Last Updated: May 29, 2026
The Kampster Service is operated by Kampster DOO (Serbia), which is the data controller responsible for your personal data, together with its affiliated company Kampster Pte. Ltd. (Singapore), which sells and distributes subscriptions to you and acts as an independent (or joint) data controller for sales and billing data. In this Privacy Policy, "Kampster," "we," "us," or "our" refers to Kampster DOO as data controller.
Kampster respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered Learning Management System, including our website at https://kampster.com, our mobile applications distributed through the Apple App Store and Google Play Store, and related applications (collectively, the "Service").
Please read this Privacy Policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to the practices described in this document. If you do not agree with our policies and practices, please do not use our Service.
Data Controller:
Affiliated seller / controller (sales & distribution):
Kampster Pte. Ltd. is the seller/distributor of subscriptions and acts as an independent (or joint) data controller for the sales and billing data it processes, under an intercompany agreement with Kampster DOO. As Singapore is outside the EEA, transfers are covered by appropriate safeguards (see Section 7.5).
EU Representative (GDPR Article 27):
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://app.prighter.com/portal/19848992175
Data Protection contact / DPO:
We collect several types of information from and about users of our Service:
Personal data refers to any information that identifies or can be used to identify you directly or indirectly. We may collect the following personal data:
Proctoring is an optional feature available only to organisational (business) customers and only where that organisation has explicitly enabled it. It is not used in standard or individual (consumer) learning, courses, or assessments. Where an organisation enables proctoring for an assessment, the organisation acts as the data controller and Kampster acts as a data processor on its behalf. The legal basis for the processing, the collection of any consent, and the retention period (including the 30-day period referenced below, which is a default the organisation may vary) are determined by the organisation under its agreement with Kampster, not by this Privacy Policy.
Where proctoring is enabled, and only during an active, clearly-notified test session for which you have given explicit prior consent, the following may be collected to ensure test integrity: photographs/video of you, audio of your environment, behavioural data (mouse, keyboard, keystroke timing), biometric data (e.g. facial recognition, eye-movement patterns — special-category data processed only on the basis of your explicit consent), screen activity, and related device data. Proctoring data is retained for 30 days for audit purposes and then deleted (see Section 8).
If you use Kampster as an individual consumer, proctoring does not apply to you.
We automatically collect certain information when you access or use our Service:
We collect data related to account access and security:
We use cookies and similar tracking technologies to collect and store information about your interactions with our Service. For more detailed information about our use of cookies, please see our Cookie Policy.
We collect data through various methods:
We use your personal data for the following purposes:
We do not use your personal data, queries, or AI interactions to train AI models, whether our own or those of third parties. Our AI features run on third-party models under zero-data-retention terms: your prompts and the generated responses are not retained by the model providers after a request is processed and are not used for model training.
Where an organisational customer has enabled proctoring (see Section 3.2), and only during active proctored sessions, data may be used to verify identity, detect cheating or unauthorized assistance, analyse behavioural patterns, and maintain the integrity and validity of test results. For proctoring, Kampster acts as a data processor on behalf of the organisational customer (the controller), and the purposes, legal basis, and retention are governed by that organisation's agreement. This does not apply to individual consumer use of the Service.
We process your personal data on the following legal bases:
Processing necessary for the performance of our contract with you to provide the Service.
Processing necessary for our legitimate interests, provided these interests are not overridden by your rights and freedoms. Our legitimate interests include:
Processing based on your specific consent, such as:
Where proctoring is enabled by an organisational customer, any biometric data (such as facial-recognition data) is special-category data processed solely on the basis of your explicit consent (GDPR Article 9(2)(a)). You may refuse, in which case you will not take the proctored assessment.
Processing necessary to comply with our legal obligations under the Serbian Law on Personal Data Protection (ZZPL), the EU General Data Protection Regulation (GDPR), and other applicable laws.
We may share your personal data with the following categories of recipients:
We share information with third parties that help us operate, provide, improve, and market our Service:
We may disclose your information where required by law, regulation, or legal process.
If Kampster is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal data may be transferred as part of that transaction.
We may share your information with third parties when you have given us your consent to do so.
Your personal data may be transferred to, and processed in, countries other than your country of residence, including Serbia (where our controller and operations team are located), Singapore (our affiliated seller and independent/joint controller), and the United States (certain sub-processors).
Safeguards. Serbia and Singapore are not the subject of an EU adequacy decision. Where we transfer personal data outside the EEA, we rely on appropriate safeguards under Chapter V of the GDPR — principally the European Commission's Standard Contractual Clauses (SCCs) — and, for US-based providers participating in it, the EU-US Data Privacy Framework (DPF). Each processor handles your personal data under a data processing agreement that incorporates these safeguards. You may request a copy of the relevant safeguards by contacting legal@kampster.com.
EU Data Storage. We store personal data primarily in the EU region through our hosting and database providers (e.g. PlanetScale and Upstash in the EU). Data may be accessed from Serbia and Singapore for operational purposes under the safeguards above.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
When determining retention periods, we consider:
Cookies are small text files that are placed on your device when you visit our website. We use cookies and similar technologies to:
Analytics and Marketing cookies are off by default and load only after you opt in.
You can accept or reject non-essential cookies via our cookie banner and change your choice at any time through "Cookie Settings" in our website footer, which also lists the current third-party tools in use. You can additionally manage cookies through your browser settings. See our Cookie Policy for full details.
We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:
While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
As an AI-powered Learning Management System, we have specific data practices related to our AI technology:
Our AI-powered features may utilize third-party AI services for content generation and tutoring. When you interact with AI tutors, your queries and relevant learning context may be processed by third-party AI service providers. This data is transmitted securely and used solely for generating educational responses. We do not share your personal identity information (such as your name, email, or account details) with these AI providers. All third-party AI service providers are contractually bound to process data only as instructed by Kampster and in accordance with applicable data protection laws. These providers operate under zero-data-retention agreements: they do not retain your prompts or the generated outputs after processing and do not use them to train their models.
Depending on your location, you may have the following rights regarding your personal data:
You have the right to request copies of your personal data.
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
You have the right to request that we erase your personal data, under certain conditions.
You have the right to request that we restrict the processing of your personal data, under certain conditions.
You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
You have the right to object to our processing of your personal data, under certain conditions.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us at legal@kampster.com. We will respond to your request within 30 days. We may need to verify your identity before responding to your request.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
To exercise your California privacy rights, contact us at legal@kampster.com. We will verify your identity before processing your request and respond within 45 days.
Our Service is intended for users aged 16 and above, and we do not knowingly collect personal data from anyone under 16. Setting our minimum age at 16 also meets the highest age of digital consent applied across the EU/EEA, so consent-based processing does not rely on the personal data of children below that age.
If you are a parent or guardian and believe that a child under 16 has provided us with personal data, please contact us at legal@kampster.com and we will take steps to delete such information.
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The updated policy will be posted on this page with a revised "Last Updated" date.
For material changes to this Privacy Policy, we will notify you through:
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
For any questions or concerns about this Privacy Policy or our data practices, you can contact our data protection function:
If you have a complaint about our use of your personal data or our response to your requests, you have the right to lodge a complaint with a supervisory authority.
Our lead supervisory authority is the Serbian data protection authority:
Commissioner for Information of Public Importance and Personal Data Protection (Poverenik) Bulevar kralja Aleksandra 15, 11000 Beograd, Serbia Website: https://www.poverenik.rs/
EU/EEA residents may also lodge a complaint with their local data protection authority, and may contact our EU representative (Prighter — https://app.prighter.com/portal/19848992175).
To the extent our affiliated company in Singapore (an independent/joint controller for sales and billing) is involved, the Singapore supervisory authority is the Personal Data Protection Commission (https://www.pdpc.gov.sg/).
For any questions about this Privacy Policy or our data practices, please contact us at:
By using Kampster, you acknowledge that you have read and understood this Privacy Policy.