Privacy Policy
Last updated: December 16, 2025
1. Introduction
Learnbase LLC ("Learnbase", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
This policy applies to visitors of our website, academy owners who use our platform, and students who access academies hosted on our platform.
For student data: Academy owners act as data controllers, and Learnbase acts as a data processor on their behalf.
2. Information We Collect
Information You Provide
We collect information you provide directly when creating an account or using our Service:
- Email Address: Account creation, login, and communications
- Name: Profile identification and certificate issuance
- Password: Authentication (stored securely hashed, never in plain text)
- Profile Picture: Profile personalization (optional)
Information Collected Automatically
When you use our Service, we automatically collect certain information:
- Pages visited and navigation patterns
- Session duration and frequency of use
- Browser type and device information
- How you arrived at our Service
- General geographic location (derived from IP address, not stored)
Learning Data
- Course enrollments and status
- Video watch progress and completion status
- Quiz responses and scores
- Certificate issuance records
Payment Information
Payment processing is handled by Stripe. We store Stripe customer IDs, subscription IDs, and transaction records (amounts and status).
We do not store credit card numbers or sensitive payment details. All payment data is processed securely by Stripe (PCI-DSS compliant).
AI Processing Data
- Video audio for transcription purposes
- Prompts for content generation
- Your feedback on AI-generated content
- Inferred style and tone preferences
3. How We Use Your Information
- Provide, maintain, and improve our Service
- Process payments and manage subscriptions
- Send transactional emails (verification, receipts, certificates)
- Analyze usage patterns and improve features
- Ensure security and prevent fraud
- Comply with legal obligations
- Power AI-assisted content generation features
4. Information Sharing
Service Providers
We share information with third-party service providers who perform services on our behalf:
| Provider | Data Shared | Purpose | Location |
|---|---|---|---|
| Stripe | Email, payment amounts | Payment processing | USA/EU |
| Railway | All service data | Hosting and storage | USA |
| Cloudflare | Domain names | DNS and SSL | Global |
| Resend | Name, email | Transactional email | USA |
| Groq | Audio, prompts | AI transcription | USA |
| Google AI | Prompts | Image generation | USA |
| OpenAI | Chat prompts | Learning chat | USA |
| Langfuse | AI traces | Quality monitoring | USA |
Legal Requirements
We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any change in ownership or use of your personal information.
We do not sell your personal information to third parties.
5. International Data Transfers
Our primary infrastructure is located in the United States. If you are accessing our Service from outside the US, your information will be transferred to and processed in the US.
For users in the European Economic Area (EEA), we rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection for international data transfers.
6. Data Retention
- Account data: Retained until you request deletion
- Payment records: 7 years (legal requirement)
- Learning progress: Until account deletion
- Certificates: Permanent (for verification)
- Analytics data: 2 years
- Server logs: 90 days
7. Your Rights (GDPR - European Users)
If you are located in the European Economic Area (EEA), you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Request limitation of data processing
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent where processing is based on consent
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
8. Your Rights (CCPA - California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to Know: Request disclosure of what personal information we collect, use, and share
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do not sell personal information, so this right does not apply
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
9. Cookies & Tracking Technologies
We use minimal tracking technologies:
- We do not use traditional tracking cookies
- localStorage: Used to store authentication tokens (JWT) for your session
- sessionStorage: Used to store a temporary session ID for analytics
- Umami: Privacy-focused analytics that does not use cookies or collect personal data
10. Security Measures
We implement appropriate technical and organizational measures to protect your information:
- Passwords are securely hashed using bcrypt
- Authentication tokens expire after 15 minutes
- All data transmitted over HTTPS/TLS encryption
- File access via secure presigned URLs (7-day expiry)
- Role-based access control for data access
- Multi-tenant data isolation
11. Children's Privacy
Our platform is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13.
Academy owners are responsible for ensuring compliance with age requirements and obtaining appropriate consent for minors who access their academies.
If you believe we have collected information from a child under 13, please contact us immediately at [email protected] so we can delete it.
12. Multi-Tenant Architecture
Our platform uses a multi-tenant architecture where each academy operates independently:
- Learnbase: Acts as data processor for academy student data
- Academy Owners: Act as data controllers for their students' personal data
If you are a student, please also review your academy's privacy policy for information about how they handle your data.
13. AI Processing Notice
We use artificial intelligence to provide various features:
- Video transcription (audio is sent to Groq)
- Course content generation (prompts sent to AI providers)
- Learning assistance chat
- Image and theme generation
AI processing may involve: Groq, Google (Gemini), OpenAI (GPT-4o), and Anthropic (Claude).
AI outputs may be monitored via Langfuse for quality improvement purposes.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email. Minor changes will be reflected by an updated "Last Updated" date. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
15. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
Learnbase LLC
Email: [email protected]
For privacy-related requests, please include "Privacy Request" in your email subject line.
See also: Terms of Service