Privacy Policy

Last updated: February 10, 2026

1. Data Controller

WebEducationLab (hereinafter "we", "the Platform") is the data controller for personal data collected through web-education-lab.vercel.app and any associated subdomains or domains.

Contact: contact@webeducationlab.com

2. Data We Collect

2.1 Data you provide directly

  • Registration data: full name, email address, and password (encrypted).
  • Profile data: additional information you choose to provide (profile photo, bio).
  • Payment data: when you make purchases, payment data is processed by external payment providers (Stripe, MercadoPago, etc.). We do not store credit/debit card numbers on our servers.
  • User-generated content: forum posts, messages between students, and exercise responses.

2.2 Automatically collected data

  • Usage data: course progress, completed modules, submitted exercises, earned points, streak days, and activity history.
  • Technical data: IP address, browser type, operating system, pages visited, date and time of access.
  • Cookies: we use essential cookies for authentication and language preferences. See section 7.

3. Purpose of Processing

  • Create and manage your user account.
  • Provide educational services (courses, exercises, certificates).
  • Personalize your learning experience through Artificial Intelligence.
  • Process payments and manage subscriptions.
  • Send service-related communications (confirmations, account changes, security alerts).
  • Improve the platform through aggregated and anonymous usage analysis.
  • Comply with legal obligations and prevent fraudulent activity.

4. Legal Basis (GDPR)

If you are located in the European Economic Area (EEA), our processing is based on:

  • Contract performance (Art. 6.1.b GDPR): necessary to provide educational services.
  • Consent (Art. 6.1.a GDPR): for optional communications and non-essential cookies.
  • Legitimate interest (Art. 6.1.f GDPR): to improve the platform and prevent fraud.
  • Legal obligation (Art. 6.1.c GDPR): to comply with tax and legal regulations.

5. Data Sharing with Third Parties

We do not sell your personal data. We share data only with the following service providers, who act as data processors:

  • Supabase Inc. (USA) — Database, authentication, and storage. Standard Contractual Clauses (SCC) for international transfers.
  • OpenAI, L.L.C. (USA) — AI-powered content generation and exercise evaluation. Data sent is limited to necessary academic content.
  • Vercel Inc. (USA) — Web hosting and content delivery network (CDN).
  • Google LLC (USA) — Aggregated usage analytics (Google Analytics). Data is anonymized.

6. Your Rights

6.1 Rights under GDPR (EU/EEA)

  • Access: obtain a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): request deletion of your data.
  • Restriction: restrict processing of your data.
  • Portability: receive your data in a structured format.
  • Objection: object to processing based on legitimate interest.
  • Withdraw consent: at any time, without affecting the lawfulness of prior processing.

6.2 Rights under CCPA (California, USA)

  • Right to know what data we collect about you.
  • Right to request deletion of your data.
  • Right not to be discriminated against for exercising your privacy rights.
  • We do not sell personal data to third parties.

6.3 Rights under Law 25.326 (Argentina)

  • Right of access, rectification, deletion, and confidentiality of your data.
  • You may exercise your rights before the National Directorate for Personal Data Protection (AAIP).

To exercise any of these rights, contact us at contact@webeducationlab.com. We will respond within 30 days.

7. Cookies

  • Essential cookies: required for authentication (user session) and language preferences. Cannot be disabled.
  • Analytics cookies: we use Google Analytics to understand how the platform is used. This data is anonymous and aggregated.

You can manage cookies through your browser settings.

8. Data Security

  • Password encryption with secure algorithms (bcrypt).
  • HTTPS/TLS encrypted communications across the platform.
  • Role-based access control (Row Level Security) in the database.
  • Authentication tokens with automatic expiration and renewal.

However, no system is 100% secure. If we detect a security breach affecting your data, we will notify you in accordance with applicable law.

9. Data Retention

  • Active account: we retain your data as long as your account is active.
  • Deleted account: we delete your personal data within 30 days of your request, unless law requires us to retain it (e.g., tax records).
  • Usage data: anonymized activity data may be retained for statistical purposes.

10. Children's Privacy

The platform is intended for users aged 13 and older. We do not knowingly collect data from children under 13. If you are a resident of the European Economic Area and under 16 years old, you need the consent of a parent or legal guardian to use the platform. If we discover we have collected data from a child without appropriate consent, we will delete it immediately.

11. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes by email or through a notice on the platform. The last update date is shown at the top of this document.

12. Contact

If you have questions about this policy or wish to exercise your rights, contact us at: