Privacy Policy

Learnox is the data controller responsible for the processing of your personal data. You can reach us at: Learnox, Herengracht 420, 1017 BZ Amsterdam, The Netherlands — contact@learnox.com.

This Privacy Policy applies to all personal data collected when you visit learnox.com, create an account, enrol in courses, or make a purchase.

Account registration: your email address, first name, last name, and a securely hashed password. We never store your plain-text password.

Google OAuth: if you choose to sign in with Google, we receive your email address and display name from Google. We do not receive or store your Google password.

Learning activity: lesson progress status, completion percentage, last watched position in video lessons, streak data, achievement records, and timestamps of last access.

Payment data: transaction amount, currency, and the payment reference ID provided by Stripe. Your card number, expiry date, and CVV are entered directly into Stripe's secure payment interface and are never transmitted to or stored on Learnox servers.

Technical data: your IP address, browser user-agent string, and authentication session tokens stored as httpOnly cookies (access_token and refresh_token). These cookies are strictly necessary for the platform to function and do not track you across other websites.

Performance of a contract (Article 6(1)(b)): we process your account data and learning activity to provide the services you have enrolled in, including issuing certificates of completion.

Legitimate interests (Article 6(1)(f)): we process technical data such as IP addresses and session tokens to maintain platform security, prevent fraud, and diagnose technical issues.

Consent (Article 6(1)(a)): if we introduce optional marketing communications in the future, we will request your explicit opt-in consent at that time. We currently send no marketing emails.

Learnox uses only strictly necessary httpOnly cookies: access_token (short-lived session token) and refresh_token (used to renew your session without requiring re-login). These cookies cannot be read by JavaScript and are not used for advertising, analytics, or cross-site tracking.

Because we use only strictly necessary cookies, no cookie consent banner is required under the ePrivacy Directive. If we introduce any non-essential cookies in the future, we will implement a consent mechanism and update this policy.

Account and learning data: retained for as long as your account is active. If you request account deletion, your personal data will be permanently erased within 30 days, except where retention is required by law.

Transaction records: retained for 7 years in accordance with Dutch financial record-keeping obligations under the Wet op de omzetbelasting. Server access logs are retained for 90 days for security and diagnostic purposes.

Stripe Payments Europe, Ltd. (Dublin, Ireland): processes payment transactions on our behalf. Stripe is PCI DSS Level 1 certified. For details, see stripe.com/privacy. Transfers outside the EU are protected by Standard Contractual Clauses (SCCs).

Google LLC: provides OAuth 2.0 sign-in functionality. If you use Google login, your email and name are shared with us by Google. See Google's privacy policy at policies.google.com/privacy.

We do not sell, rent, or trade your personal data to any third party. No data is shared with advertising networks or data brokers.

As a data subject, you have the following rights: the right to access a copy of the personal data we hold about you; the right to rectification of inaccurate data; the right to erasure (the "right to be forgotten"); the right to data portability; the right to object to processing based on legitimate interests; and the right to restriction of processing.

To exercise any of these rights, please contact us at contact@learnox.com. We will respond within 30 days of receiving your request.

You also have the right to lodge a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens — autoriteitpersoonsgegevens.nl.

Stripe and Google may process your data outside the European Economic Area (EEA). In such cases, the transfer is protected by EU Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an adequate level of data protection.

We may update this Privacy Policy from time to time. When we do, we will notify you by email or by displaying a notice within the platform upon your next login. The date of the most recent update is always shown at the top of this page.

For any questions or concerns about this Privacy Policy or our data practices, please contact us at contact@learnox.com.

If you believe we have not handled your data in accordance with applicable law, you have the right to file a complaint with the Autoriteit Persoonsgegevens (the Dutch Data Protection Authority) at autoriteitpersoonsgegevens.nl.