1 Overview — How the App Works
Course Platform is an online learning app for schools, available on iOS and Android. It is built around a few simple interactions:
- Account creation — You sign up with your name, email address, and phone number, then verify your email with a one-time code so we know the address is valid.
- Browsing courses — Once signed in, you can see the courses available to you, along with each course’s description, instructor, and lesson list.
- Requesting access to a course — Courses belong to schools and teachers, who decide which students may view their content. To join a course you submit an access request from the app; our support team approves it on behalf of the school so course material stays visible only to the school’s own students and not to people outside the school. The app does not sell courses, and there are no in-app purchases, subscriptions, or paid features.
- Tracking your progress — As you watch lessons, the app records which ones you have completed so you can resume where you left off.
- Single-device account — For security, each account is linked to one device at a time. If you change phones or lose access, you can contact support to release the device binding.
2 Information We Collect
We collect the following categories of information so we can run the service:
- Account identifiers — Your full name, email address, and phone number, captured during sign-up.
- Authentication data — Your password (stored only as a hash), Sanctum API tokens issued at sign-in, and the device identifier we use to enforce single-device access.
- Course access requests — When you request access to a course, we record which course you requested and the status of that request (pending, approved, or rejected).
- Course progress — The lessons you have completed within the courses you have access to.
- Device and app diagnostics — Basic device type, operating-system version, and app version, used to diagnose problems and improve stability.
3 How We Use Your Information
Your information is used only for the following purposes:
- Authentication — Verifying your identity and issuing secure session tokens so only you can sign in to your account.
- Course delivery — Showing the courses you are authorised to view and tracking your progress within them.
- Access management — Reviewing your access requests and confirming, on behalf of the school or teacher, whether you may join a course.
- Account security — Detecting unauthorised sign-in attempts and enforcing single-device session binding.
- Support — Answering your questions, resetting your device binding, and resolving account issues.
We do not sell, rent, or share your personal information with third parties for marketing purposes.
4 Data Storage & Security
Your data is stored on secured servers operated for Course Platform. We apply industry-standard protections:
- Your account data is kept in an access-controlled database that only authorised application processes can read or write.
- Authentication is handled by Laravel Sanctum, which issues short-lived API tokens and enforces single-device session binding.
- Every API endpoint that returns private data requires a valid authentication token.
- Passwords are hashed with the industry-standard bcrypt algorithm and are never stored or transmitted in plain text.
- All traffic between your device and our servers is encrypted with HTTPS / TLS.
No system can be guaranteed completely secure. We strongly recommend using a strong, unique password and contacting us immediately if you ever suspect unauthorised access to your account.
5 Third-Party Services
We rely on a small number of third-party services to operate the platform. When enabled, each receives only the data needed to perform its specific function:
- Firebase Crashlytics & Analytics (Google LLC) — Used, when enabled in a release, to record crash reports and aggregate, non-identifying usage statistics. See the Firebase Privacy Policy.
- Resend — Sends transactional emails such as the one-time verification code at sign-up. See the Resend Privacy Policy.
- PrivateEmail — Used for business email correspondence between our team and platform users.
- App-store platforms — When you install our app from the Apple App Store or the Google Play Store, Apple and Google may collect data as described in their own privacy policies.
We encourage you to review each service’s privacy policy, since they govern data those companies collect directly.
6 Your Rights
You have the following rights regarding your personal data:
- Access — Request a copy of the personal data we hold about you.
- Correction — Ask us to correct information that is inaccurate or incomplete.
- Account deletion — Permanently delete your account and all associated personal data at any time, directly from within the app — no need to contact us. See Account Deletion below for details.
- Device reset — Ask us to release the device binding on your account so you can sign in from a new device.
7 Account Deletion
You can permanently delete your account and personal data at any time, directly from within the app. You do not need to call or email us, and there is no waiting period.
To delete your account, open Profile → Delete Account, then confirm by re-entering your password and typing the confirmation word. These two steps protect against accidental deletion.
When you confirm, we immediately and permanently erase the following. This is a true deletion, not a deactivation, and it cannot be undone:
- Your profile and identifiers — name, email address, and phone number.
- Your authentication data — password hash, and all API tokens and sessions.
- Your course access and enrolments.
- Your course access requests.
- Your lesson progress and viewing history.
- Your notification history and any internal support records that contained your details.
For security and legal-compliance purposes we retain a single anonymised audit record noting that a deletion took place and when. This record contains no plain-text personal data — your email address is stored only as an irreversible one-way hash, which lets us confirm a deletion occurred without keeping the address itself. Because the app has no payments or purchases, no financial or billing data is collected or retained.
If you cannot access the app (for example, you have lost your device), you can instead email support@muxlis.com and we will delete your account on your behalf within 30 days of verifying your identity.
8 Children’s Privacy
Course Platform is intended for students aged 15 and older and is not directed to, nor knowingly used by, children under 13. We do not knowingly collect personal information from anyone under 13.
Because some users are under the age of 18, they should use the platform with the knowledge and agreement of a parent, legal guardian, or their school, which accepts this Privacy Policy on their behalf.
If you believe someone under 13 has provided us with personal information, please contact us and we will delete it.
9 Contact Us
If you have questions, concerns, or requests about this Privacy Policy or your personal data, please get in touch:
We aim to respond to all privacy-related inquiries within 5 business days.