Privacy Policy
1. Who we are
Coursio Ltd (“Coursio”, “we”, “us”) operates the website at coursio.ioand the 28-day AI learning program described there (the “Service”).
2. What we collect
2.1 What you give us
- Email address — when you sign up or capture during the funnel
- Name — when you fill it in (used on your certificate)
- Quiz answers — the goal, level, niche, time, tools, target income, and timeframe you select during the onboarding questionnaire — used to personalize your plan and offer
- Account password — stored as a hash, never as plain text
2.2 What we collect automatically
- Lesson progress — which lessons you marked complete and when
- Page-view analytics — anonymous, aggregate data via Vercel Analytics (no cookies, no cross-site tracking)
- Server logs — your IP address, browser, and the requests your browser made, kept for 30 days for security and debugging
2.3 What we don't collect
- Your full credit card number (Stripe handles that — we only see the last 4 digits)
- Your social profiles, contact list, or browsing history outside Coursio
- Anything we don't need to run the Service
3. How we use what we collect
- To deliver the lessons and the certificate to you
- To personalize your plan based on your quiz answers
- To process your payment and send the receipt
- To email you about important account or product changes
- To answer your support questions
- To send you marketing emails about Coursio, only if you opted in. Every marketing email has an unsubscribe link.
- To improve the Service — what's working, where students drop off, which lessons need a rewrite. This uses aggregate analytics, not your individual identity.
4. Who we share data with
We use a small set of vendors to run the Service. Each one has its own privacy practices we've reviewed:
- Stripe — payment processing. Receives your name, email, and payment details directly. See stripe.com/privacy.
- Supabase — database and audio storage. Stores your account, progress, and pre-generated lesson narration audio.
- Vercel — site hosting and analytics. Sees server logs and aggregate page-view stats.
- OpenAI — generates the narration audio for new lessons. The text we send is the lesson script, never your personal data.
- Email delivery — transactional and marketing emails are delivered through a standard email provider. They see your email address and the message content.
We do not sell your personal data. We do not share it with advertisers or data brokers.
5. Cookies and tracking
We use the minimum cookies needed to run the Service:
- Authentication cookies — keep you signed in. Set when you log in, cleared when you log out.
- Local storage— saves your funnel progress and your typed name on the certificate so you don't lose it on refresh. Stays on your device, never sent to us.
We don't use third-party advertising or cross-site tracking cookies.
6. Your rights
Depending on where you live, you may have the right to:
- See what data we hold about you
- Correct it if it's wrong
- Have it deleted (the “right to be forgotten”)
- Export it in a portable format
- Withdraw consent for marketing email at any time
- Lodge a complaint with your local data protection authority
To exercise any of these, email support@coursio.iofrom the address tied to your account. We'll respond within 30 days.
7. How long we keep data
- Account data — kept while your account is open, plus 30 days after you delete it (so you can change your mind)
- Payment records — kept for 7 years to comply with tax law
- Server logs — 30 days
- Aggregate analytics — kept indefinitely in anonymous form
8. Security
We use HTTPS everywhere, hash passwords, store data in access-controlled databases, and follow standard web-security practices. No system is bulletproof, but we treat your data as if it were our own.
9. Children
Coursio is not intended for users under 16. We don't knowingly collect data from anyone under that age. If you believe we have, email us at support@coursio.ioand we'll delete the account.
10. International transfers
Coursio runs on cloud infrastructure that may process your data outside your home country. When we transfer data internationally, we rely on standard contractual clauses or equivalent legal mechanisms required by your jurisdiction.
11. Changes to this policy
We may update this policy as the Service evolves. If a change is material, we'll email registered users at least 14 days before it takes effect.
12. Contact
Questions about your data or this policy? Email support@coursio.io.