Skip to main content
AIER
Back to homepage
Legal

Privacy Policy

AIErudit — AI Education for Business Professionals processes personal data to authenticate users, deliver courses, handle payments, operate business workspaces, power optional AI-assisted study features, and meet legal obligations. This notice explains what we collect, why we use it, and how rights requests work.

Last updated: April 21, 2026

1. Controller and scope

The controller for the consumer platform is the operator identified at the foot of this page — Vitali Bibikov, a Polish sole proprietor (JDG) registered in CEIDG (NIP 5213977371, REGON 522636099), operating AIErudit from Warsaw, Poland. Privacy requests can be sent to privacy@aierudit.com. See the Operator and contracting party block below for the full registered address and electronic delivery details.

This policy covers visitors, registered learners, buyers, workspace members, team administrators, support requesters, and creator applicants or creators to the extent we act as the controller for that interaction. If a signed enterprise agreement or data processing addendum says otherwise for a specific business deployment, that document will govern that deployment.

We have not publicly appointed a Data Protection Officer at this time. If that changes, the DPO contact will be published here.

2. Categories of personal data

CategoryRepresentative examples
Account and profile dataName, email address, company, job title, language, profile settings, verification state
Authentication and security dataPassword hash, OAuth identifiers, session metadata, MFA state, device or login-risk signals
Learning and certification dataEnrollments, progress, quiz answers, scores, achievements, certificates, learning history
Payments and transaction dataPurchase type, amount, currency, Stripe transaction identifiers, refund status, invoice metadata
Support and communicationsMessages, contact forms, creator or sales inquiries, support history, attachments you send us
Device, usage, and preference dataBrowser, IP-derived region, logs, cookie/storage identifiers, language and UI preferences
AI feature inputs and outputsPrompts, attached context, selected model lane, generated responses, moderation or safety metadata

3. Purposes and legal bases

PurposeTypical legal basis
Create accounts, provide courses, issue certificates, and operate paid accessContract performance
Process payments, refunds, taxes, bookkeeping, and compliance recordsLegal obligation and contract performance
Protect the platform, investigate abuse, secure accounts, and prevent fraudLegitimate interests and, where required, legal obligation
Answer support requests, sales inquiries, and creator operations requestsContract performance and legitimate interests
Run optional analytics or consent-based measurement toolsConsent where required
Improve products, documentation, and learning quality using de-identified or limited internal dataLegitimate interests

4. Team, employer, and admin visibility

If you use a team, company, school, or other sponsored workspace, the workspace owner and delegated administrators may be able to see information needed to manage the workspace. That may include your business contact identity, seat status, enrollment state, learning progress, completion status, and certificate status inside that workspace.

We do not intentionally expose your password, raw payment card details, or private authentication secrets to workspace admins. Admin visibility is shaped by the product design, the applicable customer relationship, and mandatory law.

5. Providers, disclosures, and transfers

We share personal data with service providers only where reasonably needed to operate the platform, such as infrastructure hosts, email delivery vendors, authentication providers you choose, payment processors, optional analytics providers, and AI model providers when you actively use AI features.

When analytics consent is granted, we use the following providers for product measurement: Google Analytics 4 for web traffic attribution; Mixpanel (operated from the EU region atapi-eu.mixpanel.com) for funnel, retention, and revenue dashboards; and MaxMind GeoLite2-Country, used server-side, to convert your IP address into a two-letter country code so geographic dashboards can be computed without sending the IP itself to Mixpanel. We do not send your email address, full name, or message content to Mixpanel; we send a numeric account identifier and the events you triggered while using the product. Mixpanel data is retained at the project default and can be reset by request.

For abuse prevention, protected forms may use Google reCAPTCHA to assess whether a request is likely to come from a person. The backend verifies short-lived tokens server-side and checks action and hostname binding. We use this for security and fraud prevention, not for advertising or product analytics.

We may also disclose data to professional advisers, auditors, counterparties in a business transfer, or competent authorities when required by law, to enforce rights, or to protect users and the platform.

Our primary infrastructure is intended to run in the EU, but some providers may process data in the United States or other countries. Where cross-border transfers require safeguards, we rely on adequacy decisions, Standard Contractual Clauses, or another approved transfer mechanism.

We do not currently state that we sell personal data for money. We also do not currently run a public-site advertising stack designed around cross-context behavioral advertising. If that changes, this notice will be updated before or when the practice changes.

6. Retention and security

We keep personal data only for as long as needed for the purposes described above, including legal, accounting, anti-fraud, and dispute-handling needs. Different categories have different retention periods. For example, learning records may remain attached to an active account, payment records may be retained for tax and audit purposes, and security logs are typically kept for shorter operational windows.

When an account is deleted, admin audit records keep stable event evidence such as the user id, anonymized subject label, actor, time, and reason, but they do not retain the deleted account's original email address or username in event metadata.

We use technical and organizational safeguards appropriate to the service, including access controls, password hashing, transport encryption, logging, and operational review. No system is perfectly secure, and we cannot guarantee absolute security.

7. Rights and choices

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or port certain personal data, and to withdraw consent where processing relies on consent. We may need to verify your identity before completing a request.

Some rights can be exercised through self-service product tools. For example, the account area supports export and deletion-related flows, and cookie preferences can be managed through the Cookie Policy controls and footer settings entry point.

If you are in the EEA, UK, or another jurisdiction with similar rights, you can also complain to your local supervisory authority. For Poland, that is the President of the Personal Data Protection Office (UODO).

8. California notice, complaints, and contact

California residents may have rights to know, access, delete, correct, and limit certain uses of personal information under California privacy law, subject to statutory exceptions. To make a request, email privacy@aierudit.com.

Our public site does not currently claim to respond to browser Do Not Track signals in a standardized way. Instead, we offer cookie settings, browser controls, and account-level choices where available.

For general support, contact support@aierudit.com. For privacy questions, complaints, or rights requests, contact privacy@aierudit.com.

AIErudit is not directed to children under 18. If you believe a minor provided personal data in violation of this policy, contact us so we can review and act.

9. Cookies and tracking

We use essential cookies and similar storage to keep users signed in, protect sessions, remember consent choices, and maintain core platform reliability. Protected forms may also load Google reCAPTCHA for abuse prevention. Optional analytics or measurement tools are only enabled where required consent has been collected.

Cookie identifiers may store items such as session tokens, localization preferences, dismiss-state flags, and consent choices. For a fuller breakdown of current cookies, retention windows, and opt-out controls, see the Cookie Policy.

You can review or change optional cookie settings from the footer preferences entry point at any time. Browser-level controls can also block or delete cookies, although doing so may affect login, checkout, and lesson playback behavior.

Operator and contracting party

AIErudit is operated as a Polish sole proprietorship (JDG). The operator is the contracting party for every paid course, bundle, team workspace, and creator account on the platform.

Legal trader name
VITALI BIBIKOV
Legal form
JDG (Polish sole proprietorship)
Tax ID (NIP)
5213977371
Statistical number (REGON)
522636099
Registered business address
ul. Białej Koniczyny 5/1602-757 WarszawaPolska
Electronic delivery address (e-Doręczenia)
AE:PL-58782-70360-GUJTH-29
Primary registered activity
62.10.B — Pozostała działalność w zakresie programowania
Public CEIDG record
CEIDG.gov.pl
Legal notices and contact
privacy@aierudit.com