← Back to Home

Privacy Policy

Last Updated: November 29, 2025

Cliffcore ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered learning platform.

Data Controller (GDPR)

The data controller responsible for your personal data is:

Tony Dang
Auenstraße 37
80469 Munich, Germany
Email: tonycliffcore@gmail.com

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name and email address (via Clerk authentication)
  • Profile picture (if provided)
  • Account preferences

1.2 Learning Data

As you use our platform, we collect:

  • Topics and subjects you choose to learn
  • Lesson completion and progress data
  • Practice problem responses and performance
  • Spaced repetition review history
  • Code edits made within lessons
  • Time spent on lessons

1.3 AI Processing Data

To generate personalized learning content, we send the following to third-party AI services:

  • Learning topic requests
  • Your indicated skill level and prerequisites
  • Lesson context for generating subsequent content

2. How We Use Your Information

We use your information to:

  • Generate personalized AI-powered learning curricula
  • Track your learning progress and mastery levels
  • Schedule and deliver spaced repetition reviews
  • Improve our AI models and content quality
  • Communicate with you about your account and updates
  • Ensure platform security and prevent abuse

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide you with our learning platform services
  • Legitimate Interests (Art. 6(1)(f)): Improving our services, preventing fraud, and ensuring security
  • Consent (Art. 6(1)(a)): Where you have given explicit consent for specific processing activities

4. Third-Party Services

We use the following third-party services:

  • Clerk - Authentication and user management
  • Convex - Database and backend infrastructure
  • Google Gemini - AI content generation
  • Vercel - Hosting and deployment

Each of these services has their own privacy policies governing their data handling practices.

5. AI-Generated Content

Important: All educational content on Cliffcore is generated by artificial intelligence systems. Your learning topic inputs are processed by AI services to create personalized lessons. While we do not share your personal identity with AI services, your learning context is used to generate relevant content.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes.

7. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Request correction of inaccurate data
  • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to Restriction (Art. 18): Request restriction of processing
  • Right to Data Portability (Art. 20): Receive your data in a machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent (Art. 7): Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at tonycliffcore@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In Germany, this is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) or your local data protection authority.

8. Data Security

We implement industry-standard security measures including:

  • Encrypted data transmission (HTTPS)
  • Secure authentication via Clerk
  • Access controls and authentication for our backend
  • Regular security audits

9. Children's Privacy

Our service is not intended for children under 16 (in accordance with GDPR requirements in Germany). We do not knowingly collect personal information from children under 16.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers (Clerk, Convex, Vercel, Google) operate. These transfers are protected by:

  • EU-US Data Privacy Framework (where applicable)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: tonycliffcore@gmail.com
Address: Auenstraße 37, 80469 Munich, Germany