Privacy Policy

Last updated: 04/06/2026

1. Data Controller

The data controller for personal data collected through LearnAIFast.io is:

Trade name: LearnAIFast.io
Contact email: [email protected]
Website: https://learnaifast.io

2. Personal Data We Collect

We collect the following categories of personal data:

Account data: name, email address, password (bcrypt-hashed).
Payment data: processed entirely by Stripe. We only store transaction ID, amount, currency and plan type.
Navigation data: IP address (hashed/anonymised), browser type, OS, pages visited, time on site, interaction data.
Usage data: course progress, quiz results, language and currency preferences, completed lessons, time spent per lesson.
Behavioural data: click patterns, navigation flow, content engagement, feature usage, learning patterns.
AI chatbot interactions: questions submitted to the AI assistant and generated responses.
Marketing data: UTM parameters (utm_source, utm_medium, utm_campaign), referral source, entry page.
Communication data: email open rates, clicks, preferences, consent records.

3. Purposes of Processing

Service delivery: account management, course access, progress tracking, AI assistant operation.
Payment processing: managing purchases and subscriptions via Stripe.
Service communications: welcome emails, payment confirmations, activity reminders, service-related updates.
Service improvement: analysing usage patterns, optimising content, improving the AI assistant, detecting and fixing issues.
Statistical analysis: aggregate and anonymised analysis of learning patterns, course performance and user engagement.
Security and fraud prevention: detecting and preventing abuse, unauthorised access and fraudulent activity.
Legal compliance: fulfilling tax, accounting and other legal obligations.
Direct marketing: sending commercial communications about our services to existing customers (see Section 6).
Profiling: building user profiles based on learning behaviour for service personalisation (see Section 4).

4. Profiling and Automated Processing

We build user profiles based on platform usage data — including courses viewed, lessons completed, time spent, quiz results and AI assistant interactions — for the following purposes:

Personalising the learning experience and course recommendations.
Tailoring marketing communications to your interests and learning stage.
Improving course content and platform features based on engagement patterns.
Identifying at-risk users (e.g. those likely to disengage) to offer targeted support.
Improving our AI-powered services using aggregated and anonymised interaction patterns.

This profiling is carried out on the basis of our legitimate interest (Art. 6.1.f GDPR) in personalising the service and conducting direct marketing. It does not involve automated decision-making with significant legal effects (Art. 22 GDPR does not apply). You have the right to object to this profiling at any time (see Section 10).

Anonymised and aggregated data derived from your usage may be retained indefinitely and used freely for research, statistics, platform improvements and AI service development, as it no longer constitutes personal data.

5. Legal Basis for Processing

Consent (Art. 6.1.a GDPR): marketing emails (where no prior relationship exists), marketing and analytics cookies, third-party commercial communications.
Contract performance (Art. 6.1.b GDPR): service delivery, payment processing, account management.
Legitimate interest (Art. 6.1.f GDPR): platform analytics, behavioural profiling for personalisation, direct marketing to existing customers, security, fraud prevention, service improvement, AI system improvement.
Legal obligation (Art. 6.1.c GDPR): tax, accounting and regulatory compliance.

6. Direct Marketing

We may send you commercial communications about our own services in the following circumstances:

Existing customers (soft opt-in): if you have purchased a course or plan, we may send you communications about similar products and services without requiring prior consent, in accordance with applicable law. You may opt out at any time via the unsubscribe link in every email or by contacting [email protected].
Consent-based marketing: if you have given explicit consent (e.g. during registration), we may send broader commercial communications including promotions, newsletters and partner offers.
Personalised communications: based on your usage profile, we may tailor the content, timing and frequency of our communications to maximise relevance.

You can withdraw your marketing consent or opt out of any category of communications at any time. This does not affect the lawfulness of communications sent prior to withdrawal.

7. Recipients of Your Data

Stripe, Inc.: payment processing. Acts as independent data controller for payment data.
Anthropic, PBC (Claude API): processing of AI assistant queries. Messages are sent to the Claude API to generate responses.
Hostinger International Ltd.: web hosting provider.
Email marketing service providers: processors acting on our behalf for sending communications (subject to Data Processing Agreements). We will update this section when specific providers are engaged.
Analytics service providers: processors acting on our behalf for data analysis (subject to Data Processing Agreements).

We do not sell your personal data to third parties. We do not share personal data with third parties for their own independent marketing purposes without your explicit consent.

8. International Data Transfers

Some of our providers (Stripe, Anthropic) are based in the United States. Transfers are carried out with appropriate safeguards:

Standard Contractual Clauses (SCCs) approved by the European Commission.
EU-U.S. Data Privacy Framework (where applicable).
Supplementary technical and organisational security measures.

9. Retention Periods

Account and usage data: for the duration of your account plus 5 years (statute of limitations for civil claims).
Financial and billing data: 10 years from the transaction (statutory accounting requirement).
Behavioural and analytics data: up to 5 years from the date of collection.
AI chatbot interactions (raw): session only. Anonymised patterns may be retained indefinitely for service improvement.
Marketing data and consent records: until consent is withdrawn plus 3 years (to demonstrate lawfulness).
Security logs: 2 years.

After the applicable retention period, data is deleted or irreversibly anonymised.

10. Your Rights

Under the GDPR you have the right to:

Access: request a copy of your personal data.
Rectification: correct inaccurate or incomplete data.
Erasure ("right to be forgotten"): request deletion where data is no longer necessary or lawfully processed.
Portability: receive your data in a structured, machine-readable format.
Objection: object to processing based on legitimate interest, including profiling and direct marketing. Objection to direct marketing will always be honoured.
Restriction: request limitation of processing in certain circumstances.
Withdraw consent: at any time, without affecting the lawfulness of prior processing.

To exercise any right, email [email protected]. We will respond within 30 days. You may also lodge a complaint with the supervisory authority in your country of residence.

11. Cookie Preferences

We use cookies and similar technologies. For full details see our Cookie Policy. You can change your cookie preferences at any time by clicking here.

12. Security

We implement appropriate technical and organisational measures including: SSL/TLS encryption, bcrypt password hashing, IP anonymisation, CSRF protection, rate limiting and role-based access control.

13. Minors

Our services are not directed at persons under 16. We do not knowingly collect data from minors. If we discover such data has been collected, we will delete it promptly.

14. Changes

We reserve the right to update this policy at any time. Changes will be published on this page. Material changes will be notified to registered users by email.

15. Contact

Email: [email protected] | Web: https://learnaifast.io