Privacy Policy

1. Introduction

skills123 provides online courses delivered through AI tutors (e.g., HeyGen), synthesized voice (e.g., ElevenLabs), AI-generated slide content, and live-video streaming. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the CPRA, and other applicable data protection laws.

For purposes of GDPR, skills123 is the “data controller” of the personal data we collect directly from you. Our Data Protection Officer can be reached at dpo@skills123.com.

2. Data we collect

2.1 Account information

When you create an account, we collect your name, email address, hashed password (never stored in plain text), and optional profile information such as avatar, job title, and learning goals. If you sign in with a third-party provider, we receive the email and profile details that provider shares with us.

2.2 Payment data

Payments are processed by Stripe, Inc. We do not receive or store your full card number, CVV, or bank credentials. Stripe shares with us a token, the last four digits of your card, card brand, billing country, and postal code for fraud prevention, tax, and invoicing.

2.3 Learning & usage data

We collect course enrollments, progress, quiz answers, certificates earned, session duration, interactions with AI tutors, and messages you send through the platform. This lets us deliver the Service, personalize recommendations, and issue certificates.

2.4 Device & technical data

We automatically collect IP address (truncated where required by law), browser type, operating system, device identifiers, referrer URL, and approximate geolocation derived from IP.

2.5 Product analytics

We use PostHog to understand how features are used (page views, clicks, feature engagement). PostHog is configured with IP anonymization and a limited retention window.

2.6 Error & performance data

We use Sentry to capture crashes, exceptions, and performance traces. Sentry events include stack traces, browser metadata, and in some cases a user identifier to help us diagnose issues tied to your account.

2.7 Communications

When you email support or reply to transactional messages we retain the content and metadata of the conversation.

3. How we use your data

• To provide and operate the Service and your account.
• To process payments, manage subscriptions, and prevent fraud.
• To personalize learning recommendations and adapt AI tutor responses.
• To send transactional messages (receipts, security alerts, course updates).
• To send marketing emails where permitted, which you can opt out of at any time.
• To measure engagement, debug errors, and improve reliability.
• To comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information, and we do not use it to train third-party foundation models.

4. Legal bases (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process personal data under the following legal bases:

• Contract (Art. 6(1)(b)): to deliver the Service you have purchased or signed up for.
• Legitimate interests (Art. 6(1)(f)): to secure our platform, prevent fraud, conduct basic analytics, and improve the product. You may object at any time.
• Consent (Art. 6(1)(a)): for non-essential cookies, marketing communications, and other optional uses. Consent can be withdrawn at any time.
• Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, and regulatory requirements.

5. Data sharing & sub-processors

We share personal data only with vetted sub-processors under written data-processing agreements. Current sub-processors:

We may also disclose data where required by law, court order, or to protect the rights, safety, or property of skills123, our users, or the public.

6. Cookies & tracking

We use three categories of cookies:

• Essential: authentication sessions, CSRF protection, and load balancing. These cannot be disabled.
• Analytics: PostHog cookies that help us understand aggregate usage. Optional — requires consent in jurisdictions where required.
• Marketing: we do not currently run third-party advertising cookies. If that changes, we will update this policy and request consent.

See our Cookie Policy for a full list, durations, and opt-out instructions.

7. Data retention

We retain personal data only for as long as necessary for the purposes described in this policy:

• Account data: for the life of your account plus 30 days after deletion (for recovery).
• Billing records: 7 years, as required by tax and accounting law.
• Analytics data: up to 12 months.
• Error logs: 90 days by default; longer for security incidents.
• Support communications: up to 3 years after the ticket is closed.

8. Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your account and associated data.
• Port your data (receive it in a structured, machine-readable format).
• Restrict or object to certain processing.
• Withdraw consent at any time.
• Opt out of marketing communications.
• Lodge a complaint with your local supervisory authority.

Email privacy@skills123.com to exercise any right. We respond within 30 days.

9. California privacy rights (CCPA/CPRA)

California residents have the right to know what personal information is collected, used, shared, or sold; to request deletion; to correct inaccurate information; and to opt out of the sale or sharing of personal information. skills123 does not sell personal information and does not “share” personal information for cross-context behavioral advertising. We will not discriminate against you for exercising your CCPA rights. Submit requests to privacy@skills123.com.

10. Children’s privacy

The Service is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. In the EEA/UK, users under 16 require verifiable parental consent to process personal data for optional purposes. If we learn that a child has provided us personal data without the required consent, we will delete it promptly.

11. International data transfers

skills123 operates globally, and your data may be transferred to and processed in the United States or other countries whose data protection laws differ from yours. Where we transfer personal data out of the EEA, UK, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses (SCCs), the UK’s International Data Transfer Addendum, or other approved transfer mechanisms, together with supplementary measures where required.

12. Security

We implement technical and organizational safeguards including TLS 1.2+ in transit, encryption at rest for databases and backups, scoped access controls, least-privilege production access, audit logging, automatic dependency scanning, and regular security reviews. No method of transmission or storage is 100% secure; we cannot guarantee absolute security but we work hard to protect your data and will notify affected users and regulators of any breach within the timeframes required by law.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or an in-product notice at least 14 days before the changes take effect. The “Last updated” date at the top reflects the most recent revision.

14. Contact us

Questions, requests, or complaints? Reach our Data Protection Officer at dpo@skills123.com, or our general privacy inbox at privacy@skills123.com. You can also write to us via our contact page.