Privacy Policy

We collect personal data through three channels: information you provide directly, information collected automatically, and information from third-party integrations.

• Account and contact data — name, email address, company name, job title, and any other details you provide through forms, waitlist signups, or direct communication.
• Payment and billing data — billing address, VAT identification number, and payment method details. Card numbers are processed and stored exclusively by our payment processor (Stripe) and never touch our servers.
• Source material — documents, files, or content you upload for processing by the SILKLEARN platform. This content remains yours and is processed solely to deliver the service.
• Usage and technical data — IP address, browser type and version, operating system, referring URL, pages visited, session duration, and interaction events collected through analytics tooling.
• Communication data — messages, support requests, and feedback submitted through in-app chat (Intercom), email, or other communication channels.
• Cookie and tracking data — identifiers set by essential and analytics cookies as described in Section 6.

We process personal data only for specific, stated purposes. The following maps each purpose to its GDPR legal basis.

• Service delivery (account creation, learning path generation, billing) — Legal basis: performance of a contract (Art. 6(1)(b)).
• Waitlist management and early-access onboarding — Legal basis: consent (Art. 6(1)(a)), withdrawable at any time.
• Product analytics and performance monitoring (PostHog, Google Analytics) — Legal basis: legitimate interest (Art. 6(1)(f)) in improving the service, balanced against your privacy rights.
• Customer support and communication (Intercom) — Legal basis: legitimate interest (Art. 6(1)(f)) or contract performance (Art. 6(1)(b)) depending on context.
• Marketing communications and product updates — Legal basis: consent (Art. 6(1)(a)), withdrawable at any time via the unsubscribe link in every message.
• Billing, invoicing, and tax compliance — Legal basis: legal obligation (Art. 6(1)(c)) under Portuguese and EU tax law.
• Fraud prevention and security — Legal basis: legitimate interest (Art. 6(1)(f)) in protecting the service, our users, and our business.

SILKLEARN uses artificial intelligence to process source material you submit and generate dependency-ordered learning paths. This processing is performed solely to deliver the service you requested and is governed by the contract between you and SILKLEARN.

We do not use your personal data or uploaded content for profiling, automated individual decision-making with legal or similarly significant effects, or training general-purpose AI models. Your source material is processed to produce your learning paths and is not shared with or used by other customers.

We share personal data with the following categories of third-party service providers, each of which processes data on our behalf under contractual obligations consistent with GDPR requirements.

• Vercel Inc. — hosting, deployment, and content delivery (United States).
• Stripe Inc. — payment processing and billing (United States, certified under EU-US Data Privacy Framework).
• PostHog Inc. — product analytics (EU-hosted instance where available, otherwise United States).
• Google LLC — website analytics via Google Analytics (United States, operating under Standard Contractual Clauses).
• Intercom Inc. — customer messaging and support (United States).
• Sanity AS — content management system for editorial content (Norway / EU).
• Infrastructure database providers — PostgreSQL hosting for operational data (region depends on deployment).

We use cookies and similar technologies on the site. Essential cookies (session management, security) are placed without consent as they are strictly necessary for the site to function. Analytics and marketing cookies are placed only after you provide consent through our cookie banner.

You can withdraw cookie consent at any time by clearing your browser cookies or adjusting your preferences through the cookie settings accessible on the site. Disabling analytics cookies does not affect your ability to use the service.

Some of our subprocessors are located outside the European Economic Area (EEA), primarily in the United States. Where data is transferred outside the EEA, we rely on one or more of the following safeguards: the European Commission adequacy decisions, Standard Contractual Clauses (SCCs) approved by the European Commission, or the EU-US Data Privacy Framework certification of the receiving party.

You may request a copy of the applicable transfer safeguards by contacting privacy@silklearn.io.

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected. Specific retention periods are as follows.

• Account data — retained for the duration of your account and for 30 days after deletion to allow recovery, then permanently deleted.
• Payment and billing records — retained for 10 years after the end of the relevant fiscal year, as required by Portuguese tax law.
• Source material and generated outputs — retained for the duration of your account. Deleted within 30 days of account termination unless you request earlier deletion.
• Analytics data — aggregated and anonymized within 26 months of collection. Raw event data referencing identifiable users is deleted on the same schedule.
• Communication data — retained for the duration of the business relationship plus 12 months, then deleted.
• Waitlist data — retained until you are onboarded or until you request removal, whichever occurs first.

Under the GDPR, you have the following rights with respect to your personal data. To exercise any right, contact us at privacy@silklearn.io. We will respond within 30 days.

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data where there is no compelling reason for continued processing.
• Right to restriction — request that we limit how we use your data in certain circumstances.
• Right to data portability — receive your data in a structured, commonly used, machine-readable format.
• Right to object — object to processing based on legitimate interest, including direct marketing.
• Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint — you may file a complaint with the Portuguese data protection authority, Comissão Nacional de Proteção de Dados (CNPD), at www.cnpd.pt, or with the supervisory authority of your country of residence.

We implement reasonable technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS), access controls, regular security assessments, and vendor security reviews.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

SILKLEARN is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child under 16, please contact privacy@silklearn.io and we will delete it promptly.

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service features. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you by email or through a notice on the site.

Continued use of the service after changes take effect constitutes acceptance of the revised policy.

For any privacy-related questions, requests, or complaints, contact us at privacy@silklearn.io. We will acknowledge your request within 5 business days and respond substantively within 30 days.