Privacy policy — LearnCore Systems

The short version: we collect the minimum needed to run a learning academy. Your students' data belongs to you. We never sell it, we never use it to train models, and you can take it with you if you leave.

Who we are

"LearnCore Systems" refers to the operating entity behind learncore.systems. Contact: privacy@learncore.systems.

For the academies we host, the academy operator (our customer) is the data controller. LearnCore is the data processor. Students should direct deletion and access requests to their academy first; we honour them as soon as the academy confirms.

What we collect

From visitors to learncore.systems — minimal analytics (page views, referrer, country), language preference (in localStorage), and anything you submit through the contact form.
From students of academies we host — name, email, course progress, homework submissions, certificate metadata, and chat transcripts with the AI tutor.
From paying customers — billing email, company name, and invoice history. Card data is held by Stripe, not us.

Why we collect it

To run the academy: enrol students, grade homework, issue certificates, send reminders.
To operate the service: detect abuse, fix bugs, monitor reliability.
To bill customers and meet legal obligations (e.g. invoicing, tax records).

Who we share it with

Only sub-processors that the service literally cannot run without:

Anthropic, OpenAI, Google AI — for AI homework review and tutor chat. Each tenant picks its model (Claude Opus 4.7 / Sonnet 4.6, GPT-5.5, or Gemini 3.1). All three operate under no-training data agreements with us. EU regions where available.
Hetzner — for hosting. EU (Frankfurt) by default.
Stripe — for billing.

The full list with purposes and DPAs is in the Data Processing Addendum.

What we never do

We do not sell your data. We have no advertising business model.
We do not use student data to train AI models.
We do not access tenant data without a documented support request.

Your rights (GDPR)

Under the GDPR you can request: access to your data, correction, deletion, restriction of processing, portability, and withdrawal of consent. Email privacy@learncore.systems — we respond within 30 days.

Retention

Active tenants: data retained as long as the academy is active.
Closed tenants: PII purged within 30 days; anonymised analytics retained.
Backups: encrypted, retained 30 days, then auto-purged.
Billing records: retained 7 years to comply with EU tax law.

Cookies

We use first-party storage (localStorage) for your language and theme preferences. We do not run third-party trackers on the marketing site. Inside the academy product, session cookies are needed for authentication.

Changes

If we change this policy meaningfully, we'll email customers and post the diff at the top of this page. Trivial wording fixes won't trigger a notice.