Privacy Policy

Last updated: February 1, 2026

Introduction

Welcome to Aicode Academy (hereinafter referred to as "we," "Aicode Academy," "us," or "our"). Aicode Academy is operated by Aicode Studio, registered with the Dutch Chamber of Commerce (KVK) under number 89302230.

We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our e-learning platform and services. By accessing or using our platform at academy.aicode.studio, you agree to the practices described in this Privacy Policy.

This policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Information We Collect

1. Information You Provide Directly

When you create an account and use our e-learning platform, we collect the following information:

  • Account Information: Name, email address, password (encrypted), and profile avatar
  • Course Enrollment Data: Information about which courses you've enrolled in, your progress through lessons, and completion status
  • Discord Integration Data: If you connect your Discord account to access course communities, we collect your Discord user ID, username, avatar URL, and server membership status
  • Communications: Information you provide when contacting us at privacy@aicode.studio or aitor@aicode.studio

2. Payment Information

When you purchase a paid course:

  • Transaction Data: We store order summary records including the course purchased, amount paid, date, and order status
  • Payment Processing: All payment card details are processed and securely stored by Stripe, our payment processor. We never see or store your complete card information

3. Automatically Collected Information

When you visit or use our platform, we automatically collect:

  • Device Information: IP address, browser type, operating system, and device identifiers
  • Usage Data: Pages viewed, features used, access times, and referring URLs
  • Video Progress: We track which lessons you've completed to display your course progress. We do not track granular video metrics like pause points or rewind counts
  • Cookies: We use cookies for authentication, analytics, and to improve your user experience (see Cookie Policy section below)

How We Use Your Information

We use the collected information for the following purposes:

  • Providing Our Services:

    • Managing your account and authentication
    • Processing course enrollments and tracking your learning progress
    • Delivering course content including videos hosted on Vimeo
    • Granting access to Discord communities associated with your enrolled courses
    • Processing payments through Stripe for paid courses

  • Communication:

    • Sending transactional emails related to your account and purchases
    • Responding to your inquiries and support requests
    • We do not send marketing emails

  • Improving Our Platform:

    • Analyzing usage patterns through Google Analytics to optimize user experience
    • Understanding which courses and features are most valuable
    • Identifying and fixing technical issues

  • Security and Fraud Prevention:

    • Detecting and preventing unauthorized access to accounts
    • Protecting against fraudulent transactions
    • Maintaining security logs with IP addresses for up to 2 years

  • Legal Compliance:

    • Fulfilling our legal obligations under Dutch law and GDPR
    • Retaining financial records for tax purposes as required by the Dutch Chamber of Commerce

Third-Party Services and Data Sharing

We do not sell or rent your personal information to third parties. We work with trusted service providers who process data on our behalf:

Essential Service Providers

  • Supabase (Authentication & Database): Stores your account data and course information. Data is hosted in Germany (EU region) with encryption at rest and in transit.

  • Stripe (Payment Processing): Processes all payments and stores payment card information. We only store order summaries; Stripe handles all sensitive payment data according to their privacy policy.

  • Vimeo (Video Hosting): Hosts course video content. When you play a video, your browser connects directly to Vimeo's servers. Vimeo may collect IP addresses and viewing data per their privacy policy. We do not send personal identifiers to Vimeo.

  • Discord (Community Features): When you connect your Discord account, we share minimal information (your platform account link) to grant access to course-specific communities. Discord operates under their own privacy policy.

  • Google Analytics (GA4): Tracks anonymous usage patterns to help us improve the platform. We use property ID G-9K0169V8KW. Google Analytics uses cookies and may collect IP addresses.

Legal Disclosure

We may disclose your information when:

  • Required by law, court order, or legal process
  • Necessary to protect our rights, property, or safety, or that of our users
  • In connection with a business transaction such as a merger or acquisition (users would be notified)

We do not:

  • Share data with educational institutions or employers
  • Participate in affiliate programs that involve data sharing
  • Use marketing pixels or remarketing services
  • Provide API access to third parties

Data Storage, Security, and Retention

Where We Store Your Data

All personal data is stored within the European Union (Germany) through Supabase's infrastructure. This ensures compliance with GDPR data residency requirements.

Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: All data is encrypted in transit using SSL/TLS and at rest through Supabase's PostgreSQL encryption
  • Authentication: Secure password requirements enforced by Supabase. Two-factor authentication is not currently available but may be implemented in the future
  • Payment Security: All payment processing is handled by Stripe, a PCI DSS compliant payment processor
  • Access Controls: Limited internal access to personal data on a need-to-know basis
  • Infrastructure Security: We leverage the security certifications and audits of Supabase and Stripe, both SOC 2 compliant providers

While we implement robust security measures, no internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to protect your information.

Data Retention Periods

We retain your information for as long as necessary to provide services and fulfill legal obligations:

  • Active Accounts: Personal data is retained indefinitely while your account is active, allowing you to access your purchased courses at any time

  • After Account Deletion:

    • Most personal data (profile, course progress, enrollments) is deleted within 30 days
    • Order summary records are retained for 7 years to comply with Dutch tax law (Chamber of Commerce requirements)
    • Detailed payment information remains with Stripe according to their retention policy

  • Specific Data Types:

    • Financial/billing records: 7 years (legal requirement)
    • Security logs (IP addresses): 2 years (fraud prevention)
    • Anonymized analytics: Indefinitely (no personal identifiers)
    • Discord connection records: Retained for administrative purposes unless deletion requested

  • Inactive Accounts: We do not automatically delete inactive accounts, ensuring you can return to your courses anytime. You may request deletion at any time.

Your Rights Under GDPR

As we primarily serve EU users and comply with GDPR, you have the following rights regarding your personal data:

Your Privacy Rights

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Rectification: Update or correct inaccurate personal information
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data (subject to legal retention requirements)
  • Right to Restriction: Request that we limit how we process your data
  • Right to Data Portability: Receive your personal data in a machine-readable format
  • Right to Object: Object to our processing of your data for certain purposes
  • Right to Withdraw Consent: Withdraw consent at any time where we rely on consent to process your data

How to Exercise Your Rights

Currently Available Options:

  • You can view and update some account information through your profile settings
  • Course progress is viewable within the platform

Features Under Development:

  • Self-service data export
  • Self-service account deletion

To Request Data Access or Deletion:

  1. Email your request to: privacy@aicode.studio
  2. Include your registered email address for identity verification
  3. We will respond within 30 days as required by GDPR (typically within 7-14 business days)
  4. For data deletion, we will confirm via email when the process is complete

Important Notes:

  • Even after deletion, we may retain certain data to comply with legal obligations (financial records for 7 years)
  • Payment information stored by Stripe follows their retention policy
  • We require identity verification before processing data requests to protect your privacy

Cookie Policy

We use cookies and similar tracking technologies to provide and improve our services.

What Are Cookies?

Cookies are small text files stored on your device that help us recognize you and remember your preferences. They enable essential functionality and help us understand how users interact with our platform.

Types of Cookies We Use

1. Essential Cookies (Required)

  • Purpose: Authentication and session management
  • Provider: Supabase
  • Data Collected: Session tokens, authentication status
  • Duration: Session-based and persistent
  • Can be disabled: No - these are necessary for the platform to function

2. Analytics Cookies (Optional)

  • Purpose: Understanding usage patterns to improve the platform
  • Provider: Google Analytics (GA4, Property ID: G-9K0169V8KW)
  • Data Collected: Anonymous usage statistics, page views, interactions
  • Duration: Up to 2 years
  • Can be disabled: Yes - through cookie consent banner (under implementation)

We do NOT use:

  • Advertising or remarketing cookies
  • Social media tracking pixels
  • Third-party marketing cookies

Managing Cookie Preferences

Current Implementation:

  • Essential cookies are automatically enabled (required for platform functionality)
  • Analytics cookies are currently active
  • Cookie consent banner is under implementation to allow you to opt-out of non-essential cookies

Browser Controls: You can control cookies through your browser settings:

  • Most browsers allow you to view, delete, and block cookies
  • Blocking essential cookies will prevent you from logging in and using the platform
  • Blocking analytics cookies will not affect platform functionality

Third-Party Opt-Out:

Changes to Cookie Usage

We will update this section and implement the cookie consent banner to ensure full GDPR compliance. You will be able to manage your cookie preferences directly on the platform.

Specific Features and Data Practices

Discord Integration

When you connect your Discord account to access course communities:

  • Data Collected: Discord user ID, username, avatar URL, server membership status
  • Purpose: Granting and managing access to course-specific Discord servers
  • Synchronization: We periodically sync usernames, but use Discord ID (permanent) as the primary identifier
  • Disconnection: When you disconnect Discord, we remove your community access but retain connection records for administrative purposes
  • Deletion: You can request full deletion of Discord data by emailing privacy@aicode.studio

Video Content and Progress Tracking

  • What We Track: Lesson completion status to display your course progress
  • What We Don't Track: Granular viewing metrics (pause points, rewind counts, watch time within videos)
  • Vimeo Integration: Video player connects directly to Vimeo's servers. Vimeo may collect viewing data per their privacy policy
  • Admin Visibility: Platform administrators can view aggregated course completion rates and individual user progress for support purposes. This data is not shared with third parties or course instructors

Payment and Billing

  • Stripe Processing: All payment transactions are processed by Stripe. We never see or store your full credit card details
  • What We Store: Order summaries (course purchased, amount, date, status, Stripe customer ID)
  • What Stripe Stores: Complete payment information, billing history, invoices
  • Refunds: Refund records are kept for 7 years with other financial records
  • No Subscriptions: Currently, all courses are one-time purchases, not recurring subscriptions

AI Features

AI demonstration features referenced in our codebase are not currently active in production. If we enable AI features in the future:

  • We will update this privacy policy before activation
  • We will not use your personal data to train AI models without explicit consent
  • We will clearly disclose how AI-generated content is handled

Features We Don't Offer

To provide transparency, we explicitly state that we do NOT:

  • Send marketing emails or newsletters
  • Allow users to create public profiles
  • Enable user comments, reviews, or other user-generated content
  • Share data with educational institutions or employers
  • Operate referral or affiliate programs involving user data
  • Provide white-label or B2B services with different privacy terms
  • Offer API access to third parties

Age Requirements and Children's Privacy

No Minimum Age Restriction: We do not impose a minimum age requirement for using our platform. However, users under 18 should obtain parental consent before creating an account or making purchases.

Parental Responsibility: Parents and guardians are responsible for monitoring their children's internet usage. If you believe your child has provided personal information to us and you wish to have it deleted, please contact us at privacy@aicode.studio.

Educational Use: We do not currently partner with educational institutions or offer services specifically designed for minors.

International Data Transfers

Primary Data Location: All personal data is stored within the European Union (Germany) through Supabase's infrastructure.

Third-Party Services: Some of our service providers (Stripe, Google Analytics, Vimeo, Discord) may process data outside the EU. These providers have appropriate safeguards in place:

  • Stripe: Complies with GDPR and uses Standard Contractual Clauses (SCCs)
  • Google: EU-US Data Privacy Framework participant
  • Vimeo: GDPR-compliant with EU data processing agreements
  • Discord: Processes data with appropriate GDPR safeguards

We ensure that any international data transfers comply with GDPR requirements through appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or other approved transfer mechanisms.

Updates to This Privacy Policy

Review Schedule: We review and update this privacy policy annually or when significant changes to our data processing practices occur.

Notification of Changes: When we make material changes to this policy:

  • We will update the "Last Updated" date at the top of this page
  • Significant changes will be communicated through email or a prominent notice on the platform
  • Continued use of the platform after changes constitutes acceptance of the updated policy

Version History: Previous versions of this privacy policy may be requested by emailing privacy@aicode.studio.

Last Review Date: February 1, 2026 Next Scheduled Review: February 2027

Contact Us and Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries:

Data Protection Officer:

Business Information:

  • Company: Aicode Studio
  • Registration: Dutch Chamber of Commerce (KVK) #89302230
  • Website: academy.aicode.studio

Response Time: We aim to respond to all privacy inquiries within 7-14 business days, and no later than 30 days as required by GDPR.

Supervisory Authority: If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority. For users in the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch DPA).

Summary of Key Points

For your convenience, here is a quick summary of our privacy practices:

What We Collect: Account info, course progress, payment data (via Stripe), Discord connections, usage analytics

How We Use It: Providing courses, processing payments, granting Discord access, improving the platform

Who We Share With: Supabase (hosting), Stripe (payments), Vimeo (videos), Discord (communities), Google Analytics

Your Rights: Access, rectification, deletion, data portability, and more under GDPR

Data Location: Stored in EU (Germany); complies with GDPR

Retention: Active accounts kept indefinitely; 30 days after deletion (7 years for financial records)

Cookies: Essential (authentication) + Analytics (Google Analytics with opt-out coming)

Security: Encryption in transit and at rest, Stripe for payment security

Contact: privacy@aicode.studio for all privacy requests

No Minimum Age: Platform accessible to all ages (parental consent advised for minors)

This privacy policy is effective as of February 1, 2026, and governs all data processing activities of Aicode Academy operated by Aicode Studio.