What we collect, why, and what you control.

Information we collect

We collect data to provide and improve our services

Account & identity:

Name, email, role (student or educator), and authentication tokens stored via the API auth flow.

Course activity:

Enrollments, module progress, quiz attempts, assignment submissions, cohort attendance, and certificates issued.

Content & uploads:

Media you store through the curriculum builder (videos, PDFs, lesson assets) along with metadata such as duration and file size.

Billing & payouts:

Purchase history, pricing, revenue share, and payout accounts configured inside the educator dashboard.

Device & diagnostics:

Cookies, IP addresses, and API logs that help us secure accounts, debug errors, and maintain service performance.

Phone & messaging preferences:

Phone number (optional), country code, and your choices for receiving WhatsApp live-class reminders, SMS fallbacks, and course updates. Provided only when you opt in.

Push notification tokens:

When you install our mobile app or enable browser push, we store an FCM/Expo token, your platform (iOS, Android, or web), and a device label so we can deliver class reminders, chat alerts, and order updates. You can disable notifications at any time from system settings.

Live class audio, video & chat:

Live sessions are powered by Daily.co. Your camera, microphone, and screen-share streams are routed through Daily.co only while you are in a session, and recordings are stored on our AWS S3 bucket only when the educator enables recording. In-call chat messages are processed by Daily.co for the duration of the session.

In-app messages & community:

Chat messages, attachments (images, files) you share in course discussions, mentorship conversations, and reactions. We never sell or share these with advertisers.

AI features (voice & avatar):

If you choose to clone your voice or generate an AI avatar, audio and image samples you submit are sent to our AI processors (HeyGen and D-ID) to produce your custom voice or avatar, and the resulting media is stored on our infrastructure. You can delete your custom voice or avatar from your educator settings at any time.

AI assistance for course content:

When you use the AI Course Wizard, AI tutor, or quiz auto-grading, the text you submit is sent to OpenAI or AWS Bedrock for processing under our enterprise agreements; these processors do not train their models on your data.

Educator payout details:

Educators who receive payouts provide bank account details, routing information, and tax identifiers (e.g., BVN/TIN) needed to disburse earnings. This data is stored encrypted and shared only with our payment processors.

Accessibility preferences (sensitive):

If you complete the accessibility setup, your self-reported vision, hearing, motor, and screen-reader needs are stored to personalize the interface. This is sensitive data, we never share it and you can clear it from settings.

Marketing attribution:

When you arrive via a referral link or marketing campaign, we capture UTM parameters and referral codes in your session so educators can credit referrers and we can measure campaign effectiveness.

How we use your information

Your data powers your learning experience

Deliver experiences:

Personalize dashboards, resume lessons, issue certificates, and power live sessions through the educator console.

Operate the platform:

Process transactions, calculate payouts, send cohort reminders, and run analytics visible on educator and student dashboards.

Improve LearnKasts:

Aggregated analytics and feedback from feature usage (e.g., curriculum builder, assignments, help center) guide product decisions.

Protect the community:

Detect fraud, enforce community guidelines, and comply with legal requests related to course content or financial activity.

Communicate with you:

Send system alerts, onboarding tips, release notes, and support responses when you open a ticket or contact us.

Your controls & security

You're in control of your data

Account settings:

Update profile details, change roles, and manage notification preferences from your dashboard.

Data exports & deletion:

Educators can export course data; learners can request account deletion. We retain only what is required for compliance (e.g., payouts, tax records).

Media ownership:

Educators control their uploads. We store them securely via the storage services configured in this codebase (e.g., S3 storage drivers).

Security practices:

API tokens, session cookies, and Livewire state are protected with HTTPS, server-side validation, and activity logs maintained in the analytics services.

Contact support:

Reach us via the contact page for privacy questions or to exercise your data rights.

Third-party processors

Services that help us run LearnKasts

Paystack, payment processing

Card and bank details are entered on Paystack-hosted checkout. We receive only transaction references, status, and the last 4 digits of cards.

Daily.co, live video classrooms

Real-time audio/video, in-call chat, and recording when enabled by an educator.

HeyGen and D-ID, AI avatar & voice generation

Voice samples and reference photos used to create your custom avatar or voice.

OpenAI and AWS Bedrock, AI text generation

AI Course Wizard, tutor responses, automated quiz grading, and AI website-builder content. No training on your data.

Amazon Web Services (AWS S3, CloudFront)

File storage for course videos, lesson assets, recordings, and uploaded images, served via CDN.

Mailgun and MailerLite, email delivery

Transactional emails (password resets, receipts, course updates) and marketing automations.

Firebase Cloud Messaging and Expo, push notifications

Routing push notifications to your device.

Pusher, real-time updates

Live progress, chat presence, and notifications inside the app.

Google, single sign-on, Translate, Analytics

OAuth login (your Google account email and profile name), translation of UI strings, and aggregated traffic analytics.

Meta (Facebook) Pixel

Conversion tracking on marketing pages. You can opt out via the cookie banner.

Laravel Nightwatch, error & performance logs

Application error traces and request performance metrics for debugging.

Compliance & contact

How long we keep your data

Account data is kept while your account is active. After deletion we keep only what we are legally required to retain (financial records: 7 years; tax records: as required by Nigerian, EU, and US law). Anonymized analytics may be retained indefinitely.

International transfers

Our infrastructure is hosted on AWS regions that may be outside your country (e.g., us-east-1, eu-west-1). Where required, transfers are governed by Standard Contractual Clauses or equivalent safeguards.

Children & minors

LearnKasts is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13 (or 16 in some EU/UK jurisdictions). If we learn that we have collected data from a child below the applicable age, we will delete it. Parents and guardians may contact us to request review or deletion.

Legal bases (GDPR/NDPR)

We process your data based on: (a) the contract to deliver the courses you enrol in; (b) your consent for marketing emails, the AI avatar/voice features, and analytics cookies; (c) our legitimate interests in security, fraud prevention, and product improvement; and (d) legal obligations (tax, payouts, compliance requests).

Your rights

You may request access to, correction of, export of, or deletion of your personal data, and you may object to or restrict certain processing. Use the in-app data export and deletion tools, or email us at the address below.

Privacy contact (DPO)

Email privacy@learnkasts.com for any privacy request or complaint. We aim to respond within 30 days. You may also lodge a complaint with the Nigeria Data Protection Commission (NDPC) or your local supervisory authority.