Privacy Policy

Last updated: March 15, 2026

1. Information We Collect

We collect the following information when you use CourseBound:

  • Account information: Email address and password (hashed) when you create an account, or profile data from Google if you sign in with OAuth.
  • Course data: Course names, URLs, platforms, progress, time spent, tags, and notes that you add to the service.
  • Payment information: Processed securely by Stripe. We never store your credit card details. We only receive your Stripe customer ID and subscription status.
  • Usage data: Pages visited, features used, and basic analytics to improve the service, collected via Google Analytics.
  • Browser extension data (Pro users): Course progress data from supported platforms, transmitted only when the extension is active and connected to your account.

2. How We Use Your Information

  • To provide, maintain, and improve CourseBound
  • To process payments and manage subscriptions
  • To send service-related emails (weekly reminders, account notifications)
  • To monitor for errors and performance issues
  • To respond to support requests and feedback

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

We use the following third-party services to operate CourseBound:

  • Supabase: Database and authentication (hosted in the EU)
  • Stripe: Payment processing
  • Vercel: Website hosting
  • Google Analytics: Anonymous usage analytics
  • Sentry: Error monitoring
  • Resend: Transactional emails

Each of these services has its own privacy policy. We only share the minimum data necessary for each service to function.

4. Cookies

We use essential cookies to keep you signed in and maintain your session. Google Analytics may set additional cookies for usage tracking. You can disable non-essential cookies in your browser settings.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including encrypted connections (HTTPS), hashed passwords, and Row Level Security on our database. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention and Deletion

We retain your data for as long as your account is active. You can delete your account and all associated data at any time by contacting us. Upon account deletion, your personal data will be permanently removed within 30 days, except where we are required by law to retain it.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your personal data.
  • Portability: Request an export of your data in a machine-readable format.
  • Objection: Object to the processing of your personal data.

To exercise any of these rights, contact us through our contact page or email us.

8. Children's Privacy

CourseBound is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us through our contact page or DM us on X @DvFrog.