Privacy & Cookie Policy

Last updated: 12.01.2026

View in German

This Privacy & Cookie Policy describes how Studycraft collects, uses, stores, and protects personal data of users within the European Union in accordance with the General Data Protection Regulation (GDPR).

By using our platform, you agree to the practices described in this Policy.

1. Personal Data Collected

1.1. Data Provided by Users

We collect only data that users explicitly provide during account creation or through profile settings, including:

  • Email address
  • Password (stored in encrypted/hashed form)
  • Manually added profile information (name, photo, biography)
  • Optional profile details for creators: professional experience, education, skills, certificates
  • Optional social media links manually added by the user in their profile description or biography

1.2. Data Collected Automatically

When using the platform, technical data necessary for security and functionality may be collected, including:

  • IP address
  • Device type, browser, and operating system
  • Date and time of access
  • Login attempt logs (successful and failed attempts)
  • Server logs of visited pages
  • System error logs

IP-based geolocation may be used exclusively for security and analytical purposes.

1.3. Payment-Related Data

We do not store any bank account or payment card details.

All payments are processed securely via Stripe.

We store only the minimum identifiers required to operate the platform, including:

  • Stripe Connected Account ID (for creators)
  • Stripe transaction data: transaction ID, amount, currency, and status

Users can view their transaction history within the platform. Creators may access their Stripe Dashboard via an external Stripe link.

2. Purpose of Data Processing

The collected data is used for the following purposes:

  • Creating and managing user accounts
  • Providing platform functionality (courses, lessons, payments)
  • Supporting creators with Stripe onboarding
  • Ensuring platform security and preventing unauthorized access
  • Maintaining logs and diagnosing technical errors
  • Displaying payment operations to users
  • Providing customer support
  • Complying with legal and financial obligations

We do not sell or rent personal data.

3. Cookies and Local Storage

3.1. Essential Cookies

Required for:

  • Login and session management
  • Security
  • Core platform functionality

These cookies cannot be disabled, as the platform would otherwise not function properly.

3.2. Functional Cookies

Used to:

  • Store interface preferences
  • Improve user experience

3.3. Player Cookies (PlayerJS)

Used to ensure proper video playback.

3.4. Tracking / Advertising Cookies

We do not use any tracking, advertising, or remarketing cookies.

3.5. Local Storage

Local storage is used exclusively for platform functionality, for example:

  • Saving editor drafts
  • Interface settings
  • Temporary UI states

No sensitive data is stored in the user’s browser.

4. Data Sharing with Third Parties

Personal data is shared only with the following parties:

4.1. Stripe

For payment processing and connecting creator accounts.

4.2. Media Hosting Provider

If users upload images, videos, or course materials, media files are stored with a media hosting provider. No personal data is transferred—only the media files uploaded by the user.

There are no other integrations receiving personal data. We do not sell, transfer, or disclose personal data for advertising purposes.

5. Data Storage and Security

We implement modern technical and organizational security measures, including:

  • HTTPS encryption
  • Password hashing
  • Access controls
  • Server-level security
  • Regular log monitoring
  • Secure backup strategies

Personal data is stored only for as long as necessary to operate the platform or to comply with statutory obligations.

6. Deletion of Personal Data

Users may request deletion of their account via our support channels.

Upon deletion request:

  • The user account is removed
  • All related data (courses, progress, materials, logs) is deleted on a cascading basis
  • Transaction records may be retained where required by statutory financial regulations

7. Legal Bases for Processing

In accordance with the GDPR, personal data is processed based on the following legal grounds:

  • Contractual necessity – to provide platform services
  • User consent – for optional profile data
  • Legitimate interests – security, fraud prevention, platform improvement
  • Legal obligations – accounting and financial reporting

8. Age Restrictions

Use of the platform is permitted only to persons who have legal capacity under applicable law. Within the European Union, this generally requires a minimum age of 18 years.

9. User Rights under the GDPR

Users within the EU have the right to:

  • Access their personal data
  • Rectify inaccurate data
  • Request deletion of data
  • Withdraw consent at any time
  • Request data portability
  • Restrict or object to data processing

10. Contact

For data protection inquiries, please contact us at:

Email: office@studycraft.org
Support: https://studycraft.org/dashboard/support

In case of any ambiguity or inconsistency between the German version of this document and its translations, the German version shall be authoritative and prevail for all legal purposes.