Back to home

Privacy Policy

Last updated: February 24, 2026

DeltaLearn ("we," "us," or "our") operates the deltalearn.app platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We are committed to protecting your privacy and handling your data transparently.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Workspace name
  • Authentication credentials (managed by Supabase Auth)

1.2 Content You Upload

To generate microcourses, you provide source documents. These may include:

  • PDF and DOCX files uploaded to our platform
  • Content fetched from Notion pages you connect
  • Generated course content (videos, checklists, quizzes)

Your uploaded documents are never used to train AI models. They are processed exclusively to generate your microcourses and are isolated per workspace.

1.3 Usage Data

We collect anonymized usage data to improve our service, including: pages visited, features used, course generation metrics, quiz completion rates, and general interaction patterns. We do not use third-party advertising trackers.

1.4 Adoption & Completion Data

When learners complete courses and quizzes within your workspace, we record: completion status, quiz scores, and timestamps. This data is visible to workspace administrators and is used to provide adoption dashboards.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our platform
  • Generate microcourses from your source documents
  • Track course completion and adoption metrics
  • Send transactional emails (account, billing, security)
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

We do not sell your personal information. We do not use your content for advertising. We do not use your uploaded documents to train AI models.

3. AI Processing & Third-Party Services

DeltaLearn uses AI to generate course content from your documents. This involves sending document text to the following third-party services for processing:

OpenAI — Used for course structure generation, checklist, quiz, and script creation. Document text is sent via API. OpenAI does not use API inputs to train models per their data usage policy.

ElevenLabs — Used for text-to-speech voice generation in microcourse videos. Only the narration script is sent — not your full source documents.

Supabase — Used for user authentication and identity management. Stores email and authentication tokens.

Amazon Web Services (S3) — Used for storing uploaded documents and generated assets (videos, subtitles, thumbnails). Data is encrypted at rest.

4. Data Storage & Security

We implement appropriate technical and organizational measures to protect your data:

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Workspace data is logically isolated — users in one workspace cannot access another's content
  • Authentication tokens are managed by Supabase with JWT signing keys
  • Access to production systems is restricted and logged
  • We conduct regular security reviews of our infrastructure

Your data is stored on servers located in the European Union (AWS eu-west-1). We may process data in other regions through our third-party sub-processors, subject to appropriate safeguards.

5. Data Retention

We retain your data as follows:

  • Account data: retained for the duration of your account, plus 30 days after deletion
  • Uploaded documents: retained while the associated source is active; deleted within 30 days of source deletion
  • Generated content: retained while the associated course exists; deleted within 30 days of course deletion
  • Usage logs: anonymized after 90 days, deleted after 12 months

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request that we restrict the processing of your data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at privacy@deltalearn.app. We will respond within 30 days.

7. Cookies

DeltaLearn uses only essential cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. If we introduce optional analytics in the future, we will use a privacy-friendly tool (such as Plausible or PostHog) that does not require cookie consent banners under GDPR.

8. Children's Privacy

DeltaLearn is a business-to-business service and is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our platform. Your continued use of DeltaLearn after changes take effect constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

DeltaLearn

Email: privacy@deltalearn.app

Web: deltalearn.app