Privacy Policy
Erudia — erudia.io
Last updated: February 26, 2026
1. Who We Are
Erudia is operated by Christian Persson, sole proprietor, based in Blonay, Switzerland.
Contact: Email: privacy@erudia.io
For the purposes of the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP), we are the data controller responsible for your personal data.
2. What Data We Collect
2.1 Account Data
When you create an account, we collect:
- Email address
- Name (if provided)
- Authentication credentials (managed by our authentication provider)
2.2 Payment Data
When you make a purchase or subscribe, we collect:
- Payment details are processed directly by Stripe, Inc. We do not store your credit card numbers. We receive from Stripe: transaction IDs, subscription status, and billing history.
2.3 Usage Data
When you use our platform, we collect:
- Course topics and preferences you provide
- Learning progress (quiz scores, assignment submissions, flashcard progress)
- Course generation history
2.4 Automatically Collected Data
- IP address
- Browser type and version
- Device information
- Pages visited and features used
- Aggregated analytics data (via Plausible Analytics, which does not use cookies and does not collect personal data)
2.5 AI-Generated Content
When you generate a course, we process:
- The topic and preferences you provide
- Content generated by AI services on your behalf
We do not use your inputs, preferences, or generated content to train AI models.
3. How We Use Your Data
We process your personal data for the following purposes and legal bases:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing and operating the platform | Performance of contract (Art. 6(1)(b)) |
| Processing payments | Performance of contract (Art. 6(1)(b)) |
| Generating personalized course content | Performance of contract (Art. 6(1)(b)) |
| Sending transactional emails | Performance of contract (Art. 6(1)(b)) |
| Improving our service and fixing bugs | Legitimate interest (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Analytics (aggregated, non-personal) | Legitimate interest (Art. 6(1)(f)) |
We do not use your data for:
- Advertising or ad targeting
- Selling to third parties
- AI model training
- Profiling for automated decision-making with legal effects
4. Third-Party Services (Data Processors)
We share your data with the following service providers, who process data on our behalf under data processing agreements:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database and authentication | Account data, learning progress | EU (Frankfurt) |
| Stripe | Payment processing | Email, payment details | USA (EU SCCs) |
| Anthropic (Claude) | Course content generation | Course topic and preferences | USA (EU SCCs) |
| Inworld AI | Podcast audio generation | Course script text | USA (EU SCCs) |
| Tavily | Source research for courses | Course search queries | USA |
| Cloudflare (R2) | Audio file storage | Generated audio files | EU |
| Vercel | Website hosting | IP address, access logs | Global (EU SCCs) |
| Resend | Transactional emails | Email address | USA (EU SCCs) |
| Plausible Analytics | Privacy-friendly analytics | None (no personal data) | EU |
For transfers to the USA, we rely on Standard Contractual Clauses (SCCs) or the provider's participation in the EU-US Data Privacy Framework, as applicable.
Important: When we generate course content using AI services (Anthropic, Inworld), the text you provide (your course topic and preferences) is sent to these services for processing. This data is used solely to generate your course and is not retained by these providers for model training purposes, in accordance with their API data usage policies.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Course content and progress | Until you delete your account |
| Payment records | 10 years (Swiss legal requirement) |
| Server logs | 90 days |
| Analytics data | 24 months (aggregated, non-personal) |
When you delete your account, we remove your personal data within 30 days, except where retention is required by law.
6. Your Rights
Under GDPR (EU residents) and FADP (Swiss residents), you have the right to:
- Access your personal data (receive a copy of what we hold)
- Rectify inaccurate personal data
- Erase your personal data ("right to be forgotten")
- Restrict processing in certain circumstances
- Data portability (receive your data in a structured, machine-readable format)
- Object to processing based on legitimate interests
- Withdraw consent at any time (where processing is based on consent)
To exercise any of these rights, contact us at privacy@erudia.io. We will respond within 30 days.
Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:
- Swiss residents: The Federal Data Protection and Information Commissioner (FDPIC) — www.edoeb.admin.ch
- EU residents: Your local data protection supervisory authority
7. Cookies
Erudia uses only essential cookies required for the platform to function (authentication session cookies). We do not use advertising, tracking, or third-party cookies.
Our analytics provider (Plausible) does not use cookies and does not collect personal data.
Because we only use essential cookies, no cookie consent is required under the ePrivacy Directive. However, we display a brief notice informing you of this.
8. Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS)
- Encryption at rest for stored data
- Access controls and authentication
- Regular security reviews
- Service provider security assessments
No system is 100% secure. If we become aware of a security breach affecting your personal data, we will notify you and the relevant authorities as required by law.
9. Children
Erudia is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at privacy@erudia.io and we will promptly delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our platform. The "Last updated" date at the top indicates the most recent revision.
11. Contact
For any questions about this Privacy Policy or your personal data:
Email: privacy@erudia.io