RichUx Academy
PathsPricingWork with RichSign InStart your free trial

Privacy Policy

Last updated: April 2026

1. Information We Collect

Account information: Email address, password (stored as a bcrypt hash — never in plaintext), display name, and username.

Profile information: Avatar photo, bio.

Learning data: Course progress, quiz scores, XP earned, and completed modules.

AI data: Conversation history with Ask Rich Ux and practice conversations, as well as project vault data.

Portfolio data: Images, descriptions, and project URLs you add to your portfolio.

Payment data: Payments are processed by Stripe. We store your Stripe customer ID but never your credit card number.

Usage data: Pages visited, features used, and session duration, collected via PostHog analytics.

Device data: Browser type, operating system, and IP address.

2. How We Use Your Data

  • Provide and improve the learning experience
  • Personalize AI responses using your project vault context
  • Send transactional emails (welcome, password reset, billing notifications)
  • Send marketing emails (weekly digest, promotions) — you can opt out in your settings or via the unsubscribe link
  • Detect and prevent abuse (rate limiting by IP)
  • Measure advertising effectiveness and serve relevant ads via Meta Pixel and Google Ads remarketing
  • Generate aggregate analytics (never sold to third parties)

3. Third-Party Services & Data Sharing

We use the following third-party services to operate the platform:

  • Stripe— Payment processing. Stripe's privacy policy applies to your payment data.
  • SendGrid — Email delivery. Receives your email address and name.
  • Cloudflare R2 — Stores your uploaded files (avatars, portfolio images).
  • Vimeo — Video hosting. Vimeo may set cookies when you watch embedded videos.
  • Anthropic (Claude)— AI model provider. Your conversation messages are sent to their API for processing. We use their API tier — your data is not used to train their models. See Anthropic's usage policy for details.
  • Pinecone — Stores vector embeddings of course content for search functionality. Does not store your personal data.
  • PostHog — Analytics. Collects anonymized usage data.
  • Vercel — Hosting. Standard server logs.
  • Google Calendar — Events display only. No user data is shared with Google Calendar.
  • Meta (Facebook/Instagram) — We use the Meta Pixel for ad conversion tracking and to build remarketing audiences. Meta may collect data about your visit (pages viewed, actions taken) and match it to your Facebook or Instagram profile to serve relevant ads. See Meta's Data Policy for details.
  • Google Ads— We use Google Ads conversion tracking and remarketing tags. Google may collect data about your visit and use cookies to show you ads on other websites. See Google's Privacy Policy. You can opt out of personalized ads at adssettings.google.com.

We do not sell your personal data to any third party.

4. Cookies

  • Session cookie (NextAuth) — Required for authentication.
  • Onboarding cookie — Stores questionnaire answers temporarily during onboarding.
  • Theme preference — Stored in localStorage (not a cookie).
  • PostHog — May set analytics cookies.
  • Meta Pixel — Sets cookies to track conversions and build ad audiences. These cookies may persist across sessions.
  • Google Ads / gtag.js— Sets cookies for conversion tracking and remarketing. You can opt out via Google's ad settings.

Third-party advertising cookies are used to measure the effectiveness of our ads and to show you relevant ads on other platforms. You can manage cookie preferences in your browser settings.

5. Data Retention

  • Account data: Retained while your account is active. Deleted upon request.
  • AI conversations: Retained while your account is active. You can delete individual conversations at any time.
  • Learning progress: Retained while your account is active.
  • Payment records: Retained as required by law (typically 7 years for financial records).

6. Your Rights

  • Access your data (available in your profile and settings)
  • Export your project vault data (markdown export)
  • Delete your account and associated data — email rich@richux.com
  • Opt out of marketing emails (settings or unsubscribe link)

For EU/UK users (GDPR): You have additional rights including data portability and the right to object to processing. Contact us at rich@richux.com to exercise these rights.

7. Data Security

  • Passwords are hashed with bcrypt
  • All data is transmitted over HTTPS
  • Database is hosted on Neon with encryption at rest
  • File storage on Cloudflare R2 with access controls

8. Children

This platform is intended for users 18 years of age and older. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us and we will promptly delete the account.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you via email of any material changes. Continued use of the platform after changes are posted constitutes your acceptance of the revised policy.

10. Contact

If you have questions about this Privacy Policy, contact us at rich@richux.com.