Privacy Policy

Account Information (OAuth Only)

• • Name and Email: Provided by Google or GitHub OAuth
• • Profile Picture: Avatar URL from your OAuth provider
• • OAuth Provider ID: Unique identifier from Google/GitHub

Note: We never store passwords. All authentication is handled securely through OAuth providers.

Profile Information (Optional)

• • Bio: Optional personal description
• • Social Links: Optional Twitter, LinkedIn, GitHub, website links
• • Privacy Settings: Profile visibility preferences

All profile information is optional and under your control.

Activity Feed Data

CourseShelf features an activity feed that showcases community interactions to help users discover courses and connect with fellow learners.

What Activity Data We Collect:

• • User registration events
• • Course submissions and additions
• • Course reviews and ratings
• • Personal library additions and status changes
• • Public playlist creations

Privacy Controls:

• • Only users with public profiles appear in the activity feed
• • Only public playlists generate activity events
• • You can make your profile private at any time to stop appearing in the feed
• • Activity data is automatically deleted when you delete related content

Purpose: Activity data is used solely to power the community activity feed feature and is not shared with third parties or used for advertising.

Course Interactions

• • Library Status: Courses you've added to your personal library
• • Reviews: Course reviews and ratings you submit
• • Playlists: Custom course collections you create
• • External Clicks: When you click "Watch" buttons to visit course platforms

Platform Functionality

• • Display your profile and manage account settings
• • Enable course reviews, playlists, and library features
• • Provide personalized course recommendations
• • Support user authentication and session management

Service Improvement

• • Understand popular courses and search trends
• • Optimize platform performance and user experience
• • Identify gaps in our course catalog
• • Monitor platform usage and technical issues

Creator Features

• • YouTube Channel Verification: Verify ownership of YouTube channels
• • OAuth Integration: Secure verification through YouTube API
• • Creator Badges: Display verified creator status on profiles

YouTube verification uses OAuth and only accesses channel information necessary for verification.

OAuth Providers

• • Google OAuth: Secure authentication and profile information
• • GitHub OAuth: Developer-focused authentication option
• • YouTube API: Channel verification for creators

These services have their own privacy policies. We only access the minimal information needed for authentication and verification.

Course Platform Integration

• • YouTube: Fetch course information and thumbnails
• • Course Platforms: External links to Udemy, Coursera, etc.

When you click external course links, you'll be subject to those platforms' privacy policies.

YouTube Video Embeds

• • Embedded Videos: YouTube videos can be played directly on CourseShelf course pages
• • Privacy-Enhanced Mode: We use YouTube's privacy-enhanced embed domain (youtube-nocookie.com) which delays cookie setting until you play a video
• • Data Collection: When you play an embedded video, YouTube may collect data according to Google's Privacy Policy
• • Alternative: You can always click "Watch" to view videos directly on YouTube instead

Video embeds are lazy-loaded and only activate when you click to play, minimizing data collection until you choose to watch.

AI Features

• • OpenRouter (AI Gateway): We use OpenRouter to power several automated features. The data we send depends on the feature:
• • Topic Tags & Related Courses: A course's public title and description, used to suggest topic tags and rank similar courses
• • "What Learners Say" Digest: Public YouTube comments from a course's videos, used to generate a short summary of learner feedback
• • No Personal Account Data: Only public course metadata and public YouTube comments are sent — never your name, email, or other personal account information

These features run automatically in the background and are governed by OpenRouter's privacy policy. Raw YouTube comments are not stored — only the generated summary. We never send your personal account data to AI providers.

Privacy Controls

• • Profile Visibility: Make your profile public or private
• • Playlist Privacy: Create public or private course collections
• • Optional Information: All profile details are optional

Data Access & Portability

• • Request access to your personal data
• • Correct inaccurate information in your profile
• • Request account deletion (contact us directly)

Note: Data export functionality for playlists and library data is planned for future implementation.

Security Measures

• • OAuth Security: No password storage, using secure OAuth providers
• • Data Encryption: All data transmitted over HTTPS with automatic TLS encryption
• • Infrastructure Security: Hosted on SOC 2 Type 2 certified and ISO 27001 compliant infrastructure
• • Volume Encryption: Database storage encrypted at rest with secure key management
• • Regular Backups: Automated database backups and monitoring
• • Access Controls: Limited access to personal data on a need-to-know basis

Breach Notification

• • Prompt Notification: In the event of a data breach affecting personal information, we will notify affected users within 72 hours
• • Notification Methods: Email notification and prominent website notice
• • Information Provided: Nature of the breach, data involved, and steps being taken
• • Regulatory Compliance: We will comply with all applicable data breach notification laws