Privacy Policy

Syllabi.ai ("Syllabi", "we", "us", or "our") operates the website syllabi.online and provides an AI-powered course generation service. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our services. By accessing or using Syllabi.ai, you agree to this policy.

This policy is intended to comply with applicable data protection laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the CPRA, and other applicable privacy legislation.

1. Information We Collect

1.1 Information You Provide Directly

Account information: When you sign up, we collect your email address and display name via Google OAuth (no passwords are stored by Syllabi.ai directly).
Course generation inputs: Topic, target audience, course length, niche, and any other fields you enter into the course generator.
Payment information: Billing details (name, address, card last-4, billing country) are collected and processed by Stripe, Inc. We do not store full card numbers.
Communications: Messages you send to us via email or feedback forms.

1.2 Information Collected Automatically

Usage data: Pages viewed, features used, generation count, timestamps, and interaction events collected via Vercel Analytics.
Performance data: Core Web Vitals and performance metrics collected via Vercel Speed Insights.
Log data: IP address, browser type, operating system, referrer URL, and request metadata processed by our hosting infrastructure (Vercel).
Cookies and local storage: Authentication tokens, session state, and preference data. See our Cookie Policy for details.

1.3 Information from Third Parties

Google OAuth:When you sign in with Google, we receive your name, email address, and profile picture URL from Google's authentication service.
Stripe: We receive payment confirmations, subscription status, customer IDs, and billing event data from Stripe.

2. How We Use Your Information

We use your information for the following purposes, each grounded in a lawful basis:

Providing the service (Contract): Processing course generation requests, managing your account, storing your generated courses, and delivering exports (PDF, Notion).
Billing and payments (Contract): Processing subscription payments, managing plan limits, issuing invoices, and handling refunds via Stripe.
Service improvement (Legitimate interest): Analyzing usage patterns to improve features, fix bugs, and optimize performance. We use aggregated or anonymized data where possible.
Security (Legitimate interest / Legal obligation): Detecting and preventing fraud, abuse, and unauthorized access.
Communications (Consent / Contract): Sending transactional emails (password reset, billing receipts). We do not send marketing emails without explicit opt-in consent.
Legal compliance (Legal obligation): Complying with applicable laws, responding to lawful requests from public authorities, and enforcing our Terms of Service.

AI Processing

Your course generation inputs are sent to Anthropic, Inc. via their Claude API to generate course content. Inputs are processed in real time and are subject to Anthropic's Privacy Policy. We do not use your inputs to train Anthropic's models (this is governed by our data processing agreement with Anthropic). We do not sell or share your course inputs with any other AI providers.

3. Third-Party Services

We use the following sub-processors and third-party services. Each processes your data only as necessary to provide their function:

Supabase, Inc. — Database and authentication infrastructure. Stores your account data, generated course records, and session tokens. Data is stored in the US (AWS us-east-1) unless a different region is selected. See: supabase.com/privacy.
Stripe, Inc. — Payment processing, subscription management, and billing. Stripe is PCI DSS Level 1 certified. See: stripe.com/privacy.
Anthropic, Inc. — AI model inference for course generation via the Claude API. See: anthropic.com/privacy.
Vercel, Inc. — Hosting, edge network, analytics, and performance monitoring. See: vercel.com/legal/privacy-policy.
Google LLC — Authentication via Google OAuth (Sign in with Google). See: policies.google.com/privacy.

4. Data Retention

Account data: Retained for the lifetime of your account and for up to 30 days after account deletion, to allow recovery from accidental deletions.
Generated courses: Retained for the lifetime of your account. You may delete individual courses at any time from your profile page.
Billing records: Retained for 7 years for tax and accounting compliance, even after account deletion.
Server logs: Retained for up to 90 days for security and debugging.
Analytics data: Aggregated or anonymized usage data may be retained indefinitely.

After account deletion, all personal data is purged from our active systems within 30 days, subject to the retention exceptions listed above.

5. Your Rights

For All Users

You have the right to:

Access the personal data we hold about you
Correct inaccurate personal data
Delete your account and associated personal data
Export your generated courses (available via your profile page)
Withdraw consent where processing is based on consent

EU / EEA Residents (GDPR)

In addition to the above, you have the right to:

Data portability: Receive your data in a machine-readable format
Restriction of processing: Request we limit how we use your data while a dispute is resolved
Object to processing: Object to processing based on legitimate interests
Lodge a complaint: With your local data protection authority (e.g., the ICO in the UK, the CNIL in France)

Our lawful bases for processing are: contract performance (account and billing), legitimate interests (analytics, security), and legal obligation (tax/accounting records).

California Residents (CCPA / CPRA)

California residents have the right to:

Know what personal information is collected, used, shared, or sold
Delete personal information (subject to certain exceptions)
Opt out of the sale or sharing of personal information
Non-discrimination for exercising privacy rights
Correct inaccurate personal information
Limit use of sensitive personal information

We do not sell personal information as defined by the CCPA. We do not share personal information with third parties for cross-context behavioral advertising.

To exercise your rights, email us at privacy@syllabi.online. We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing requests.

6. International Transfers

Syllabi.ai is operated from the United States. If you access the service from outside the US, your information may be transferred to, stored in, and processed in the US. Where required by applicable law (e.g., for EU residents), such transfers are conducted under appropriate safeguards, including Standard Contractual Clauses (SCCs) as approved by the European Commission. Our sub-processors (Supabase, Stripe, Anthropic, Vercel) maintain their own transfer mechanisms as described in their privacy policies.

7. Data Security

We implement reasonable technical and organizational measures to protect your personal data, including:

TLS encryption for all data in transit
Encryption at rest for database storage (via Supabase)
Row-level security (RLS) policies to ensure users can only access their own data
Authentication via Google OAuth (no passwords stored by Syllabi.ai)
Payment data isolated to Stripe's PCI-compliant infrastructure

No method of transmission over the internet is 100% secure. If you believe your account has been compromised, please contact us immediately at privacy@syllabi.online.

8. Children's Privacy

Syllabi.ai is not directed at children under the age of 13, or under 16 where EU law applies. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us at privacy@syllabi.online and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email (to the address on file) or via a prominent notice on our website at least 30 days before the change takes effect. The "Effective date" at the top of this page indicates when the policy was last revised. Continued use of the service after the effective date constitutes acceptance of the revised policy.

10. Contact Us

For privacy-related questions, to exercise your rights, or to report a concern, contact us at:

Email: privacy@syllabi.online
Website: syllabi.online

We aim to respond to all privacy inquiries within 5 business days.

1. Information We Collect

1.1 Information You Provide Directly

Account information: When you sign up, we collect your email address and display name via Google OAuth (no passwords are stored by Syllabi.ai directly).
Course generation inputs: Topic, target audience, course length, niche, and any other fields you enter into the course generator.
Payment information: Billing details (name, address, card last-4, billing country) are collected and processed by Stripe, Inc. We do not store full card numbers.
Communications: Messages you send to us via email or feedback forms.

1.2 Information Collected Automatically

Usage data: Pages viewed, features used, generation count, timestamps, and interaction events collected via Vercel Analytics.
Performance data: Core Web Vitals and performance metrics collected via Vercel Speed Insights.
Log data: IP address, browser type, operating system, referrer URL, and request metadata processed by our hosting infrastructure (Vercel).
Cookies and local storage: Authentication tokens, session state, and preference data. See our Cookie Policy for details.

1.3 Information from Third Parties

Google OAuth:When you sign in with Google, we receive your name, email address, and profile picture URL from Google's authentication service.
Stripe: We receive payment confirmations, subscription status, customer IDs, and billing event data from Stripe.

2. How We Use Your Information

We use your information for the following purposes, each grounded in a lawful basis:

Providing the service (Contract): Processing course generation requests, managing your account, storing your generated courses, and delivering exports (PDF, Notion).
Billing and payments (Contract): Processing subscription payments, managing plan limits, issuing invoices, and handling refunds via Stripe.
Service improvement (Legitimate interest): Analyzing usage patterns to improve features, fix bugs, and optimize performance. We use aggregated or anonymized data where possible.
Security (Legitimate interest / Legal obligation): Detecting and preventing fraud, abuse, and unauthorized access.
Communications (Consent / Contract): Sending transactional emails (password reset, billing receipts). We do not send marketing emails without explicit opt-in consent.
Legal compliance (Legal obligation): Complying with applicable laws, responding to lawful requests from public authorities, and enforcing our Terms of Service.

AI Processing

3. Third-Party Services

We use the following sub-processors and third-party services. Each processes your data only as necessary to provide their function:

Supabase, Inc. — Database and authentication infrastructure. Stores your account data, generated course records, and session tokens. Data is stored in the US (AWS us-east-1) unless a different region is selected. See: supabase.com/privacy.
Stripe, Inc. — Payment processing, subscription management, and billing. Stripe is PCI DSS Level 1 certified. See: stripe.com/privacy.
Anthropic, Inc. — AI model inference for course generation via the Claude API. See: anthropic.com/privacy.
Vercel, Inc. — Hosting, edge network, analytics, and performance monitoring. See: vercel.com/legal/privacy-policy.
Google LLC — Authentication via Google OAuth (Sign in with Google). See: policies.google.com/privacy.

4. Data Retention

Account data: Retained for the lifetime of your account and for up to 30 days after account deletion, to allow recovery from accidental deletions.
Generated courses: Retained for the lifetime of your account. You may delete individual courses at any time from your profile page.
Billing records: Retained for 7 years for tax and accounting compliance, even after account deletion.
Server logs: Retained for up to 90 days for security and debugging.
Analytics data: Aggregated or anonymized usage data may be retained indefinitely.

After account deletion, all personal data is purged from our active systems within 30 days, subject to the retention exceptions listed above.

5. Your Rights

For All Users

You have the right to:

Access the personal data we hold about you
Correct inaccurate personal data
Delete your account and associated personal data
Export your generated courses (available via your profile page)
Withdraw consent where processing is based on consent

EU / EEA Residents (GDPR)

In addition to the above, you have the right to:

Data portability: Receive your data in a machine-readable format
Restriction of processing: Request we limit how we use your data while a dispute is resolved
Object to processing: Object to processing based on legitimate interests
Lodge a complaint: With your local data protection authority (e.g., the ICO in the UK, the CNIL in France)

Our lawful bases for processing are: contract performance (account and billing), legitimate interests (analytics, security), and legal obligation (tax/accounting records).

California Residents (CCPA / CPRA)

California residents have the right to:

Know what personal information is collected, used, shared, or sold
Delete personal information (subject to certain exceptions)
Opt out of the sale or sharing of personal information
Non-discrimination for exercising privacy rights
Correct inaccurate personal information
Limit use of sensitive personal information

We do not sell personal information as defined by the CCPA. We do not share personal information with third parties for cross-context behavioral advertising.

To exercise your rights, email us at privacy@syllabi.online. We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing requests.

6. International Transfers

7. Data Security

We implement reasonable technical and organizational measures to protect your personal data, including:

TLS encryption for all data in transit
Encryption at rest for database storage (via Supabase)
Row-level security (RLS) policies to ensure users can only access their own data
Authentication via Google OAuth (no passwords stored by Syllabi.ai)
Payment data isolated to Stripe's PCI-compliant infrastructure

No method of transmission over the internet is 100% secure. If you believe your account has been compromised, please contact us immediately at privacy@syllabi.online.

8. Children's Privacy

9. Changes to This Policy

10. Contact Us

For privacy-related questions, to exercise your rights, or to report a concern, contact us at:

Email: privacy@syllabi.online
Website: syllabi.online

We aim to respond to all privacy inquiries within 5 business days.

1. Information We Collect

1.1 Information You Provide Directly

1.2 Information Collected Automatically

1.3 Information from Third Parties

2. How We Use Your Information

AI Processing

3. Third-Party Services

4. Data Retention

5. Your Rights

For All Users

EU / EEA Residents (GDPR)

California Residents (CCPA / CPRA)

6. International Transfers

7. Data Security

8. Children's Privacy

9. Changes to This Policy

10. Contact Us

Loading...

Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

1.2 Information Collected Automatically

1.3 Information from Third Parties

2. How We Use Your Information

AI Processing

3. Third-Party Services

4. Data Retention

5. Your Rights

For All Users

EU / EEA Residents (GDPR)

California Residents (CCPA / CPRA)

6. International Transfers

7. Data Security

8. Children's Privacy

9. Changes to This Policy

10. Contact Us