Legal
Privacy Policy
Last updated: June 9, 2026 · Effective immediately
TL;DR: We collect only what we need to run the course (your name, email, payment info). We never sell your data to third parties. You can request deletion of your data at any time by emailing
[email protected].
1. Who We Are
BloxNerd ("we", "us", or "our") is an independent online education platform providing Roblox Studio courses and related educational content. Our website is located at bloxnerd.io.
For any privacy-related questions, contact our Data Protection contact at [email protected].
2. What Data We Collect
2.1 Data You Provide Directly
- Name and email address — when you register for a course or join our waitlist
- Billing information — processed securely via our payment processors (Stripe, PayPal). We do not store full card numbers on our servers.
- Course progress and activity — lessons watched, quizzes completed, forum posts
- Communications — emails or support messages you send us
2.2 Data Collected Automatically
- Log data — IP address, browser type, pages visited, time and date of visit
- Device information — screen size, operating system, browser version
- Cookies — session cookies for authentication, preference cookies, and analytics cookies (see Section 7)
3. How We Use Your Data
We use the information we collect to:
- Create and manage your BloxNerd student account
- Deliver course content and track your progress
- Process payments and issue receipts
- Send transactional emails (purchase confirmations, password resets)
- Send course updates, new content notifications, and — with your consent — promotional offers
- Provide customer support and respond to inquiries
- Analyse usage patterns to improve our platform
- Comply with legal obligations
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process your personal data under the following legal bases:
- Contract performance — processing necessary to deliver the course you purchased
- Legitimate interests — improving our platform, fraud prevention, security
- Consent — marketing communications (you may withdraw at any time)
- Legal obligation — retaining financial records as required by law
5. Data Sharing and Third Parties
We do not sell your personal data. We share data only with trusted service providers required to operate our platform:
- Stripe / PayPal — payment processing
- Mailchimp / ConvertKit — email delivery
- Vimeo / Wistia — video hosting
- Google Analytics — anonymised website analytics
- Cloudflare — CDN and DDoS protection
All third-party providers are contractually required to protect your data and may only process it for the specific purpose we authorise.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide services. Specifically:
- Account data — retained until account deletion + 30 days
- Transaction records — retained for 7 years to comply with tax regulations
- Email communications — retained for 2 years
- Analytics data — retained in anonymised form indefinitely
7. Cookies
We use the following categories of cookies:
- Essential cookies — required for login sessions and security. Cannot be disabled.
- Preference cookies — remember your display settings and language.
- Analytics cookies — help us understand how visitors use the site (Google Analytics, anonymised).
- Marketing cookies — only set if you opt in via our cookie banner.
You can manage cookie preferences in your browser settings or via our cookie consent banner.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of all data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — for marketing emails, unsubscribe at any time via the link in any email
To exercise any of these rights, email [email protected]. We will respond within 30 days.
9. Children's Privacy
BloxNerd welcomes students of all ages, including minors. However, users under the age of 13 (or 16 in the EEA) must have verifiable parental consent before creating an account or purchasing a course. If we discover we have collected data from a child without appropriate consent, we will delete it promptly.
10. International Data Transfers
Our servers are located in the European Union. If data is transferred outside the EEA (e.g., to US-based service providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
11. Security
We implement industry-standard security measures including TLS/HTTPS encryption for all data in transit, hashed password storage, and regular security audits. However, no system is 100% secure. If you discover a vulnerability, please report it to [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Your continued use of our service after changes constitutes acceptance of the updated policy.
13. Contact
For any privacy-related questions or to exercise your data rights: