Privacy Policy

Last updated: 2026-04-21

This Privacy Policy explains what data CourseAI collects when you use the service, how we use it, and who we share it with. We aim for plain English over legalese.

Data we collect

• Email address — required to create and sign in to your account.
• Hashed password — stored as a bcrypt hash. We never see or store your plain-text password.
• Generated courses — lessons, quizzes, and flashcards produced from content you submit (pasted text, uploaded PDFs, or YouTube links). This includes the source content you provide.
• Stripe customer ID — for paying users, so we can match your subscription to your account. Stripe handles card details; we never see them.
• IP address — used only for abuse prevention and rate limiting. Retained for 24 hours, then discarded.

Third parties we share data with

• Stripe — processes payments and manages subscriptions. Stripe receives your email and billing information directly from you.
• Google Gemini and OpenRouter — AI providers that process your submitted content to generate courses. Content you submit is sent to these providers subject to their respective privacy policies.
• Vercel — hosts the application and handles request routing.

Your rights

You can request an export of your data, or deletion of your account and all associated courses, at any time. Email support@courseai.app and we will process the request within a reasonable time frame.

Cookies

We use only essential cookies: a session cookie (set by NextAuth to keep you signed in) and cookies set by Stripe during checkout. We do not use advertising or tracking cookies.

Contact

Questions about this policy? Email support@courseai.app.