Privacy Policy

Last updated: April 25, 2026

1. Information We Collect

When you create an account, we collect your name, email address, and password (hashed with bcrypt — we never store plaintext passwords). If you sign in with Google or GitHub, we receive your name, email, and profile picture from that provider.

During onboarding, we ask about your background, goals, weekly time available, English self-rating, and a short open-text response about why you want to learn cloud engineering. This information helps us personalize your learning path. The open-text response is processed by our AI to recommend a starting point — it is not shared with anyone outside CloudPath.

When you use the platform, we collect learning activity data including lessons completed, quiz scores, time spent, XP earned, and your AI tutor conversation history (last 50 messages, for context continuity).

When you make a payment, Stripe processes your payment information directly. We receive a subscription status and customer ID from Stripe but never see or store your card number.

2. How We Use Your Information

  • To provide and operate the CloudPath Academy platform
  • To personalize your learning path and Ask Atlas responses
  • To send transactional emails (welcome, password reset, certificates)
  • To send occasional product updates and educational content (you can unsubscribe at any time)
  • To display anonymized progress data in community activity feeds (your name may appear, e.g. "Alex completed a lesson")
  • To improve the platform through aggregate analytics

3. Ask Atlas and Chat Data

Messages you send to Ask Atlas are processed by Anthropic's Claude API to generate responses. We do not permanently store your chat history beyond your current browser session. Anthropic's privacy policy governs how they handle API data.

4. Data Sharing

We do not sell your personal data. We share data only with the following service providers to operate the platform:

  • Stripe — payment processing
  • Anthropic — Ask Atlas responses
  • AWS — hosting and infrastructure
  • Resend — transactional email delivery

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where required by law (e.g. billing records).

6. Your Rights

You have the right to access, correct, or delete your personal data. You may also request a copy of your data in a portable format. To exercise these rights, email us at admin@cloudpathportal.com.

If you are in the EU or UK, you have additional rights under GDPR/UK GDPR, including the right to object to processing and the right to lodge a complaint with your supervisory authority.

7. Cookies

We use only essential cookies necessary for the platform to function:

  • Authentication session (NextAuth) — keeps you logged in. Cleared on logout.
  • CSRF token — protects forms from cross-site request forgery.
  • Stripe checkout session — set only during the payment flow by Stripe.

We do not use advertising, tracking, or analytics cookies. We do not share cookie data with third parties.

8. Children's Privacy

CloudPath Academy is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you are in the EU/EEA or UK, the minimum age is 16 (or the lower digital-consent age set by your member state). If we discover we have collected data from a user below the applicable age, we will delete it. Parents who believe we may have collected their child's data should email admin@cloudpathportal.com.

9. California Residents (CCPA/CPRA)

If you are a California resident, you have the right to: (a) know what personal information we collect, use, and share; (b) request deletion of your personal information; (c) correct inaccurate personal information; (d) opt out of any sale or sharing of personal information — we do not sell or share personal information for cross-context behavioral advertising; (e) be free from discrimination for exercising these rights. To exercise these rights, email admin@cloudpathportal.com.

10. Data Residency & International Transfers

Your data is stored on AWS infrastructure in the United States (us-east-1 region). If you access CloudPath from outside the US, your data is transferred to and processed in the US. We rely on Standard Contractual Clauses (where applicable) for transfers from the EU/UK. Sub-processors (Stripe, Anthropic, AWS, Resend, IONOS) may process limited data in their own regions per their respective privacy policies.

11. Security

We use HTTPS for all data transmission, bcrypt for password hashing, IAM least-privilege access controls on infrastructure, and follow AWS security best practices. No system is 100% secure — if you discover a vulnerability, please contact us at admin@cloudpathportal.com and we will investigate promptly.

12. Changes to This Policy

We may update this policy from time to time. We will notify you by email of material changes at least 30 days before they take effect. Continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact

Questions about this policy or want to exercise your data rights? Email admin@cloudpathportal.com.

Terms of ServiceBack to Home