Privacy Policy for Online Course Creators — Free Template

Online course businesses collect more personal data than most creators realize. Email addresses, payment info, course progress, quiz answers, video watch time, support tickets, community posts. Each of these is personal data under GDPR and CCPA, and your students have rights about how it is used.

Whether you sell on Teachable, Thinkific, Kajabi, Podia, Mighty Networks, or your own custom site, you need a privacy policy that covers your specific data handling practices.

What Course Creators Specifically Collect

• Account data: Name, email, profile photo (often)
• Payment data: Billing address, last 4 of card, transaction history
• Course progress: Lessons completed, time spent, quiz scores
• Engagement data: Login frequency, pages viewed, video watch percentages
• Communication data: Support tickets, community posts, comments on lessons
• Marketing data: Email opens, link clicks, segment membership
• Demographics (if collected): Job role, company, goals from intake forms

Each one of these triggers a privacy policy requirement to disclose what is collected and how it is used.

How to Generate a Course Creator Privacy Policy

1. Open the privacy policy generator
2. Enter your course business name and main URL (your custom domain or platform URL)
3. Check these data types: Name, Email, Mailing Address (if you ship physical materials), Payment Information, IP Address, Cookies, Device Info, Usage Data
4. Check third-party services: Stripe (most course platforms use Stripe), PayPal, your email tool (Mailchimp/ActiveCampaign/ConvertKit), Google Analytics
5. Enable GDPR (course customers come from everywhere)
6. Generate and paste

Where to Put It on Each Platform

Platform	Where to add policy	Notes
Teachable	Site Settings > Legal > Privacy Policy	Built-in field, takes pasted text
Thinkific	Settings > Site Settings > Codes > Footer	Add HTML link to hosted policy
Kajabi	Settings > Branding > Footer	Add link in footer customization
Podia	Storefront > Edit > Footer	Built-in legal links section
Mighty Networks	Network Settings > Legal Information	Native field for policy text
Custom site	/privacy-policy page + footer link	Standard web setup

Specific Sections for Course Creators

Beyond the generated boilerplate, consider adding these course-specific paragraphs:

Student progress and engagement. "We collect data about your course progress, including lessons completed, time spent on each lesson, and quiz scores. We use this data to improve the course, send relevant follow-up content, and provide support when you appear stuck."

Community participation. "If you post in our community, comment on lessons, or send messages, those communications are stored and visible to other community members and our team. Do not share confidential information you would not want other students to see."

Email marketing. "Buying a course adds you to our customer email list for course updates and related offers. You can unsubscribe at any time. We will not add you to other email lists without explicit consent."

Refund processing. "If you request a refund, we retain your transaction record for tax and accounting purposes (typically 7 years), but we delete other personal data on request after the refund is processed."

GDPR Considerations for International Students

Online courses are global by default. EU and UK students mean GDPR applies, even if you are based in the US. Key requirements:

• Cookie consent banner before setting analytics or marketing cookies
• Explicit opt-in for marketing emails (no auto-subscribe from purchase)
• Right to access, correct, and delete personal data
• Lawful basis stated for each type of data processing
• Data Processing Agreement (DPA) with platforms that process student data on your behalf

Most course platforms (Teachable, Thinkific, Kajabi) provide a Data Processing Agreement on request. Sign one with each platform you use.

Free Course Lead Magnets — Same Rules Apply

If you offer a free mini-course, downloadable PDF, or webinar in exchange for an email address, you are collecting personal data. The same privacy policy requirements apply. Make sure your opt-in form clearly states:

• What you will email them about (the lead magnet, course updates, occasional promotions)
• How to unsubscribe (every email needs an unsubscribe link)
• A link to your privacy policy

"Sign up to get the free guide!" with no further information is not GDPR-compliant. The opt-in needs informed consent.

What Most Course Creators Get Wrong

1. No privacy policy at all. Risk of platform termination and legal exposure.
2. Auto-subscribing customers to marketing emails. Buying a course is consent for course-related emails, not for unrelated marketing.
3. Not mentioning third-party tools. If you use Calendly for student calls, Loom for personalized videos, or Zoom for live sessions, those tools process student data and should be mentioned.
4. Keeping student data forever. Set a retention period for accounts and inactive students.
5. No cookie banner on the marketing site. Course sales pages often have Facebook Pixel and Google Ads tags. Cookie banner required for EU traffic.