Skip to main content

Privacy Policy

This privacy policy describes how instruo.io ("we", "us") collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller is instruo.io. For questions regarding your personal data, contact us at: support@instruo.io

2. Data We Collect

Email address (when you join the launch list or register an account), name (during registration), school details such as name, location and disciplines (during onboarding), and payment information processed by Stripe (we never store card data on our servers).

3. Purpose of Data Processing

We process your data to operate the platform, manage your account, deliver bookings and lessons, process subscription billing, send transactional and marketing communications, provide customer support, and analyze aggregated product usage.

4. Legal Basis

Processing is based on: performance of a contract (Article 6(1)(b) GDPR) for account, billing and lesson delivery; your consent (Article 6(1)(a) GDPR) for marketing emails and the launch list; and our legitimate interests (Article 6(1)(f) GDPR) for security, fraud prevention and product analytics.

5. Data Retention

Account data is retained for the lifetime of your account and deleted within 30 days of account closure, except financial records which are retained for 7 years to comply with tax law. Marketing list data is retained until you withdraw consent.

6. Your Rights

Under GDPR you have the right to access your personal data, rectify inaccurate data, request erasure, restrict processing, data portability, and object to processing. To exercise these rights, contact support@instruo.io and we will respond within 30 days.

7. Data Security

We implement appropriate technical and organizational measures including TLS 1.3 encryption in transit, encryption at rest, role-based access control, multi-tenant data isolation, and continuous dependency scanning.

8. Third-Party Services

We share data with the following processors only as needed to deliver the service: ConvertKit (launch list and marketing emails), Stripe (subscription billing and payment processing), AWS, Vercel and Railway (hosting and infrastructure), Plausible (cookieless analytics), Crisp (support chat), Postmark (transactional email), and Sentry (error tracking). Each processor is bound by a data processing agreement.

9. International Transfers

Some processors store data outside the European Economic Area. Where this happens we rely on Standard Contractual Clauses approved by the European Commission to ensure an equivalent level of protection.

10. Cookies

We use only essential cookies (authentication, language preference, mood preference). We do not use tracking or advertising cookies. Plausible analytics is cookieless by design.

11. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated by email and posted on this page with an updated effective date.

12. Contact

For privacy questions, data subject requests, or any concerns about how we handle your data, contact us at support@instruo.io.

Last updated: 2026-05-04