legal.privacy.subtitle
Last updated: June 1, 2026
legal.privacy.intro
We collect Non-Personal Information and Personal Information. Non-Personal Information includes information that cannot reasonably identify you, such as anonymous usage data, general demographic information, referring/exit pages, platform types, preferences you submit, and click counts. Personal Information includes your email address, account profile, course progress, notes, bookmarks, highlights, authentication data from providers such as Google or GitHub via Clerk, and payment-related metadata processed by Stripe — collected as described below and in our registration flow.
To activate the Service you must provide at least an email address for account creation. When you view or use the Service, we track information from your browser or application, such as referring URL, browser type, device type, access times, and similar technical data that does not personally identify you. We use cookies and similar technologies as described in our Cookie Policy at /cookies.
To become a subscriber you create a profile by registering with the Service (via Clerk), providing your email and creating credentials. By registering, you authorize us to collect, store, and use your email address in accordance with this Privacy Policy.
legal.privacy.sections.childrenBody
We use Personal Information to provide and maintain the Service, personalize learning, track progress, send service communications, improve the platform, and comply with law. Except as stated here, we do not sell Personal Information for marketing. We share Personal Information with vendors performing services for us (see Sub-processors), payment processors, when required by law, or with your consent. We may share when we believe disclosure is reasonably necessary to comply with legal process, enforce our Terms, address fraud or security, or protect users or the public.
We use Non-Personal Information to improve the Service and analyze trends. We may disclose Non-Personal Information to partners and advertisers at our discretion. This Policy does not limit our use of Non-Personal Information.
If we undergo a merger, acquisition, or sale of assets, Personal Information may be transferred. You acknowledge such transfers may occur and are permitted by this Policy. An acquirer may continue processing under this Policy. Material practice changes will be posted on the Site.
If you are in the EU, EEA, or UK, we rely on lawful bases under Article 6 GDPR: contractual necessity for account features; consent for analytics and marketing cookies; legitimate interests for security and reliability; and legal obligations for billing and lawful requests. You may withdraw consent via Settings > Privacy or Cookie Preferences.
We use cookies as described in our Cookie Policy at /cookies. You may manage preferences via the footer or Settings > Privacy.
We do not sell your personal data. We share information with sub-processors, payment networks, when required by law, or with your explicit consent.
Sub-processors include: Clerk (authentication, US); Amazon Web Services (hosting, us-west-2 and us-east-1, US); Stripe (payments, US); PostHog (analytics, US); Google (Tag Manager/Analytics, Consent Mode v2); Meta (Pixel with marketing consent); and AI providers for tutoring and content (US). We update this list before adding processors that handle personal data.
Data is stored and processed in the United States. Transfers from the EU/EEA/UK use Standard Contractual Clauses (2021 modules) with supplementary measures including encryption, access controls, and MFA. UK transfers use the UK Addendum.
We have appointed or will appoint an EU representative under Article 27 GDPR before broad EU launch. Contact details will be listed here when finalized.
We have appointed or will appoint a UK representative under Article 27 UK GDPR. Contact details will be listed here when finalized.
legal.privacy.sections.dpoBody
We retain data only as long as needed: account data until deletion request (30-day soft-delete window); cookie consent — 365 days; consent audit — 3 years (pseudonymized erasure records retained as required); tutor conversations — 90 days; concept mastery — 365 days; billing — tax-required periods (typically 7 years); logs — 90 days to 1 year. Export or delete via Settings > Privacy.
legal.privacy.sections.yourRightsBody
You may opt out of promotional emails via unsubscribe links or Settings > Privacy. We may still send administrative emails such as Privacy Policy updates.
We use encryption in transit and at rest, firewalls, secure socket layers, access controls, and incident-response procedures. No method is 100% secure; you assume risks of providing information online.
We use AI to personalize learning. These features do not produce legal or similarly significant decisions under Article 22 GDPR. We will update this section if that changes.
We implement technical and organizational measures including encryption, assessments, role-based access, and breach notification where required by law.
The Service may link to third-party sites. Their privacy policies apply when you use them. This Policy applies only to information collected by us through the Site and Service.
We may change this Policy at any time. Significant changes may be notified by email or prominent Site notice and take effect 30 days after notification unless otherwise stated. Non-material changes take effect immediately. Review this page periodically.
legal.privacy.sections.contactBody