Skip to main content
Back to home

Privacy Policy

Last updated: May 17, 2026

1. Introduction

Learnco ("we," "us," or "our") operates the Learnco platform (the "Service"). This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have. By using the Service you acknowledge that you have read and understood this policy.

2. Eligibility

The Service is intended for users aged 16 and older. We do not knowingly collect personal data from anyone under 16. If you are under 16, do not use the Service. If we learn that we have collected data from a user under 16, we will delete that data promptly. If you believe a child under 16 has provided us with personal data, please contact us at support@learnco.ai.

3. Information We Collect

3.1 Account Information

When you create an account using email and password, we collect your full name, email address, and password (which is hashed and stored by our authentication provider). If you sign in via Google OAuth, we receive your name, email address, and profile picture from Google. We also collect a CAPTCHA response token (via Cloudflare Turnstile) during signup and password reset to prevent automated abuse.

3.2 Content You Provide

We collect and store content you upload or create, including:

  • Documents, audio files, video files, presentations, and URLs you upload for processing
  • Text you enter directly (e.g., raw text input, essay submissions, chat messages, note edits, transcript annotations)
  • AI-generated study materials derived from your content (notes, flashcards, quizzes, glossaries, summaries, diagrams, and podcast scripts)

3.3 Learning and Usage Data

We automatically collect data about how you use the Service:

  • Flashcard review history (quality ratings, repetition count, ease factor, review intervals, next review date)
  • Quiz attempts and responses (scores, answers, time spent per question, topic breakdowns)
  • Chat conversation history with AI assistants
  • Daily usage counts (uploads, chat messages) for enforcing tier limits
  • Note sharing activity and collaboration records
  • Feynman technique explanations you submit for AI evaluation

3.4 Billing Information

If you subscribe to a paid plan, our payment processor (Stripe) collects your payment method details. We do not store your credit card number. We store your Stripe customer ID, subscription status, plan type, and billing period dates.

3.5 Technical and Analytics Data

We collect IP addresses, browser type, device information, page views, and interaction events. We use cookies and similar technologies as described in Section 8.

4. How We Use Your Information

We use your information to:

  • Provide the Service, including generating study materials from your content using artificial intelligence
  • Process your content through third-party AI services to generate notes, flashcards, quizzes, summaries, glossaries, diagrams, podcast audio, AI chat responses, essay grades, and AI-detection reports
  • Track your learning progress and study statistics
  • Process payments and manage your subscription
  • Send transactional emails (account verification, password resets, processing notifications)
  • Enforce usage limits and rate limits to maintain service quality
  • Detect and prevent fraud, abuse, and security incidents
  • Monitor application performance and fix errors
  • Analyze aggregated usage patterns to improve the Service

5. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, our legal bases for processing your personal data are:

  • Contract performance: Processing necessary to provide the Service you signed up for (account management, content processing, study material generation, billing).
  • Legitimate interests: Analytics, error monitoring, fraud prevention, rate limiting, and service improvement, where these interests are not overridden by your rights.
  • Consent: Non-essential analytics cookies. You may withdraw consent at any time.
  • Legal obligation: Where we are required to process data to comply with applicable law.

6. Third-Party Services

We share your data with the following third-party service providers, each acting as a data processor on our behalf. Your content and personal data are transmitted to these services only as necessary to operate the features described below.

6.1 AI Content Processing

  • Anthropic (Claude API) -- Your uploaded content, transcripts, chat messages, essay submissions, and note text are sent to Anthropic's Claude language models to generate study materials (notes, flashcards, quizzes, summaries, glossaries, diagrams, podcast scripts), provide AI chat responses, grade essays, generate comments on your notes, and evaluate Feynman technique explanations. Anthropic processes this data under their data usage policy and does not use API inputs to train their models.

6.2 Transcription and Audio

  • Deepgram -- Audio and video files you upload are sent to Deepgram for speech-to-text transcription. Deepgram processes your media to produce text transcripts and does not retain your media files after processing, in accordance with their data processing terms.
  • ElevenLabs -- When you generate a podcast from your notes, the AI-generated podcast script text (derived from your content) is sent to ElevenLabs for text-to-speech audio synthesis. ElevenLabs processes the text to produce audio files.

6.3 AI Detection

  • ZeroGPT -- If you use the AI detection feature (available on the Pro tier), the text you submit is sent to ZeroGPT's API to analyze whether the content may be AI-generated. ZeroGPT returns a detection score and highlighted passages.

6.4 Payments

  • Stripe -- Payment processing for subscriptions. Stripe collects and processes your payment method details directly. We do not store your credit card information. Stripe's processing is governed by the Stripe Privacy Policy.

6.5 Real-Time Collaboration

  • Liveblocks -- When you use real-time collaborative editing, your user ID, display name, avatar, cursor position, and document edits are transmitted to Liveblocks to synchronize the editing session across participants.

6.6 Analytics and Error Monitoring

  • PostHog -- Product analytics to understand how the Service is used. PostHog receives your user ID, email address, and name for user identification, as well as usage events (e.g., feature usage, page views). You may opt out of analytics tracking as described in Section 10.
  • Sentry -- Error monitoring and performance tracking. Sentry captures exceptions, performance data, and session replays. Session replays record a sample of user sessions (10% of sessions, 100% of sessions with errors) to help us diagnose issues. Replays may capture on-screen content and user interactions. Sentry applies automatic data scrubbing to remove common sensitive patterns (e.g., passwords, tokens).

6.7 Infrastructure and Security

  • Supabase -- Database hosting, user authentication, and file storage. All user data and uploaded files are stored in Supabase with row-level security and encryption at rest and in transit.
  • Upstash (Redis) -- Stores rate-limiting counters keyed by your user ID or IP address to prevent abuse. No content data is stored in Redis.
  • Cloudflare Turnstile -- Bot protection during signup and password reset. Turnstile collects interaction signals, browser characteristics, and your IP address to distinguish humans from bots. No CAPTCHA data is stored by us after verification.

6.8 Email

  • Resend -- Transactional email delivery (account verification, password resets, processing notifications). Resend receives the recipient's email address and the email content.

7. Data Storage and Security

Your data is stored using Supabase, which provides enterprise-grade PostgreSQL databases with row-level security policies. All data is encrypted at rest and in transit (TLS). Uploaded files are stored in Supabase Storage with per-user directory isolation and cryptographically signed access URLs that expire after one hour. Passwords are hashed before storage and are never accessible in plaintext.

8. Cookies and Similar Technologies

We use the following categories of cookies:

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Preference cookies: Store your UI preferences (e.g., theme, sidebar state). These are stored in your browser via cookies or local storage.
  • Analytics cookies: PostHog sets cookies to track usage patterns and identify returning users. You may opt out of these at any time (see Section 10).

We also use browser local storage for UI preferences (sidebar collapse state, folder view mode, flashcard shuffle preference).

9. Data Retention

  • Account data: Retained for as long as your account is active.
  • Uploaded content and study materials: Retained until you delete the associated note or your account.
  • Deleted notes: When you delete a note, it is soft-deleted (marked as deleted) and may be retained for up to 30 days before permanent removal.
  • Usage and rate-limit data: Daily counters reset automatically. Monthly counters reset each billing cycle.
  • Analytics data: Retained by PostHog and Sentry according to their respective retention policies.
  • After account deletion: When you delete your account, we permanently delete your profile, notes, transcripts, flashcards, quiz data, chat history, folders, courses, uploaded files, and cancel any active subscriptions. This process is irreversible.

10. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights:

  • Access: Request a copy of the personal data we hold about you. You can export your data at any time from your account settings.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data. You can delete your account at any time from your account settings, which permanently removes all associated data.
  • Data portability: Export your study materials in standard formats at any time.
  • Opt out of analytics: You may opt out of non-essential analytics tracking by disabling PostHog cookies in your browser or by contacting us.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Lodge a complaint: You have the right to lodge a complaint with your local data protection authority.

Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, disclose, and sell (we do not sell personal information); the right to request deletion; the right to opt out of the sale or sharing of personal information; and the right to non-discrimination for exercising your privacy rights. To exercise these rights, contact us at support@learnco.ai.

11. International Data Transfers

Your data may be processed in countries other than your own, including the United States and Canada, where our service providers operate. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

14. Contact

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a complaint, please contact us at support@learnco.ai.