Privacy & Cookies Policy

Last updated: 26.11.2025

This Privacy & Cookies Policy describes how Studycraft (“we”, “our”, “the platform”) collects, uses, stores, and protects personal information of users within the European Union in accordance with the GDPR (General Data Protection Regulation).

By using our platform, you agree to the practices described in this policy.

1. Information We Collect

1.1. Information provided by users

We collect only the information that users explicitly provide through account creation or profile settings:

  • Email address
  • Password (stored in encrypted form)
  • Profile information added manually (name, photo, biography)
  • Optional profile details for teachers: work experience, education, skills, certificates
  • Optional social media links (added manually by the user in their profile description or bio)

We do not collect or store phone numbers.

We do not automatically collect or import any social media accounts.

1.2. Information collected automatically

When you use the platform, we may collect technical information necessary for security and functionality:

  • IP address
  • Device type, browser, operating system
  • Date and time of access
  • Login attempt logs (success/failed)
  • Server logs of visited pages
  • System error logs

We may also use IP-based geolocation to determine the country of login for security and analytics.

1.3. Payment-related information

We do not store any banking or card details.

All payment data is processed securely by Stripe.

We store only the minimum identifiers required to operate the platform:

  • Stripe Connected Account ID (for teachers)
  • Stripe transaction records: transaction ID, amount, currency, status

Users can view their transaction history inside the platform. Teachers can access their Stripe Dashboard through an external Stripe link.

2. How We Use the Information

We use collected data to:

  • Create and maintain user accounts
  • Deliver platform functionality (courses, lessons, payments)
  • Provide teacher onboarding to Stripe
  • Improve security and prevent unauthorized access
  • Maintain logs and diagnose errors
  • Display a user’s own payment operations
  • Provide customer support
  • Comply with legal or financial reporting obligations

We never sell or rent personal data.

3. Cookies and Local Storage

We use the following categories of cookies:

3.1. Essential cookies

Required for:

  • Login and session maintenance
  • Security
  • Basic platform functionality

These cookies cannot be disabled because the platform would not function.

3.2. Functional cookies

Used to:

  • Remember interface preferences
  • Improve user experience

3.3. Player cookies (PlayerJS)

Used to ensure proper video playback.

3.4. Tracking / advertising cookies

We do not use any tracking, advertising, or remarketing cookies.

3.5. Local Storage

We use local storage solely for platform functionality, for example:

  • Saving editor drafts
  • Interface settings
  • Temporary UI state

No sensitive data is stored in the browser.

4. Data Sharing With Third Parties

We do not share user data with any third parties except:

4.1. Stripe

To process payments and connect teacher accounts.

4.2. Media hosting provider

If users upload images, videos, or course materials, files are stored on our secure cloud storage provider (B2 Object Storage). Personal information is not transferred to them; only media files uploaded by the user.

We have no other integrations that receive personal data. We do not transfer, sell, or provide personal data for advertising purposes.

5. Data Storage and Security

We implement modern security practices, including:

  • HTTPS encryption
  • Password hashing
  • Access controls
  • Server-level protection
  • Regular log monitoring
  • Secure data backup policies

Personal data is stored only for as long as necessary to operate the platform or meet legal obligations.

6. Deletion of Personal Data

Users can request the deletion of their account by contacting our support team.

Upon deletion request:

  • The user account is removed
  • All related data (courses, progress, materials, logs) is deleted cascadingly
  • Transaction records may be retained if required by financial law

7. Legal Basis for Data Processing

In accordance with GDPR, we process data based on:

  • Contractual necessity — to provide platform services
  • User consent — for optional profile data
  • Legitimate interest — security, fraud prevention, platform improvement
  • Legal obligations — accounting, financial reporting

8. Age Restrictions

The platform is intended for users who are legally able to manage their own payment accounts and perform transactions independently within the EU (typically 18+, or younger with legal ability determined by local legislation).

We do not knowingly allow registration of children unable to legally manage payments.

9. Your Rights Under GDPR

Users located in the EU have the right to:

  • Access their personal data
  • Correct inaccurate data
  • Request deletion of data
  • Withdraw consent
  • Request data portability
  • Restrict or object to processing

To exercise any rights, contact us via email.

10. Contact Information

For privacy questions or GDPR requests, contact us:

support@studycraft.org
Studycraft