparison of old and new policy provisions
• Plain language explanations of complex legal changes
• FAQ documents addressing common questions about updates
• Direct contact information for user questions and concerns

12. How to Contact Us

Primary Contact Information

Guru At Home Global Privacy Team:

• Primary Website:guruathome.com
• Privacy Portal:guruathome.com/privacy
• Email: contact@guruathome.com
• Phone: +1 251 901 5077 (Available 24/7 for privacy emergencies)

Complaint Resolution and Escalation

Internal Complaint Process:

1. Initial Submission: Submit privacy complaints through online form, email, or telephone
2. Acknowledgment: Receive confirmation of complaint receipt within 5 business days
3. Investigation: Thorough review and investigation completed within 30 calendar days
4. Resolution: Written response with resolution or explanation of ongoing steps
5. Follow-Up: Satisfaction survey and ongoing support to ensure resolution effectiveness

Business Hours and Response Times

Customer Service Availability:

• Privacy Inquiries: 24/7 email support, business hours phone support
• Emergency Contact: 24/7 availability for data breach incidents and urgent privacy matters
• Business Hours: Monday-Friday, 8:00 AM – 11:59 PM IST Weekend Support: Limited weekend coverage for urgent privacy issues

Response Time Commitments:

• Acknowledgment: All inquiries acknowledged within 24 hours
• Simple Requests: Resolved within 5-10 business days
• Complex Requests: Completed within 30 calendar days (or as required by law)
• Legal Requests: Expedited processing for court orders and regulatory demands