Privacy Policy
This policy explains what personal data AI Architect Academy processes, why, the legal basis for each use, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR).
Who we are
AI Architect Academy is an early, in-development education product operated from the European Union (the Netherlands). The data controller responsible for your personal data is:
- Operator / data controller: Wibo van der Sluis, Amsterdam, Netherlands
- Business name: AI Architect Academy
- KvK (Dutch Chamber of Commerce) number: 50937782
- Contact: hello@aiarch.dev
What data we process, why, and the legal basis
We keep data collection to the minimum needed to run the course. The service currently has a single login account and does not yet take payments.
- Account and login. The email address used to log in and a signed session cookie that keeps you logged in. Legal basis: performance of a contract (providing you access to the course) and our legitimate interest in securing that access.
- Newsletter "notify me". The email address you submit to be told when new tracks ship. Legal basis: consent — you can withdraw it at any time by emailing us (see "Your rights" below).
- Learning activity. Your quiz attempts, mastery progress, and spaced-repetition (review-scheduling) state. We store this so the course can actually run — track what you've learned and schedule what to resurface. Legal basis: performance of a contract and our legitimate interest in delivering a working learning product.
- Server logs. Standard request metadata (such as IP address, timestamp, and the page or endpoint requested) generated by our hosting provider. Legal basis: our legitimate interest in the security and reliable operation of the service.
Who we share data with (subprocessors)
We do not sell your personal data. We share it only with the service providers needed to operate the platform:
- Cloudflare — hosting, edge delivery, and our D1 database. The application and your session run on Cloudflare Workers, and your account and learning data are stored in Cloudflare's D1 database.
- Anthropic — the AI coach feature. When the coach is enabled, the messages you send to it are transmitted to Anthropic's API to generate a response. This applies only when the coach feature is enabled.
International transfers
Some of our processors are based in the United States (for example, Anthropic). Where personal data is transferred outside the European Economic Area, those transfers rely on appropriate safeguards under the GDPR, such as the European Commission's Standard Contractual Clauses.
How long we keep it
- Account and learning data: kept while your account is active, or until you ask us to delete it.
- Newsletter email: kept until you unsubscribe or ask us to remove it.
- Server logs: retained only as long as needed for security and operational purposes, then discarded.
Your rights under the GDPR
You have the right to:
- Access the personal data we hold about you.
- Rectification — correct data that is inaccurate or incomplete.
- Erasure — ask us to delete your data ("right to be forgotten").
- Restriction — ask us to limit how we process your data.
- Data portability — receive your data in a portable, machine-readable form.
- Objection — object to processing based on our legitimate interests.
- Withdraw consent — where we rely on consent (for example, the newsletter), withdraw it at any time. Withdrawing consent does not affect processing that already took place.
To exercise any of these rights, email hello@aiarch.dev. We will respond within the timeframes required by law.
Complaints
If you believe we have mishandled your personal data, you have the right to lodge a complaint with the supervisory authority. In the Netherlands this is the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens. We'd appreciate the chance to resolve it directly first — please contact us at hello@aiarch.dev.
Changes to this policy
This is an early product and this policy may change as it grows — for example, when payments or new features are added. We will update the "Last updated" date above when we make material changes. Related reading: our Cookie Policy and Terms of Service.