Privacy Policy
Last updated: March 31, 2026
1. Data Controller
LeoWegner is the data controller responsible for your personal data. For contact details, see our Imprint.
2. What Data We Collect
We collect the following personal data:
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Account login, password recovery, communication | Contract performance (Art. 6(1)(b) GDPR) |
| Name (first, last) | Profile display, personalization | Contract performance (Art. 6(1)(b) GDPR) |
| Username | Unique account identifier | Contract performance (Art. 6(1)(b) GDPR) |
| Date of birth (optional) | Age verification | Consent (Art. 6(1)(a) GDPR) |
| Learning progress | Track course completion, time spent, quiz scores | Legitimate interest (Art. 6(1)(f) GDPR) |
| Quiz answers | Assess knowledge, provide feedback | Legitimate interest (Art. 6(1)(f) GDPR) |
| Course reviews | Community feedback, course improvement | Consent (Art. 6(1)(a) GDPR) |
3. AI-Generated Content & Data Processing
LeoWegner uses artificial intelligence (Anthropic Claude) to generate course content including lessons, quizzes, flashcards, and exercises. Your learning behavior data (quiz scores, completion rates, time spent) may be used in aggregated, anonymized form to improve future AI-generated content.
No automated decisions with legal effect are made about you based on this data (Art. 22 GDPR). All AI-generated content is reviewed and approved before publication.
4. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude AI) | Course content generation | Aggregated, anonymized learning analytics |
| jsDelivr CDN | Deliver CSS/JS frameworks (Bootstrap) | IP address (via CDN request) |
| Cloudflare CDN | Deliver icons (Font Awesome) | IP address (via CDN request) |
5. Data Retention
We retain your personal data for as long as your account is active. Upon account deletion, all personal data is permanently removed within 30 days. Anonymized, aggregated analytics data may be retained indefinitely for service improvement.
6. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access — View all personal data we hold about you
- Rectification — Correct inaccurate personal data via your profile
- Erasure — Delete your account and all associated data
- Data Portability — Download your data in a machine-readable format (JSON)
- Object — Object to processing based on legitimate interest
- Withdraw Consent — Withdraw consent at any time for consent-based processing
Log in to exercise your data rights.
7. Data Security
We protect your data with:
- HTTPS encryption for all data in transit
- Passwords hashed using PBKDF2-SHA256 with 870,000 iterations
- CSRF protection on all forms
- HTTP Strict Transport Security (HSTS)
- Clickjacking protection (X-Frame-Options: DENY)
8. Data Breach Notification
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (Art. 33 GDPR). If the breach poses a high risk to your rights and freedoms, we will also notify you directly (Art. 34 GDPR).
9. Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority. If you are in the EU, you can contact your local authority. A list of authorities can be found at: edpb.europa.eu
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify registered users of significant changes via email. Continued use of the platform after changes constitutes acceptance of the updated policy.