Data Privacy
Will AI providers use my data to train their models?
No. Courseau partners with providers like OpenAI and Anthropic under agreements that prohibit the use of your data for training.
Is the content I upload visible to others?
No. Any documents or content you upload remain private to your account unless you choose to share them. Courseau does not expose your materials to other users.
Is my data encrypted?
Yes. All data is encrypted in transit using TLS 1.2 or higher, and encrypted at rest using AES-256. This ensures that data is protected during transfer and storage.
Do you collect or share data about my learners?
No. Courseau does not collect or share any personal data (e.g., user names, emails, organization details). We only collect anonymous identifiers for learners, and all association with real people happens through your LMS via our SCORM export.
Can Courseau employees access my data?
Access to customer data is strictly limited to a small number of authorized engineers and only granted when necessary for support or troubleshooting. All access is logged and monitored.
Data Storage
Where is data stored?
Courseau stores data on secure servers located in the European Union, using certified providers that meet high standards for security and compliance (including SOC 2, ISO 27001 and FedRAMP). You can also find the list of our sub-processors Here.
The location can be contractually agreed on, and we can consider other storage locations if necessary for your organisation.
Does Courseau retain my data?
By default, our AI providers retain inputs/outputs for up to 30 days, solely for abuse monitoring and policy compliance. We do not allow training AI models based on your data. Please see here for their detailed policies: OpenAI / Anthropic
By default, Courseau retains project and user data indefinitely to support account continuity, unless you or your organisation requests deletion or specific retention limits are contractually agreed upon.
However, if data deletion is requested or required, please contact us via [email protected]. We ensure permanent deletion from active systems and backups within 30–90 days, depending on the data class.
Usage of AI
We use pre-trained language models from the third-party providers OpenAI and Anthropic to provide our artificial intelligence services. To generate content such as lessons or outlines, we use a process commonly referred to as retrieval augmented generation. We also employ other methods to be able to extract information from user submitted information such as prompts, documents or images: summarisation, categorisation or classification.
We follow a human-in-the-loop approach where all AI-generated content requires user review and approval before being finalised. Users can edit, tweak, or completely regenerate any AI-produced content, ensuring quality control and maintaining human oversight throughout the content creation workflow. Courseau maintains strict data privacy standards by using AI providers that are contractually prohibited from training their models on customer data, and the company conducts ongoing evaluation processes to monitor AI output quality, factual accuracy, and potential biases. This evaluation system combines automated rule-based checks with human review by experts who operate under strict data privacy guidelines, ensuring that the our output remains reliable accurate, and compliant with data protection regulations.
Advanced
Detailed documentation can be found here (request access)
A list of our sub-processors and their DPAs here
To request a data processing agreement (DPA) or a completed security questionnaire, please contact [email protected] (NDA may be required)
