Last updated: April 2026
Leora ("we", "us", "our") is the data controller responsible for your personal data. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and applicable Italian data protection law.
We collect the following categories of personal data:
Account data: full name, email address, password (encrypted), role (student/teacher), profile photo.
Academy data (Teachers): academy name, bio, headline, logo, brand color.
Course data: uploaded content (PDFs, videos, images), course titles, descriptions.
Usage data: lesson progress, quiz results, AI tutor interactions.
Payment data: processed by Stripe. We do not store credit card numbers or bank account details. We store Stripe account IDs and transaction records.
Technical data: IP address, browser type, device information, collected automatically through cookies.
We process your data for the following purposes: providing and operating the Platform; processing payments through Stripe; generating AI-powered tutoring, quizzes, and subtitles; sending transactional emails (welcome, receipts); improving the Platform and user experience; complying with legal obligations.
We process your data based on: contract performance (providing the service you signed up for); legitimate interest (improving the Platform, fraud prevention); consent (marketing communications, cookies); legal obligation (tax records, compliance).
We share data with the following third-party services, which have their own privacy policies:
Supabase — database and authentication hosting.
Stripe — payment processing. Stripe is PCI-DSS compliant.
Anthropic — AI processing for tutoring and quizzes. Course content is sent to Anthropic's API for processing.
Voyage AI — text embeddings for content search.
Resend — transactional email delivery.
Course content uploaded by Teachers is processed by AI services (Anthropic, Voyage AI) to power features like the AI Tutor, automatic quiz generation, transcription, and image analysis. Student questions to the AI Tutor are also processed by these services. We do not use your content to train AI models.
We retain your data for as long as your account is active. When you delete your account, we delete your personal data within 30 days. We may retain anonymized usage data for analytics. Transaction records are retained as required by Italian tax law (minimum 10 years).
Under GDPR, you have the right to: access your personal data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict processing; data portability; object to processing; withdraw consent at any time. To exercise these rights, contact us at privacy@Leora.app. We will respond within 30 days.
Some of our service providers (Anthropic, Stripe, Supabase) may process data outside the EU/EEA. These transfers are protected by Standard Contractual Clauses or adequacy decisions as required by GDPR.
We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews.
The Platform is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us immediately.
We may update this Privacy Policy from time to time. We will notify users of material changes via email. Continued use of the Platform constitutes acceptance of the updated policy.
For privacy-related inquiries: privacy@Leora.app. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).