PRIVACY POLICY FOR curso.ai
Last updated: 18 April 2025
QUICK SUMMARY (read this if you are in a hurry)
- We only collect the data that is strictly necessary (name, email/phone, academic progress) to deliver the course and personalise your learning experience.
- We do not sell your data or use it for third‑party advertising purposes.
- The content of your conversations is not used to train OpenAI; the API is configured so your prompts and responses are excluded from its training systems.
- You can access, rectify or erase your information at any time by writing to privacy@curso.ai.
1. INTRODUCTION
This Privacy Policy governs the processing of the personal data of users (the “Users”) who interact with the website https://curso.ai (the “Website”), our WhatsApp bot and any other applications and services owned by Adrián Melic (“curso.ai”, “we”, “us”). It complies with Regulation (EU) 2016/679 (“GDPR”), the Spanish Organic Law 3/2018 on Data Protection (“LOPDGDD”) and any other applicable rules.
By using our Services you confirm that you have read and understood this Policy.
2. DATA CONTROLLER
- Entity: Adrián Melic
- Address: C/ Dr. Alfonso Chiscano Díaz 8, 35019 Las Palmas de G.C., Spain
- Email: privacy@curso.ai
- Data Protection Officer (DPO): dpo@curso.ai
3. PERSONAL DATA WE PROCESS
3.1. Data provided directly by you
- First name, surname, preferred language.
- Email address and/or phone number.
- Social‑media profiles that you voluntarily link.
- Exercise submissions, feedback, files and any other content generated by you.
3.2. Data collected automatically
- IP address, device identifiers, browser type, operating system.
- Usage logs (date/time, commands, clicks, time spent).
- Cookies and similar technologies as described in our Cookie Policy.
3.3. Data obtained from third parties
- Google Classroom (academic identity).
- WhatsApp (messaging identifiers).
- Other identity providers you choose to log in with.
3.4. Accuracy of the data
You guarantee that the data provided are accurate, up‑to‑date and belong to you. If you supply data relating to third parties (e.g., when recommending the course), you declare that you have informed them of the contents of this Policy and obtained their consent, holding curso.ai harmless from any liability.
4. PURPOSES AND LEGAL BASES
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| 4.1 Provision of the service, account management and payments | Contract performance (6.1.b) |
| 4.2 Personalising learning via academic profiles | Legitimate interest (6.1.f) – you may object at any time |
| 4.3 Improving the platform and AI models with anonymised data | Legitimate interest (6.1.f) |
| 4.4 Sending information about new courses | Consent (6.1.a) or legitimate interest for existing customers (Art. 21 LSSI) |
| 4.5 Fraud prevention and security | Legal obligation / legitimate interest |
| 4.6 Compliance with tax and accounting duties | Legal obligation (6.1.c) |
| 4.7 Handling data‑subject rights and claims | Legal obligation (6.1.c) |
5. AUTOMATED DECISIONS AND PROFILING
We use algorithms to generate study recommendations and personalised corrections without legal or similarly significant effects on you (Art. 22 GDPR). You may request human review at privacy@curso.ai.
6. RECIPIENTS
| Recipient / Processor | Purpose | Safeguard |
|---|---|---|
| OpenAI OpCo, LLC | Generating IA responses via API | Standard Contractual Clauses; content excluded from training by default |
| WhatsApp Ireland Ltd. / WhatsApp LLC | Transport of messages via WhatsApp Business API | Processing inside the EEA (WhatsApp Ireland) or SCC US (WhatsApp LLC) |
| AWS EMEA SARL | Hosting and backups in the EU | Processing inside the EEA |
| Advisors, banks, tax office, courts | Fulfilling legal obligations | — |
We do not sell or disclose your data for third‑party commercial purposes.
7. INTERNATIONAL TRANSFERS
Where providers host servers outside the EEA, we rely on (i) adequacy decisions or (ii) European Commission Standard Contractual Clauses.
8. RETENTION PERIODS
| Data | Period |
|---|---|
| Account and identification data | While the account is active and 3 years after the last activity or deletion request |
| Academic history | 5 years after the end of the course |
| Bot conversations | As long as necessary to provide the service and resolve incidents; afterwards they are anonymised or deleted on request |
| Accounting records | 6 years |
| Marketing | Until consent is withdrawn |
Data are pseudonymised or anonymised wherever possible.
9. SECURITY MEASURES
TLS encryption, role‑based access controls, regular audits, encrypted backups, access logs and ongoing staff training.
10. YOUR RIGHTS
You may exercise your rights of access, rectification, erasure, objection, restriction, portability and not to be subject to automated decisions by emailing privacy@curso.ai and proving your identity. If you are not satisfied, you can lodge a complaint with the Spanish Data Protection Authority (AEPD).
11. COMMERCIAL COMMUNICATIONS
We distinguish two types of emails:
- Transactional or personal emails (e.g., enrolment confirmations, assignment reminders, individual feedback). These are necessary for the service and are not marketing communications, so they do not need an unsubscribe link.
- Commercial or promotional communications (new courses, discounts, newsletters). These do include a clear, free mechanism to unsubscribe (a link or instructions to reply with “UNSUBSCRIBE”).
You can always withdraw consent or object to direct marketing by emailing privacy@curso.ai.
12. MINORS
The Services are intended for users aged 14 or older. Younger users need explicit consent from their legal guardians.
13. COOKIES
We use technical and analytics cookies. Full details are available in the Cookie Policy published on the Website.
14. CHANGES TO THIS POLICY
We will post any changes on the Website, indicating the date of the last update. If changes are substantial, we will notify you by email or a prominent notice.
15. CONTACT
General email: privacy@curso.ai Data Protection Officer: dpo@curso.ai Postal address: C/ Dr. Alfonso Chiscano Díaz 8, 35019 Las Palmas de Gran Canaria, Spain