Privacy Policy

LearnPath is operated by Erickson Innovations Inc., an Alberta corporation. We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), the General Data Protection Regulation (GDPR) for users in the European Economic Area, and the California Consumer Privacy Act (CCPA) for California residents.

Contact: info@learnpath.me

Account information: When you create an account, we collect your email address and display name. If you sign up via Google or Microsoft OAuth, we receive your email address and, where provided by those services, your name. Your display name will appear on any Skill Records you earn — you choose what name to use.

Learning data: We collect your stated learning goals, diagnostic task responses, session activity, performance scores, AI-generated learning plans, and session reflections. This data powers your personalized learning experience and is used to assess competency for Skill Record issuance.

Credential data: When you earn and claim a Skill Record, we store your credential details including skills demonstrated, competency levels, session evidence, and the date range of your learning activity. If you upload credential files from third-party platforms, we extract and store the credential metadata including issuer name, credential name, and skill tags. Original verification by the issuing platform is preserved and attributed. See Section 4 for important information about public credential visibility.

Payment information: If you subscribe to LearnPath Pro, payment is processed by Stripe. We do not store your credit card number or banking details. We receive your subscription status, billing history, and Stripe customer ID from Stripe.

Usage data: We collect standard usage information including pages visited, features used, and session durations to understand how the product is used and to improve it.

Communications: If you contact us by email, we retain that correspondence to respond to you and improve our support.

We use your data to:

• Operate and personalize your learning experience, including generating your learning plan, daily sessions, and diagnostic analysis
• Issue, display, and enable third-party verification of Skill Records you have earned
• Manage your account, subscription, and billing
• Send transactional emails including account verification, password reset, subscription receipts, and learning progress notifications
• Monitor for misuse, security incidents, and violations of our Terms of Service
• Improve LearnPath's features using anonymized, aggregated data
• Respond to support inquiries and legal requests
• Comply with applicable law

We do not sell your personal data. We do not use your data for advertising.

This section is important. Please read it carefully.

When you claim a Skill Record, it becomes publicly accessible via a unique verification URL by default. Before claiming, you will be shown a clear disclosure explaining what this means. Specifically:

• Anyone with the link can view your credential, including your display name, skills demonstrated, competency levels, and a summary of your session activity
• Anyone with the link can use LearnPath's AI interrogation feature to ask questions about how your credential was earned — including your strengths, areas of difficulty, and demonstrated competency evidence
• You control visibility — you can make any credential private at any time from your credentials page, and a private credential is immediately removed from public access
• Account deletion — if you delete your account, credentials remain in their current visibility state; publicly visible credentials remain verifiable, private credentials remain private, and you lose management access upon deletion
• Think before sharing — once you share a credential link, others may save or record the information, and making a credential private does not guarantee removal of information already accessed by third parties

By claiming a credential you acknowledge and consent to these terms.

LearnPath uses the following third-party services, each governed by their own privacy policies:

• Supabase — database, authentication, and backend infrastructure; your data is stored in Supabase's secure PostgreSQL database
• Stripe — payment processing; Stripe is PCI-DSS compliant
• Google OAuth / Microsoft OAuth — optional sign-in; we receive only the minimum profile information needed to create your account
• Google Gemini — powers AI features including learning plan generation, session content, diagnostic analysis, and credential interrogation; content you submit is processed by Google's AI infrastructure
• Vercel — hosts the LearnPath web application
• Resend — transactional email delivery

Active accounts: We retain your data for as long as your account is active.

Cancelled subscriptions: Your data and Skill Records are retained in full — cancelling a subscription does not affect your data.

Deleted accounts: Your personal data is permanently purged within 30 days of deletion. This includes your email address, display name, learning goals, session content, diagnostic data, and AI conversations. Skill Records remain in their visibility state at time of deletion but you lose management access.

Anonymized data: Non-identifiable, aggregated behavioral data may be retained indefinitely for product improvement. This data cannot be used to identify you.

Billing records: Transaction records are retained for up to 7 years as required by applicable law.

Automated enforcement: Data deletion is automated. You do not need to take any action beyond deleting your account.

Regardless of your location, you may exercise the following rights by contacting us at info@learnpath.me:

• Access — request a copy of the personal data we hold about you
• Correction — ask us to correct inaccurate or incomplete information
• Deletion — delete your account directly through Account Settings; your personal data will be purged within 30 days
• Portability — request an export of your learning data in JSON format via the Download my data button in Account Settings
• Objection — object to certain types of processing
• Withdraw consent — where processing is based on consent, you may withdraw it at any time

We will respond to all requests within 30 days. We may verify your identity before processing a request.

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect only the personal information necessary to provide our service, with your knowledge and consent. You have the right to access and correct your personal information. To exercise these rights, contact info@learnpath.me.

If you are located in the European Economic Area (EEA), our legal bases for processing your personal data are:

• Contract — processing necessary to provide the LearnPath service you signed up for
• Legitimate interests — product improvement, fraud prevention, and security, where these do not override your rights
• Consent — where you have explicitly opted in, including by claiming a public Skill Record

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data lawfully.

California residents have the right to know what personal information we collect, to request deletion of their personal information, and to opt out of the sale of personal information. We do not sell personal information. To make a CCPA request, contact info@learnpath.me.

LearnPath uses browser cookies and local storage to keep you signed in and remember your session preferences. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, though some features may not function correctly without them.

We implement industry-standard security measures including encrypted data transmission (TLS), secure authentication and credential storage, role-based access controls, and regular security reviews. No system is completely secure. We encourage you to use a strong, unique password and to notify us immediately at info@learnpath.me if you suspect unauthorized access to your account.

LearnPath is intended for users 18 and older. We do not knowingly collect personal information from anyone under 18. If we become aware that a person under 18 has created an account, we will delete it promptly. If you believe a minor has created an account, contact us at info@learnpath.me.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by posting a notice in the app at least 14 days before changes take effect. The "Last updated" date at the top reflects the most recent revision.

For questions, data requests, or privacy concerns:

info@learnpath.me — Erickson Innovations Inc., Alberta, Canada