Data Privacy
Will AI providers use my data to train their models?
No. Courseau partners with providers like OpenAI and Anthropic under agreements that prohibit the use of your data for training.
Is the content I upload visible to others?
No. Any documents or content you upload remain private to your account unless you choose to share them. Courseau does not expose your materials to other users.
Is my data encrypted?
Yes. All data is encrypted in transit using TLS 1.2 or higher, and encrypted at rest using AES-256. This ensures that data is protected during transfer and storage.
Do you collect or share data about my learners?
No. Courseau does not collect or share any personal data (e.g., user names, emails, organization details). We only collect anonymous identifiers for learners, and all association with real people happens through your LMS via our SCORM export.
Can Courseau employees access my data?
Access to customer data is strictly limited to a small number of authorized engineers and only granted when necessary for support or troubleshooting. All access is logged and monitored.
Data Storage
Where is data stored?
Courseau stores data on secure servers located in the European Union, using certified providers that meet high standards for security and compliance (including SOC 2, ISO 27001 and FedRAMP). You can also find the list of our sub-processors Here.
The location can be contractually agreed on, and we can consider other storage locations if necessary for your organisation.
Does Courseau retain my data?
By default, our AI providers retain inputs/outputs for up to 30 days, solely for abuse monitoring and policy compliance. We do not allow training AI models based on your data. Please see here for their detailed policies: OpenAI / Anthropic
By default, Courseau retains project and user data indefinitely to support account continuity, unless you or your organisation requests deletion or specific retention limits are contractually agreed upon.
However, if data deletion is requested or required, please contact us via [email protected]. We ensure permanent deletion from active systems and backups within 30–90 days, depending on the data class.
Advanced
Detailed documentation can be found here (request access)
A list of our sub-processors and their DPAs here
To request a data processing agreement (DPA) or a completed security questionnaire, please contact [email protected] (NDA may be required)