Privacy Policy
Last updated July 14, 2026
This policy explains what personal data Cursiva collects, why we collect it, and the choices you have. It applies to cursiva.io, every organization page we host, and the Cursiva dashboard.
Information we collect
- Account data — name, email address, password (stored only as a hash), and anything you add to your profile such as an avatar or bio.
- Learning activity — the courses you enroll in, your progress, quiz and flashcard answers, reviews you write, and posts in course communities. This is what makes the product work: your progress has to live somewhere.
- Organization data — if you run an organization: its name, branding, members, courses, and sales records.
- Payment data — payments are processed by Stripe. Cursiva never sees or stores your card number; we keep only the transaction records needed for receipts, refunds, and accounting.
- Technical data — standard server logs (IP address, browser, pages requested) used for security and debugging.
How we use it
- To provide the service: accounts, enrollments, progress, certificates, payments.
- To send transactional email — sign-in verification, password resets, invitations, enrollment and completion notices. We don't send marketing email without your consent.
- To keep the platform safe: fraud prevention, abuse detection, rate limiting.
- To show instructors how their courses perform. Instructors of a course see the learning activity of learners enrolled in their courses — never your activity elsewhere on Cursiva.
Cookies
We use first-party cookies only, and only where the product needs them: your session, your language, and your theme preference. Cursiva sets no advertising or cross-site tracking cookies. Organizations may enable their own analytics (Google Analytics, Meta Pixel) on their public course pages; when they do, those tools are governed by the organization's own privacy practices.
Who we share data with
We never sell personal data. We share it only with the processors that run the service:
- Stripe — payment processing and payouts.
- Resend — transactional email delivery.
- Vercel — application hosting and file storage.
- Cloudflare — video streaming, when an organization connects its own Cloudflare Stream account.
When you enroll in a course, the organization that publishes it receives your name, email, your answers to its enrollment questions, and your progress in that course — it needs those to teach you.
Your rights
Under the LGPD, GDPR, and similar laws you can access, correct, export, or delete your personal data. Most of this is self-serve: your profile is editable in Settings, and you can delete your account — along with your enrollments — from Settings → Profile at any time. For anything else, email privacy@cursiva.io and we'll respond within 30 days.
Retention and security
We keep your data for as long as your account exists. When you delete your account, your personal data is removed; anonymized transaction records may be retained where bookkeeping laws require it. Data is encrypted in transit, passwords are hashed, and two-factor authentication is available on every account.
Changes
If we change this policy in a way that matters, we'll announce it in the product before it takes effect. Questions? privacy@cursiva.io.