← Back

Privacy Policy

Last updated: April 5, 2026

Overview

Course Base is an independent project, not affiliated with INSEAD. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

Data We Collect

Account Data

When you sign up, we collect your name, email address, and profile picture via Google OAuth or email authentication. This data is managed by Clerk, our authentication provider.

Conversations

Your chat messages and AI responses are encrypted at rest using AES-256-GCM encryption. We cannot read the content of your conversations. Conversations are stored to provide you with chat history.

API Keys

If you provide an OpenRouter API key, it is encrypted at rest using AES-256-GCM before storage. The key is only decrypted server-side when making API calls on your behalf.

Usage Data

We log basic request metadata (endpoint, timestamp) for monitoring service health. We do not use third-party analytics or tracking tools.

How We Use Your Data

  • To provide and maintain the service
  • To authenticate your identity
  • To process your queries using AI models
  • To monitor service health and prevent abuse

We do not sell, share, or use your data for advertising. We do not train AI models on your conversations.

Third-Party Processors

Your data is processed by the following third-party services, all of which are US-based:

  • Clerk — authentication and user management
  • Convex — database and file storage
  • Vercel — application hosting
  • OpenRouter — AI inference (using your own API key)
  • Mistral AI — document OCR processing

International Data Transfers

Our service processors are based in the United States. If you are located in the EU/EEA, your data is transferred to the US under the EU-US Data Privacy Framework and Standard Contractual Clauses maintained by our processors.

Data Retention

  • Account data: retained until you delete your account
  • Conversations: retained until you delete them, or automatically after 12 months of account inactivity
  • API keys: retained until you remove them or delete your account
  • Server logs: retained for 90 days

Your Rights

Under GDPR and applicable privacy laws, you have the right to:

  • Access the personal data we hold about you
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent at any time
  • Object to processing of your data

You can delete individual conversations from the chat interface. To delete your account and all associated data, contact us at the email below.

Security

We implement appropriate technical measures to protect your data:

  • All data in transit is encrypted via HTTPS/TLS
  • Conversation content is encrypted at rest using AES-256-GCM
  • API keys are encrypted at rest using AES-256-GCM
  • Authentication is handled by Clerk with industry-standard security
  • API key hashes use SHA-256

Children's Privacy

This service is intended for university students and alumni. We do not knowingly collect data from anyone under 16 years of age.

Changes

We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new “Last updated” date.

Contact

For privacy-related requests or questions, contact us at kaikaushik1995@gmail.com.