Back to LearnPath

Privacy Policy

Last updated: March 10, 2026

LearnPath ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our platform at learnpath.app ("Service").

1. Data We Collect

Information you provide:

  • Account data: email address, display name, password (hashed).
  • Learning preferences: topics of interest, preferred video length, skill level.
  • User-generated content: timestamped notes you create on videos.

Information generated through use:

  • Learning activity: quiz scores, quiz answers, video completion status.
  • Progress data: XP points, level, streak days, spaced repetition review history.
  • Certificates: earned upon completing learning paths.
  • Leaderboard data: display name, XP total, level (publicly visible).

Information collected automatically:

  • Authentication cookies: session tokens managed by Supabase Auth.
  • Cookie preferences: your consent choices for optional cookies.

2. How We Use Your Data

  • Provide the Service: personalize learning paths, generate quizzes, track progress.
  • Improve the Service: analyze usage patterns to improve recommendations and features.
  • Communicate: send account-related notifications and updates about Terms changes.
  • Leaderboard: display your display name, level, and XP on the public leaderboard.

3. Legal Basis for Processing (GDPR)

  • Contract: processing necessary to provide the Service you signed up for.
  • Consent: optional cookies (analytics, marketing) — only with your explicit consent.
  • Legitimate interest: improving and securing the Service, preventing abuse.

4. Third-Party Services

We share data with the following processors to operate the Service:

  • Supabase (database and authentication) — stores your account data, learning progress, and notes. Supabase Privacy Policy
  • Google / YouTube (video content) — we use the YouTube Data API to search and display videos. Your interaction with embedded YouTube players is subject to Google's Privacy Policy.
  • Google Gemini AI (content generation) — video transcripts are sent to Google Gemini to generate quizzes, summaries, and learning recommendations. No personally identifiable information is included in AI requests.

When a payment processor is added (e.g., Stripe), this section will be updated to include their data handling practices.

5. Cookies

We use cookies as described in our Cookie Policy. You can manage your cookie preferences at any time through the cookie settings link in the footer.

6. Data Retention

  • Active accounts: data is retained as long as your account is active.
  • Deleted accounts: all data is permanently deleted immediately upon account deletion.
  • Backups: data may persist in encrypted backups for up to 30 days after deletion.

7. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate data.
  • Erasure: request deletion of your data ("right to be forgotten").
  • Portability: request your data in a machine-readable format.
  • Objection: object to processing based on legitimate interest.
  • Restriction: request that we limit processing of your data.

To exercise any of these rights, contact us at info@learnwithpath.com or use the account deletion feature in your account settings.

8. Your Rights (CCPA)

If you are a California resident, you have the right to:

  • Know: what personal information we collect and how it is used.
  • Delete: request deletion of your personal information.
  • Opt-out: opt out of the sale of personal information. We do not sell your personal information.
  • Non-discrimination: we will not discriminate against you for exercising your rights.

9. Data Security

We implement industry-standard security measures including encrypted connections (HTTPS), hashed passwords, Row Level Security (RLS) on all database tables, and JWT-based authentication. However, no method of transmission over the Internet is 100% secure.

10. International Transfers

Your data may be processed in countries outside your own. We ensure appropriate safeguards are in place, including standard contractual clauses where required by GDPR.

11. Children's Privacy

LearnPath is open to users of all ages. We do not knowingly collect more personal information from children than is necessary to provide the Service. If you are a parent or guardian and believe your child has provided us with personal data beyond what is needed, please contact us at info@learnwithpath.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

13. Contact

For privacy-related questions or requests, contact us at info@learnwithpath.com.