Privacy Policy

CourseLink ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at courselink.org, our mobile applications (including the iOS app "CourseLink - Student Planner"), and all related services (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Service.

For the purposes of applicable data protection laws (including the General Data Protection Regulation), CourseLink is the data controller responsible for your personal data. You can contact us regarding data protection matters at:

3.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you:

• Create an account: Email address, name (optional), password (encrypted)
• Use social sign-in: Information from Google or Apple Sign-In (email, name, unique identifier)
• Upload content: Syllabus files (PDF, DOCX, images), course information, assignments, notes
• Use the Service: Task completion data, personal to-do items, study timer sessions
• Contact us: Any information you include in correspondence with us

3.2 Information Collected Automatically

When you access the Service, we automatically collect:

• Device information: Device type, operating system, browser type and version
• Usage data: Pages viewed, features used, time spent on pages, click data
• Log data: IP address, access times, referring URLs
• Mobile device data: Device identifiers, mobile network information

3.3 Information from Third Parties

We may receive information about you from third parties, including:

• Authentication providers: Google and Apple provide basic profile information when you use social sign-in
• Payment processors: Stripe and RevenueCat provide subscription status and payment confirmation (not payment card details)
• Analytics services: Aggregated usage statistics

If you enable push notifications, we collect:

• Device token/Player ID: A unique identifier for delivering notifications via OneSignal
• Notification preferences: Your settings for notification types and timing
• Quiet hours: Time periods when you prefer not to receive notifications

Push notifications are optional. You can disable them at any time through your device settings or within the app preferences. We use OneSignal to deliver notifications, and your device token is used solely for this purpose.

5.1 Web Subscriptions (Stripe)

For subscriptions purchased on our website, we use Stripe as our payment processor. We store:

• Stripe customer ID (linking your account to Stripe)
• Subscription status (active, canceled, past due)
• Plan information and billing period dates

Important: We do NOT store credit card numbers, CVV codes, or full payment details. All payment processing is handled by Stripe in compliance with PCI-DSS standards. See Stripe's Privacy Policy.

5.2 In-App Purchases (Apple App Store)

For subscriptions purchased through the iOS app, payments are processed by Apple through the App Store. We receive:

• RevenueCat subscriber ID (linking your account to your subscription)
• Subscription entitlements and status
• Purchase confirmation and renewal information

Apple handles all payment processing for in-app purchases. We do not receive or store your Apple ID password or payment information. See Apple's Privacy Policy and RevenueCat's Privacy Policy.

To provide features like study streaks and personalized insights, we track:

• Daily activity: Dates when you access the Service (for study streak calculation)
• Task completion: When you mark assignments or to-dos as complete
• Focus sessions: Pomodoro timer usage, session durations, break intervals
• Time estimates: Optional time tracking for different assignment types

This data is used to provide personalized productivity insights and is only accessible by you. We do not use this data for advertising or share it with third parties for marketing purposes.

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contract performance: Processing necessary to provide the Service you requested (account management, syllabus parsing, assignment tracking)
• Legitimate interests: Processing for our legitimate business interests (improving the Service, fraud prevention, security) where not overridden by your rights
• Consent: Processing based on your explicit consent (push notifications, marketing communications)
• Legal obligation: Processing necessary to comply with legal requirements

We use your information for the following purposes:

• Provide the Service: Create accounts, parse syllabi, organize assignments, sync calendars
• Process payments: Manage subscriptions, process refunds, provide customer support
• Send notifications: Assignment reminders, study prompts, service announcements
• Improve the Service: Analyze usage patterns, fix bugs, develop new features
• Personalization: Provide personalized workload analysis and productivity insights
• Security: Detect fraud, unauthorized access, and other security issues
• Legal compliance: Comply with applicable laws and regulations
• Communications: Respond to inquiries and provide customer support

We implement appropriate technical and organizational security measures, including:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Secure password hashing (bcrypt)
• Row-level security (RLS) on database tables
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• PCI-DSS compliant payment processing

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• Service providers: Third parties who help operate our Service (hosting, payment processing, analytics) under strict contractual obligations
• Legal requirements: When required by law, court order, or government request
• Business transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)
• Protection of rights: To protect our rights, safety, or property, or that of our users
• With your consent: When you have given explicit permission

11. Third-Party Services

Our Service uses the following third-party services:

• Supabase: Database and authentication - Privacy Policy
• Stripe: Web payment processing - Privacy Policy
• RevenueCat: In-app purchase management - Privacy Policy
• Apple: iOS app distribution and payments - Privacy Policy
• OneSignal: Push notifications - Privacy Policy
• Google AI: AI-powered syllabus parsing - Privacy Policy
• Google Sign-In: Authentication - Privacy Policy

12. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential cookies: Required for authentication and security (cannot be disabled)
• Preference cookies: Remember your settings and preferences
• Analytics cookies: Help us understand how visitors use the Service

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.

13. Your Data Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Portability: Request transfer of your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Restriction: Request restriction of processing
• Withdraw consent: Withdraw consent for optional processing (e.g., push notifications)

To exercise these rights, contact us at contact@courselink.org. We will respond within 30 days (or sooner if required by law). You may also delete your account directly within the app settings, which permanently removes all your personal data.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know: Request disclosure of personal information collected, used, and shared
• Right to delete: Request deletion of your personal information
• Right to opt-out: Opt out of the sale of personal information (note: we do not sell personal information)
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

Categories of personal information collected: Identifiers (email, name), commercial information (subscription status), internet activity (usage data), geolocation (IP-based), inferences (productivity insights).

We do not sell personal information as defined by the CCPA.

15. Do Not Track Signals

Some browsers have a "Do Not Track" feature that signals to websites that you do not want to be tracked. Our Service does not currently respond to Do Not Track signals. However, we do not engage in cross-site tracking or share your information with third parties for targeted advertising purposes.

The Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at contact@courselink.org. If we discover that we have collected personal information from a child under the applicable age, we will delete it promptly.

17. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for:

• Legal obligations (tax records, fraud prevention)
• Resolving disputes
• Enforcing our agreements
• Legitimate business purposes (aggregated analytics)

18. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where data protection laws may differ. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where applicable.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or sending you an email. The "Last updated" date at the top indicates when the policy was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

If you are in the EEA and believe we have not adequately resolved your privacy concern, you have the right to lodge a complaint with your local data protection authority.