Course Crow AICourse Crow AI
Legal

Privacy Notice

Last updated: April 22, 2026

1. Who we are

Course Crow AI ("we", "us", "our") is the data controller for personal data collected through our website and AI-powered e-learning studio (the "Service"). For any questions about this notice or your data, contact us at pinkprotocolai@gmail.com.

2. Data we collect

  • Account data — name, email address, password (hashed), and profile details such as company name and avatar.
  • Content data — prompts, uploaded files (PDFs, slide decks, etc.), generated courses, slides, narration, quizzes, and any media you create or attach.
  • Usage data — feature usage, course generation activity, quiz attempts, IP address, device and browser information, and similar telemetry.
  • Support data — messages you send us when contacting support.
  • Order data — handled by our payment provider Paddle (see "Sharing" below); we receive subscription and order metadata but not your full payment details.

3. How we use your data

  • Provide the Service — create your account, generate and store your courses, run AI features, deliver SCORM exports (legal basis: performance of contract).
  • Security and fraud prevention — detect abuse, protect accounts, enforce our Terms (legal basis: legitimate interests).
  • Improve the Service — analyze aggregated usage to fix bugs and improve features (legal basis: legitimate interests).
  • Customer support — respond to your requests (legal basis: performance of contract / legitimate interests).
  • Transactional communications — send service-related emails such as receipts, password resets, and important notices (legal basis: performance of contract).
  • Marketing — send product updates only where permitted, with an unsubscribe option (legal basis: consent or legitimate interests).
  • Legal compliance — comply with applicable laws and lawful requests (legal basis: legal obligation).

4. AI processing

To generate courses we send your prompts and uploaded content to third-party AI model providers (e.g., model hosts that power text generation, image generation, and text-to-speech). These providers process the data on our behalf to return outputs and do not use your content to train their public foundation models under our agreements. Outputs are stored in your account.

5. Sharing your data

We share personal data only with the following categories of recipients:

  • Service providers / subprocessors — hosting, database, storage, analytics, AI model providers, and email delivery, all bound by contractual data-protection terms.
  • Merchant of Record (Paddle) — Paddle.com handles checkout, payments, subscription management, tax compliance, invoicing, and refunds. Paddle is an independent controller for payment data it collects directly from you.
  • Professional advisers — lawyers, accountants, and auditors where reasonably needed.
  • Authorities — where required by law, court order, or to protect our rights.
  • Successors — in connection with a merger, acquisition, or sale of assets, subject to confidentiality.

We do not sell your personal data.

6. International transfers

Your data may be processed in countries outside your own, including the United States. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions to protect transfers.

7. Data retention

We keep personal data only for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Account and course data are kept while your account is active and for a reasonable period after closure, after which they are deleted or anonymized. Order records are retained as required by tax and accounting law.

8. Your rights

Subject to applicable law (including GDPR / UK GDPR where relevant), you have the right to: access your personal data; have inaccurate data corrected; have data deleted; restrict or object to processing; receive your data in a portable format; and withdraw consent at any time. You also have the right to lodge a complaint with your local data protection authority. To exercise any of these rights, email pinkprotocolai@gmail.com. We will respond within one month.

9. Security

We use appropriate technical and organisational measures — including encryption in transit, access controls, and regular reviews — to protect your data. No system is perfectly secure; please use a strong password and keep it confidential.

10. Cookies

We use a small number of cookies and similar technologies that are strictly necessary to run the Service (e.g., to keep you signed in) and, where applicable, analytics cookies to understand usage. You can manage cookies through your browser settings. Essential cookies cannot be disabled without breaking the Service.

11. Children

The Service is not directed to children under 16 and we do not knowingly collect their personal data. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to this notice

We may update this Privacy Notice from time to time. The "Last updated" date at the top reflects the latest version. Material changes will be communicated through the Service or by email.

13. Contact

Questions or requests about your data? Email us at pinkprotocolai@gmail.com.