Privacy Policy

We collect your email address (for magic-link authentication), learning progress (lessons completed, quiz scores, spaced repetition schedules), certificates, imported creator content metadata, and locale preferences.

Your data is used for authentication, delivering a personalised learning feed, spaced repetition scheduling (SM-2 algorithm), certificate issuance, payment processing, and platform analytics.

We do not sell your data. We share it only with: Stripe (payment processing), Cloudflare (hosting and CDN), and Resend (transactional emails). All third parties operate under data processing agreements.

We use a session cookie for authentication and localStorage for locale preference. We do not use third-party tracking cookies or advertising trackers.

Data for active accounts is retained until you request deletion. Certificates are preserved permanently as verifiable credentials. Inactive accounts may be purged after 2 years.

You may access, correct, export, or delete your data at any time. You can request data portability and withdraw consent. Submit requests to legal@edyvo.com — we respond within 30 days.

All data is encrypted in transit via TLS and stored at rest on Cloudflare infrastructure. Passwordless authentication eliminates password-based attack vectors. Access is restricted to authorised team members.

Questions about privacy? Email legal@edyvo.com