Privacy Policy

1. Who we are

Course Cursader is a course review platform operated in the United Kingdom. When we refer to "we", "us", or "our" in this policy, we mean Course Cursader. When we refer to "you" or "your", we mean you as a user of our platform.

For any questions about this policy or your data, contact us at Support.CourseCursader@Gmail.com.

2. What data we collect

We collect the following personal data when you use our platform:

Account information: Your name, email address, and password (stored in encrypted form) when you create an account.

Reviews and submissions: Any course reviews you write and courses you submit, including the content and ratings you provide.

Usage data: We track course page views (clicks) to determine trending courses. This data is not linked to your personal identity.

Technical data: Your IP address is temporarily used for rate limiting to prevent abuse. We do not permanently store IP addresses.

3. How we use your data

We use your personal data for the following purposes:

To provide our service: Creating and managing your account, displaying your reviews, and processing course submissions.

To communicate with you: Sending email verification links, password reset emails, and notifications about your course submissions (approved or rejected).

To protect the platform: Rate limiting, preventing spam, and moderating content to maintain quality.

To improve the platform: Tracking anonymous usage patterns such as trending courses.

4. Legal basis for processing (GDPR)

Under the UK General Data Protection Regulation (UK GDPR), we process your data on the following bases:

Consent: You provide your data voluntarily when creating an account and using our services.

Contractual necessity: Processing your data is necessary to provide the service you signed up for.

Legitimate interests: Protecting the platform from abuse, maintaining quality through moderation, and improving the service.

5. How we protect your data

We take the security of your data seriously:

Passwords are hashed before storage. We never store or have access to your plain text password.

Email addresses are only visible to you on your own profile and to administrators for moderation purposes. Other users cannot see your email.

Database access is restricted and secure with encryption at rest and in transit.

Authentication tokens for email verification and password resets are cryptographically generated and expire automatically.

6. Data sharing

We do not sell your personal data to anyone. We share data only with trusted third-party service providers who help us operate the platform:

Database hosting: Your account data and content is stored securely with an encrypted cloud database provider.

Email services: We use a third-party email provider to send verification and notification emails.

Image hosting: Course images uploaded by users are stored with a secure cloud hosting provider.

All third-party providers are bound by their own privacy policies and data protection obligations. We only share the minimum data necessary for each service to function.

7. Your rights under UK GDPR

You have the following rights regarding your personal data:

Right of access: You can view your personal data on your profile page at any time.

Right to rectification: You can update your name through your profile page.

Right to erasure: You can request deletion of your account and all associated data by contacting us at Support.CourseCursader@Gmail.com. We will process your request within 30 days.

Right to restrict processing: You can request that we limit how we use your data.

Right to data portability: You can request a copy of your data in a machine-readable format.

Right to object: You can object to our processing of your data based on legitimate interests.

To exercise any of these rights, email us at Support.CourseCursader@Gmail.com. We will respond within 30 days.

8. Data retention

Account data: Retained for as long as your account is active. If you request account deletion, we will remove your data within 30 days.

Reviews: Retained for as long as the associated course listing exists or until you request deletion.

Verification and reset tokens: Automatically expire and are removed after use (24 hours for verification, 1 hour for password reset).

Rate limiting data: Stored temporarily in memory and cleared when the server restarts. Not permanently stored.

9. Cookies

We use essential cookies only. These are strictly necessary for the functioning of the platform, specifically for maintaining your login session. We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.

10. Children

Our platform is not intended for children under the age of 13. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 13, we will delete it immediately.

11. Changes to this policy

We may update this privacy policy from time to time. We will notify registered users of any significant changes via email. The "last updated" date at the top of this page indicates when the policy was last revised.

12. Contact and complaints

If you have any questions or concerns about this privacy policy or how we handle your data, contact us at Support.CourseCursader@Gmail.com.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority.

ICO website: https://ico.org.uk