Privacy Policy

    Last updated: June 18, 2026

    1. Introduction

    CourseLink ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at courselink.org, our mobile applications (the "CourseLink - AI Study Planner" app on the Apple App Store and Google Play), and all related services (collectively, the "Service").

    Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Service.

    2. Data Controller

    For the purposes of applicable data protection laws (including the General Data Protection Regulation), CourseLink is the data controller responsible for your personal data. You can contact us regarding data protection matters at:

    Email: contact@courselink.org

    3. Information We Collect

    3.1 Information You Provide Directly

    We collect personal information that you voluntarily provide when you:

    • Create an account: Email address, name (optional), password (encrypted)
    • Use social sign-in: Information from Google or Apple Sign-In (email, name, unique identifier)
    • Complete onboarding: Optional answers to onboarding questions, such as your academic year, number of courses, major, school, study habits, the tools you currently use, your goals, and the challenges you'd like CourseLink to solve. These questions are optional—you may skip any of them—and your answers help us set up your account and improve the product.
    • Upload content: Syllabus files (PDF, DOCX, images), course information, assignments, notes
    • Use the Service: Task completion data, personal to-do items, study timer sessions
    • Contact us: Any information you include in correspondence with us

    3.2 Information Collected Automatically

    When you access the Service, we automatically collect:

    • Device information: Device type, operating system, browser type and version
    • Usage data: Pages viewed, features used, time spent on pages, click data
    • Log data: IP address, access times, referring URLs
    • Mobile device data: Device identifiers, mobile network information

    3.3 Information from Third Parties

    We may receive information about you from third parties, including:

    • Authentication providers: Google and Apple provide basic profile information when you use social sign-in
    • Payment processors: Stripe and RevenueCat provide subscription status and payment confirmation (not payment card details)

    We measure product usage and our signup funnel using first-party analytics stored in our own database. We do not use third-party advertising or cross-site tracking analytics services.

    3.4 Optional Integrations You Connect

    Some features let you connect a third-party account. These integrations are optional and only active if you choose to connect them:

    • Spotify: If you connect Spotify, we store an authorization token so you can control playback inside CourseLink. We do not receive your Spotify password. You can disconnect at any time, and the token is removed when you disconnect or delete your account. See Spotify's Privacy Policy.

    4. Push Notifications

    If you enable push notifications, we collect:

    • Device token/Player ID: A unique identifier for delivering notifications via OneSignal
    • Notification preferences: Your settings for notification types and timing
    • Quiet hours: Time periods when you prefer not to receive notifications

    Push notifications are optional. You can disable them at any time through your device settings or within the app preferences. We use OneSignal to deliver notifications, and your device token is used solely for this purpose.

    5. Payment and Subscription Data

    5.1 Web Subscriptions (Stripe)

    For subscriptions purchased on our website, we use Stripe as our payment processor. We store:

    • Stripe customer ID (linking your account to Stripe)
    • Subscription status (active, canceled, past due)
    • Plan information and billing period dates

    Important: We do NOT store credit card numbers, CVV codes, or full payment details. All payment processing is handled by Stripe in compliance with PCI-DSS standards. See Stripe's Privacy Policy.

    5.2 In-App Purchases (Apple App Store & Google Play)

    For subscriptions purchased through our iOS or Android app, payments are processed by Apple (App Store) or Google (Google Play) and managed through RevenueCat. We receive:

    • RevenueCat subscriber ID (linking your account to your subscription)
    • Subscription entitlements and status
    • Purchase confirmation and renewal information

    Apple and Google handle all payment processing for in-app purchases. We do not receive or store your Apple ID or Google account password or payment information. See Apple's Privacy Policy, Google's Privacy Policy, and RevenueCat's Privacy Policy.

    6. Activity, Usage, and Onboarding Data

    To provide features like study streaks and personalized insights, and to understand and improve how CourseLink works, we collect:

    • Daily activity: Dates when you access the Service (for study streak calculation)
    • Task completion: When you mark assignments or to-dos as complete
    • Focus sessions: Pomodoro timer usage, session durations, break intervals
    • Time estimates: Optional time tracking for different assignment types
    • Onboarding responses: The optional answers you give during onboarding (such as your year, courses, major, study habits, goals, and challenges)
    • Product usage and funnel events: Which features you use and key steps you take (for example, signing up, uploading a syllabus, creating a schedule, or starting a subscription), along with general device and platform information

    How we use this to improve the product. We collect and analyze your activity, usage, and onboarding data to operate, maintain, personalize, secure, troubleshoot, and improve the Service, to understand how students use CourseLink, and to research, develop, and test new and existing features. This may include combining your data with that of other users and analyzing it in aggregated or de-identified form. We rely on this analysis to decide what to build and how to make CourseLink better for students.

    Your personalized productivity insights are only accessible by you. We do not sell this data, we do not use it for third-party advertising, and we do not share it with third parties for their own marketing purposes. Where required by law, we rely on the legal bases described in Section 7, and you can exercise the choices described in Section 13 (including access, deletion, and objecting to processing based on our legitimate interests).

    7. Legal Basis for Processing (GDPR)

    If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

    • Contract performance: Processing necessary to provide the Service you requested (account management, syllabus parsing, assignment tracking)
    • Legitimate interests: Processing for our legitimate business interests (improving the Service, fraud prevention, security) where not overridden by your rights
    • Consent: Processing based on your explicit consent (push notifications, marketing communications)
    • Legal obligation: Processing necessary to comply with legal requirements

    8. How We Use Your Information

    We use your information for the following purposes:

    • Provide the Service: Create accounts, parse syllabi, organize assignments, sync calendars
    • Process payments: Manage subscriptions, process refunds, provide customer support
    • Send notifications: Assignment reminders, study prompts, service announcements
    • Improve the Service: Analyze activity, usage, and onboarding responses to fix bugs, measure our signup funnel, and research and develop new and existing features
    • Personalization: Use your onboarding answers and activity to tailor your setup, workload analysis, and productivity insights
    • Security: Detect fraud, unauthorized access, and other security issues
    • Legal compliance: Comply with applicable laws and regulations
    • Communications: Respond to inquiries and provide customer support

    Email communications. We send two kinds of email. Transactional/service emails (such as account, security, and subscription notices) are necessary to operate the Service. Lifecycle and marketing emails (such as onboarding tips and reminders to get started) are sent to help you make the most of CourseLink. Every lifecycle and marketing email includes an unsubscribe link, and you can opt out at any time without affecting transactional emails. Lifecycle and marketing emails are delivered using Resend.

    9. Data Security

    We implement appropriate technical and organizational security measures, including:

    • Encryption of data in transit using TLS/SSL
    • Encryption of sensitive data at rest
    • Secure password hashing (bcrypt)
    • Row-level security (RLS) on database tables
    • Regular security audits and vulnerability assessments
    • Access controls and authentication mechanisms
    • PCI-DSS compliant payment processing

    However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

    10. Information Sharing and Disclosure

    We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

    • Service providers: Third parties who help operate our Service (hosting, payment processing, analytics) under strict contractual obligations
    • Legal requirements: When required by law, court order, or government request
    • Business transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)
    • Protection of rights: To protect our rights, safety, or property, or that of our users
    • With your consent: When you have given explicit permission

    11. Third-Party Services

    Our Service uses the following third-party services:

    12. Cookies and Tracking Technologies

    We use cookies and similar technologies for:

    • Essential cookies: Required for authentication and security (cannot be disabled)
    • Preference cookies: Remember your settings and preferences
    • Analytics cookies: Help us understand how visitors use the Service

    You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.

    13. Your Data Rights

    Depending on your location, you may have the following rights:

    • Access: Request a copy of your personal data
    • Correction: Request correction of inaccurate data
    • Deletion: Request deletion of your personal data
    • Portability: Request transfer of your data in a machine-readable format
    • Objection: Object to processing based on legitimate interests
    • Restriction: Request restriction of processing
    • Withdraw consent: Withdraw consent for optional processing (e.g., push notifications)

    To exercise these rights, contact us at contact@courselink.org. We will respond within 30 days (or sooner if required by law). You may also delete your account directly within the app settings, which permanently removes all your personal data.

    14. California Privacy Rights (CCPA)

    If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

    • Right to know: Request disclosure of personal information collected, used, and shared
    • Right to delete: Request deletion of your personal information
    • Right to opt-out: Opt out of the sale of personal information (note: we do not sell personal information)
    • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

    Categories of personal information collected: Identifiers (email, name), commercial information (subscription status), internet activity (usage data), geolocation (IP-based), inferences (productivity insights).

    We do not sell personal information as defined by the CCPA.

    15. Do Not Track Signals

    Some browsers have a "Do Not Track" feature that signals to websites that you do not want to be tracked. Our Service does not currently respond to Do Not Track signals. However, we do not engage in cross-site tracking or share your information with third parties for targeted advertising purposes.

    16. Children's Privacy

    The Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at contact@courselink.org. If we discover that we have collected personal information from a child under the applicable age, we will delete it promptly.

    17. Data Retention

    We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for:

    • Legal obligations (tax records, fraud prevention)
    • Resolving disputes
    • Enforcing our agreements
    • Legitimate business purposes (aggregated or de-identified analytics)

    Your onboarding responses and activity data are part of your account data and are deleted or anonymized on the same timeline when you delete your account. Any connected-integration tokens (such as a Spotify authorization token) are removed when you disconnect the integration or delete your account. Our email provider (Resend) may retain email delivery logs under its own retention schedule, which can differ from ours; see Resend's Privacy Policy.

    18. International Data Transfers

    Your information may be transferred to and processed in countries other than your country of residence, including the United States, where data protection laws may differ. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where applicable.

    19. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or sending you an email. The "Last updated" date at the top indicates when the policy was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

    20. Contact Us

    If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

    CourseLink Privacy Team

    Email: contact@courselink.org

    Website: https://courselink.org

    If you are in the EEA and believe we have not adequately resolved your privacy concern, you have the right to lodge a complaint with your local data protection authority.