Privacy Policy
Effective Date: March 27, 2026
Welcome to AItrain.you (the "Platform"), operated by YC INTELLIGENCE, SAS ("we", "us", "our"). We respect your privacy and are committed to protecting the personal data you share with us. This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and what rights you have.
By using the Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform.
1. Data Controller
The data controller responsible for your personal data is:
YC INTELLIGENCE
Société par Actions Simplifiée (SAS) au capital de 1 000 €
200 rue de la Croix Nivert, 75015 Paris, France
SIREN : 999 632 250 · SIRET : 999 632 250 00018
TVA : FR45999632250 · RCS Paris
Présidente : Yasmine Mamoun
Email : hello@aitrain.you
For any data protection inquiries, you may contact our Data Protection Officer at dpo@aitrain.you.
2. Data We Collect
We collect the following categories of personal data:
| Category | Data Collected | Source |
|---|---|---|
| Account Data | Name, email address, hashed password, language preference | Provided by you at registration |
| Social Sign-In Data | Name, email address, profile picture URL | Google, Apple, or GitHub (if you choose social sign-in) |
| Payment Data | Billing name, billing address, last 4 digits of card, transaction ID | N/A (service is free, no payment data collected) |
| Usage Data | Pages visited, features used, course progress, exercise responses | Collected automatically via local storage and server logs |
| Device Data | Browser type, operating system, screen resolution, IP address | Collected automatically |
| Communication Data | Support requests, feedback, course votes | Provided by you |
Data we do NOT collect: We do not collect biometric data, geolocation data, contacts, files from your device, or any data from third-party accounts beyond what is listed above.
3. How We Use Your Data
We use your personal data for the following purposes:
- Account management — to create and maintain your account and authenticate your identity
- Service delivery — to provide access to courses, track your progress, deliver certificates, and process course requests and votes
- Communication — to send you important account notifications (subscription changes, new features, password resets) and respond to support requests
- Product improvement — to analyze aggregate, anonymized usage patterns and improve our courses and platform
- Legal compliance — to comply with applicable laws, regulations, and legal obligations
- Security — to detect and prevent fraud, abuse, and security incidents
We do not use your data for advertising, profiling, or automated decision-making.
4. Legal Bases for Processing
Under the GDPR, we process your data based on the following legal bases:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Account creation and management | Performance of a contract (Art. 6(1)(b)) |
| Service delivery and course access | Performance of a contract (Art. 6(1)(b)) |
| Payment processing | Performance of a contract (Art. 6(1)(b)) |
| Account notifications and support | Legitimate interest (Art. 6(1)(f)) |
| Product improvement (anonymized analytics) | Legitimate interest (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
5. Cookies & Local Storage
We use minimal cookies and local storage. We do not use tracking cookies, analytics cookies, or advertising cookies.
| Name | Type | Purpose | Duration |
|---|---|---|---|
auth_token |
Cookie | Authentication — keeps you signed in | 30 days |
lang |
Cookie | Language preference | 1 year |
course_progress |
Local Storage | Stores completed lessons and exercise answers locally on your device | Persistent (until cleared) |
theme |
Local Storage | Dark/light mode preference | Persistent (until cleared) |
Course progress data stored in local storage stays on your device and is not transmitted to our servers unless you explicitly choose to sync it.
6. Data Sharing & Third Parties
We do not sell your personal data. We share data only with the following third-party service providers, strictly for the purposes described:
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Stripe | Payment processing | Billing name, email, payment method details | stripe.com/privacy |
| Social sign-in (optional) | Name, email | policies.google.com/privacy | |
| Apple | Social sign-in (optional) | Name, email | apple.com/legal/privacy |
| GitHub | Social sign-in (optional) | Name, email | github.com/privacy |
We do not use Google Analytics, Facebook Pixel, or any advertising trackers. We may disclose your data if required by law, court order, or governmental authority.
7. International Data Transfers
YC INTELLIGENCE, SAS is based in France. Your data is primarily stored on servers located in the European Union.
When data is transferred outside the EU/EEA (for example, to Stripe's US-based servers for payment processing), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- EU-U.S. Data Privacy Framework certification (where applicable)
- Adequacy decisions by the European Commission for transfers to countries deemed to provide adequate protection
You may request information about the specific safeguards in place by contacting us at dpo@aitrain.you.
8. Data Retention
We retain your personal data only as long as necessary for the purposes described in this policy:
| Data Category | Retention Period |
|---|---|
| Account data | As long as your account is active, plus 30 days after deletion request |
| Payment records | 7 years (French tax and accounting obligations) |
| Support communications | 2 years after last interaction |
| Server logs (IP, device data) | 12 months |
| Anonymized analytics | Indefinitely (not personal data) |
| Local storage (course progress) | Controlled by you — stays on your device until you clear it |
When you delete your account, we remove all personal data within 30 days, except where retention is required by law.
9. Data Security
We implement industry-standard technical and organizational measures to protect your data, including:
- Encryption in transit — all communications use HTTPS/TLS encryption
- Encryption at rest — sensitive data is encrypted on our servers
- Password hashing — passwords are hashed using bcrypt (never stored in plain text)
- JWT authentication — tokens with expiration for secure session management
- Access controls — strict role-based access to personal data within our team
- No card storage — we never store full payment card numbers on our servers
- Regular audits — periodic security reviews and vulnerability assessments
Despite our best efforts, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@aitrain.you.
10. Your Rights (GDPR)
If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):
- Right of access (Art. 15) — obtain a copy of your personal data
- Right to rectification (Art. 16) — correct inaccurate or incomplete data
- Right to erasure (Art. 17) — request deletion of your personal data ("right to be forgotten")
- Right to restriction (Art. 18) — restrict processing of your data in certain circumstances
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
- Right to object (Art. 21) — object to processing based on legitimate interest
- Right to withdraw consent (Art. 7(3)) — withdraw consent at any time for consent-based processing
- Right to lodge a complaint — with your local supervisory authority (in France: CNIL)
To exercise any of these rights, contact us at dpo@aitrain.you. We will respond within 30 days.
11. California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to know — what personal information we collect, use, disclose, and sell
- Right to delete — request deletion of your personal information
- Right to opt-out of sale — we do not sell your personal information
- Right to non-discrimination — we will not discriminate against you for exercising your rights
- Right to correct — correct inaccurate personal information
- Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined under CPRA
To exercise your CCPA/CPRA rights, contact us at hello@aitrain.you. We will verify your identity before processing your request and respond within 45 days.
12. Other Jurisdictions
United Kingdom (UK GDPR)
If you are located in the United Kingdom, you have equivalent rights under the UK GDPR. The supervisory authority is the Information Commissioner's Office (ICO).
Canada (PIPEDA)
If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access, correct, and withdraw consent for the use of your personal information. Contact us at hello@aitrain.you to exercise these rights.
Australia (Privacy Act 1988)
If you are located in Australia, you have rights under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
Brazil (LGPD)
If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including the right to access, correct, delete, and port your personal data. The supervisory authority is the ANPD (Autoridade Nacional de Proteção de Dados).
13. Children's Privacy
AItrain.you offers courses designed for children aged 8 and above. These courses are intended to be used under parental supervision.
- We do not knowingly collect personal data from children under 13 (or under 16 in the EEA) without verifiable parental consent.
- If a parent or guardian creates an account for a child, the parent is responsible for the child's use of the Platform and for providing consent.
- We do not serve advertising to children or use children's data for profiling.
If you believe a child has provided us with personal data without parental consent, please contact us at hello@aitrain.you and we will promptly delete the data.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will update the "Effective Date" at the top of this page.
- We will notify you via email at the address associated with your account.
- We may display a notice on the Platform.
Your continued use of the Platform after the changes take effect constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you may delete your account.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can reach us at:
- General inquiries: hello@aitrain.you
- Data protection: dpo@aitrain.you
- Security issues: security@aitrain.you
YC INTELLIGENCE, SAS
France
We aim to respond to all inquiries within 30 days.