Privacy Policy

Account Information (OAuth Only)

• • Name and Email: Provided by Google or GitHub OAuth
• • Profile Picture: Avatar URL from your OAuth provider
• • OAuth Provider ID: Unique identifier from Google/GitHub

Note: We never store passwords. All authentication is handled securely through OAuth providers.

Profile Information (Optional)

• • Bio: Optional personal description
• • Social Links: Optional Twitter, LinkedIn, GitHub, website links
• • Privacy Settings: Profile visibility preferences

All profile information is optional and under your control.

Analytics Data (Anonymous)

• • Page Views: Which pages you visit on CourseShelf
• • Search Queries: What you search for to improve our course catalog
• • Device Information: Device type (mobile/tablet/desktop) from user agent
• • Traffic Sources: How you found us (social media, search engines, direct)
• • UTM Parameters: Marketing campaign data when you click tracking links
• • Country Location: Derived from IP address for regional insights

Privacy Protection: All analytics use anonymous session IDs with 24-hour expiry. No personal identifiers are stored in analytics data.

Activity Feed Data

CourseShelf features an activity feed that showcases community interactions to help users discover courses and connect with fellow learners.

What Activity Data We Collect:

• • User registration events
• • Course submissions and additions
• • Course reviews and ratings
• • Personal library additions and status changes
• • Public playlist creations

Privacy Controls:

• • Only users with public profiles appear in the activity feed
• • Only public playlists generate activity events
• • You can make your profile private at any time to stop appearing in the feed
• • Activity data is automatically deleted when you delete related content

Purpose: Activity data is used solely to power the community activity feed feature and is not shared with third parties or used for advertising.

Course Interactions

• • Library Status: Courses you've added to your personal library
• • Reviews: Course reviews and ratings you submit
• • Playlists: Custom course collections you create
• • External Clicks: When you click "Watch" buttons to visit course platforms

Platform Functionality

• • Display your profile and manage account settings
• • Enable course reviews, playlists, and library features
• • Provide personalized course recommendations
• • Support user authentication and session management

Service Improvement

• • Understand popular courses and search trends
• • Optimize platform performance and user experience
• • Identify gaps in our course catalog
• • Monitor platform usage and technical issues
• • Provide anonymous analytics insights and downloadable data to Advertiser plan users

Creator Plan Features

• • YouTube Channel Verification: Verify ownership of YouTube channels
• • OAuth Integration: Secure verification through YouTube API
• • Creator Badges: Display verified creator status on profiles

YouTube verification uses OAuth and only accesses channel information necessary for verification.

Session Cookies

• • Authentication: Keep you logged in during your session
• • Analytics Session: Anonymous session tracking (24-hour expiry)
• • Flash Messages: Display notifications and form feedback

All cookies are first-party only and expire within 24 hours.

Privacy-First Third-Party Analytics

• • Plausible.io: Privacy-friendly analytics with no cookies, no cross-site tracking, and GDPR/CCPA compliant
• • No Google Analytics, Facebook Pixel, or invasive trackers
• • No advertising cookies or behavioral tracking
• • No cross-site tracking or fingerprinting
• • No persistent user identification across sessions

OAuth Providers

• • Google OAuth: Secure authentication and profile information
• • GitHub OAuth: Developer-focused authentication option
• • YouTube API: Channel verification for Creator plan users

These services have their own privacy policies. We only access the minimal information needed for authentication and verification.

Analytics & Course Platform Integration

• • Plausible.io: Privacy-first web analytics (see their privacy policy)
• • YouTube: Fetch course information and thumbnails
• • Course Platforms: External links to Udemy, Coursera, etc.

When you click external course links, you'll be subject to those platforms' privacy policies.

Privacy Controls

• • Profile Visibility: Make your profile public or private (Student plan feature)
• • Playlist Privacy: Create public or private course collections (Student plan feature)
• • Optional Information: All profile details are optional

Data Access & Portability

• • Request access to your personal data
• • Correct inaccurate information in your profile
• • Request account deletion (contact us directly)

Note: Data export functionality for playlists and library data is planned for future implementation.

Security Measures

• • OAuth Security: No password storage, using secure OAuth providers
• • Data Encryption: All data transmitted over HTTPS with automatic TLS encryption
• • Infrastructure Security: Hosted on SOC 2 Type 2 certified and ISO 27001 compliant infrastructure
• • Volume Encryption: Database storage encrypted at rest with secure key management
• • Regular Backups: Automated database backups and monitoring
• • Access Controls: Limited access to personal data on a need-to-know basis

Breach Notification

• • Prompt Notification: In the event of a data breach affecting personal information, we will notify affected users within 72 hours
• • Notification Methods: Email notification and prominent website notice
• • Information Provided: Nature of the breach, data involved, and steps being taken
• • Regulatory Compliance: We will comply with all applicable data breach notification laws