Legal

Privacy Policy

Effective date: May 4, 2026

CourseRadar ("we", "us", or "our") operates courseradar.io (the "Service"). This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights regarding your information. By using the Service you agree to the practices described here.

1. Information We Collect

1.1 Account & Authentication Data

  • Email address — collected when you register or sign in with magic link or password.
  • OAuth tokens — when you choose to sign in via Google, GitHub, or Microsoft (Azure / Entra ID), the provider shares your name, email address, and a unique provider identifier with us. We do not receive your OAuth provider password.
  • Passkeys (WebAuthn credentials) — if you register a passkey, we store the public-key credential identifier. Your private key never leaves your device.
  • Anonymous username — a one-way hash derived from your account identifier is used as your public author handle on reviews. It cannot be reversed to identify you.

1.2 Academic Verification Data

  • If you choose to verify your university enrollment, we store confirmation that a valid .edu (or institution-issued) email address was used. We do not store your academic records.

1.3 Content You Submit

  • Course reviews, ratings, comments, and resource links you submit through the Service.
  • Reviews are associated with your anonymous username, not your real identity.

1.4 Subscription & Payment Data

  • If you subscribe to a paid plan, payment is processed by Stripe. We store only a Stripe customer ID and subscription status; we never see or store your full card number.

1.5 Usage & Technical Data

  • Vercel Analytics collects aggregated, privacy-first page-view metrics (no personally identifiable information).
  • Sentry captures error events and stack traces to help us diagnose bugs. These reports may include browser type, OS, and a partial URL.
  • Standard server logs (IP address, request path, timestamp) are retained for up to 30 days for security and abuse prevention.

2. How We Use Your Information

  • To create and maintain your account.
  • To authenticate you via email, OAuth provider, or passkey.
  • To display your course reviews under an anonymous username.
  • To send transactional emails (magic-link sign-in, email verification). We do not send marketing emails without your consent.
  • To process subscription payments through Stripe.
  • To monitor site health, investigate errors, and prevent abuse.
  • To comply with legal obligations and enforce our Terms of Service.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only as follows:

  • Service providers — Vercel (hosting), Neon / Railway (database), Stripe (payments), Resend (email), Sentry (error monitoring), and other infrastructure providers acting on our behalf under confidentiality obligations.
  • OAuth providers — when you choose social login, your sign-in action is governed by that provider's privacy policy (Google, GitHub, Microsoft).
  • Legal requirements — if required by law, subpoena, or to protect the rights and safety of CourseRadar or others.
  • Business transfer — in the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

4. Cookies & Local Storage

  • Session cookies — used by NextAuth.js to maintain your authenticated session. Required for the Service to function.
  • Local storage — we store your last sign-in method and theme preference in your browser's local storage.
  • We do not use third-party advertising cookies or cross-site tracking cookies.

5. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. If you delete your account, your personal information is deleted within 30 days, except where we are required to retain it for legal obligations. Reviews may persist in an anonymized form after account deletion.

6. Data Security

We implement industry-standard security measures including TLS encryption in transit, hashed passwords, short-lived JWT session tokens, and row-level access controls in our database. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate data.
  • Deletion — request deletion of your account and personal data.
  • Portability — receive your data in a machine-readable format.
  • Objection / restriction — object to or restrict certain processing activities.

To exercise any of these rights, email us at support@courseradar.io. We will respond within 30 days.

8. Children's Privacy

The Service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

9. International Transfers

Our infrastructure is primarily located in the United States. By using the Service, you consent to the transfer of your information to the US, where data protection laws may differ from those in your country.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page with an updated effective date. Continued use of the Service after changes constitutes acceptance of the new policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at:

CourseRadar
support@courseradar.io
View Terms of Service →