Cookie Policy

1. Introduction

CourseSpaces ("we," "our," or "us") operates as a German-based company committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other international privacy regulations.

2. About This Website vs. Our Application

Important Distinction: This Cookie Policy applies specifically to our marketing website (coursespace.io). We do not collect, store, or process cookies on this marketing website.

Our actual application platform is located at app.coursespace.io, where different privacy practices may apply. If you're using our application, please refer to the privacy policy and terms of service available within the application.

3. Cookies on This Marketing Website

We do not use cookies on this marketing website. This means:

• No tracking cookies are placed on your device
• No analytics cookies collect your browsing behavior
• No advertising cookies follow you across websites
• No functional cookies store your preferences
• No essential cookies are required for basic website functionality

4. What This Means for You

By visiting our marketing website, you can:

• Browse all pages without any data collection
• View our services and pricing information
• Access our contact forms and information
• Navigate freely without privacy concerns

Your visit to this marketing website is completely private and anonymous.

5. Third-Party Services

While we don't use cookies, our website may contain links to external services or embedded content that might use cookies. These include:

• YouTube video embeds (for product demonstrations)
• Social media links (Facebook, YouTube)
• External payment processors (when you sign up)

These third-party services operate under their own privacy policies and may collect data according to their practices.

6. Cookies Used by CourseSpaces Application

Important: The following cookies are used by our CourseSpaces application platform at app.coursespace.io, not by this marketing website. These cookies are essential for the application to function properly and provide a secure user experience.

6.1 Authentication Cookies (Essential)

These cookies are necessary for user authentication and session management:

• Session Cookie: Manages user authentication during active sessions. Expires when the browser closes.
• Remember Me Token: Provides persistent login functionality for user convenience. Duration is user-configurable.

6.2 Security Cookies (Essential)

• CSRF Token: Protects against Cross-Site Request Forgery attacks. Stored in session and expires after 24 hours.

6.3 Cookie Security Settings

All application cookies are configured with the following security measures:

• Secure Flag: Cookies are only sent over HTTPS in production
• HttpOnly Flag: Prevents JavaScript access to cookies
• SameSite Attribute: Set to "Lax" for CSRF protection
• Encryption: All sensitive cookie data is encrypted

6.4 Third-Party Service Cookies in Application

When using the CourseSpaces application, you may encounter cookies from:

• Stripe: Payment processing cookies during checkout (essential for transactions)
• CDN Services: Content delivery networks for fonts and icons (no personal data collection)

6.5 Cookie Management in Application

You can manage these cookies through your browser settings, but please note:

• Disabling essential cookies may prevent the application from functioning properly
• Session cookies are automatically cleared when you log out or close your browser
• Remember me tokens can be disabled in your account settings
• CSRF protection cannot be disabled for security reasons

7. Data Protection and GDPR Compliance

As a German-based company, CourseSpaces is fully committed to GDPR compliance:

• Lawful Basis: We process any necessary data based on legitimate interest or consent
• Data Minimization: We only collect data that's absolutely necessary
• Purpose Limitation: Data is used only for the purposes we've specified
• Storage Limitation: We retain data only as long as necessary
• Security: All data is protected with appropriate technical measures

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request information about what personal data we hold
• Right to Rectification: Correct any inaccurate personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restriction: Limit how we process your personal data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

9. How to Contact Us

For privacy-related inquiries, we recommend using our contact form to avoid spam and ensure proper handling:

• Contact Form: Use the contact form on our website at coursespace.io#contact
• Email: support@coursespace.io (may be filtered for spam)
• Business Address: CourseSpaces is operated by ToolboxLabs GmbH, based in Germany

10. Data Protection Officer

CourseSpaces has appointed a Data Protection Officer who can be contacted regarding all data protection matters:

• Email: privacy@coursespace.io
• Purpose: Handles all GDPR-related inquiries and requests

11. Supervisory Authority

As a German-based company, our lead supervisory authority is:

Die Landesbeauftragte für den Datenschutz und die Informationsfreiheit
(The State Commissioner for Data Protection and Freedom of Information)

If you believe we haven't handled your data properly, you have the right to lodge a complaint with this authority.

12. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in our practices or legal requirements. We'll notify you of any material changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date above
• Notifying users through our website if changes are significant

13. International Data Transfers

CourseSpaces is based in Germany and primarily processes data within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Other legally recognized transfer mechanisms

14. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

15. Technical and Organizational Measures

We implement appropriate technical and organizational measures to ensure data security:

• SSL/TLS encryption for all data transmission
• Regular security assessments and updates
• Access controls and authentication procedures
• Employee training on data protection
• Incident response procedures