Privacy policy

Last updated: December 2025

What we collect

We collect information you provide directly: your email address when you create an account, the learning goals you describe, and your progress through paths.

If you upload documents (such as PDFs or text files) to personalize your learning experience, we store those files securely to provide context for your paths.

We also collect basic usage data to improve the product: pages visited, features used, and performance metrics. We use cookies for authentication and remembering your preferences.

How we use your data

Your learning goals, uploaded documents, and feedback are used to create and personalize paths. We process this data through AI services to generate context, explanations, and resource recommendations.

We do not use your data to train AI models. Your content is processed to generate responses but is not retained by AI providers for model training.

We use aggregated, anonymized data to improve our service and understand how people learn. We never sell your personal information.

Team workspaces

If you join a team workspace, certain data is shared with team members: paths you create with team visibility, shared documents, and your display name. Team administrators can see team-wide usage.

Your personal paths (private or public) and profile documents remain private unless you explicitly share them with your team.

Data storage and security

Your data is stored securely using industry-standard encryption, with data encrypted at rest and in transit. Uploaded documents are stored in secure cloud storage with access controls. You can delete your documents at any time from your account settings.

For details on our security practices and infrastructure, see our Security page.

Third-party services

We use third-party services for database hosting, authentication, payment processing, AI content generation, analytics, and integrations. All our infrastructure providers are SOC 2 Type II certified.

For a complete list of vendors and their security certifications, see our Security page.

Data retention

We retain your account data while your account is active. If you delete your account, we remove your personal data within 30 days, except where we're required to retain it for legal or compliance purposes. Anonymized analytics data may be retained indefinitely.

Your rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Opt out of non-essential analytics

For data requests or questions about this policy, contact us at privacy@guideframe.com.

International transfers

Your data may be processed in countries outside your own. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.

Changes to this policy

We may update this policy as our practices evolve. Significant changes will be communicated via email or in-app notification. Your continued use of Guideframe after changes constitutes acceptance.