Skip to main content
FA

Privacy Policy

Last updated: February 2026

Information We Collect

We collect the following information when you use our service:

  • Name and email address (account creation)
  • Payment information (processed securely by Stripe — we never store card details)
  • Shipping address (for Starter Kit orders only)
  • Course progress and completion data
  • Basic usage analytics (pages visited, time on site)

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract performance: To provide the course and services you purchased
  • Legitimate interest: To improve our platform and communicate about your account
  • Consent: For marketing communications, which you may opt out of at any time
  • Legal obligation: To comply with tax, accounting, and legal requirements

How We Use Your Information

  • To provide and maintain the course platform
  • To process payments and fulfill orders
  • To send transactional emails (receipts, shipping updates, account notices)
  • To track your course progress
  • To improve our course content and platform
  • To respond to your questions or support requests

Cookies and Tracking

We use cookies and similar technologies to maintain your session, remember your preferences, and analyze how the platform is used. The cookies we use include:

  • Essential cookies: Required for authentication and platform functionality. These cannot be disabled.
  • Analytics cookies: Used by Google Analytics to understand usage patterns. You may opt out by using browser privacy settings or a Google Analytics opt-out extension.

We do not use advertising cookies or sell data to advertisers.

Third-Party Services

We use the following services that may process your data:

  • Supabase — Authentication and database (data stored in the United States)
  • Stripe — Payment processing (PCI-DSS compliant)
  • Resend — Transactional emails
  • Vercel — Hosting and content delivery
  • Google Analytics — Usage analytics

Each third-party provider processes data in accordance with their own privacy policy and applicable data protection regulations.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. If you request account deletion, we will remove your personal data within 30 days, except where we are required to retain certain information for legal, tax, or accounting purposes.

International Data Transfers

Our services are primarily hosted in the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take reasonable measures to ensure your data is treated securely and in accordance with this Privacy Policy.

Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL) and at rest. Payment information is processed directly by Stripe and never stored on our servers. While no method of data transmission is 100% secure, we take reasonable precautions to protect your personal information.

Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Request a portable copy of your data
  • Opt out of marketing communications
  • Withdraw consent at any time (where processing is based on consent)

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information — we do not sell your personal information
  • The right to non-discrimination for exercising your CCPA rights

To exercise your California privacy rights, contact us at the email address listed below.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority. We process your data based on the legal bases described above.

Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the platform. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

Contact

For privacy-related inquiries, please contact us at foacourse@goodatscale.co.

Privacy Policy | Foundations of Architecture