Course Platform Compliance

Privacy Policy for Thinkific

Thinkific collects student enrollment data, tracks course progress, processes payments, and handles email communications. Your privacy policy must disclose all of this.

For course creators, coaches, and education businesses.

Website Privacy PolicyEcommerce Privacy PolicyGenerate Policy
AK
Written by Anupam Kumar
Last updated: April 2026
8 min read
Reviewed for compliance
1

Why Thinkific Course Creators Need a Privacy Policy

Thinkific is a course platform that processes significant amounts of student personal data. When someone enrolls in your course, Thinkific collects their name, email, payment details, and then tracks their learning progress, quiz answers, and course completion status. Under GDPR and CCPA, you must disclose all of this data collection to your students before they enroll.

Key point: Thinkific requires a privacy policy link on your site. Their terms of service make you responsible for obtaining proper consent from students for data collection and email communications.
2

Thinkific Data Flows

Thinkific collects and processes student data across the entire learning journey.

Student Enrollment Data

  • Full name, email address, and account credentials
  • Profile information (bio, profile photo, location if provided)
  • Enrollment dates, course selections, and bundle purchases
  • IP addresses, device information, and login timestamps

Learning Progress and Assessment Data

  • Lesson completion status and progress percentages
  • Quiz scores, exam results, and assignment submissions
  • Video watch time and engagement metrics
  • Course completion certificates with student names and dates

Communication and Community Data

  • Email communications (enrollment confirmations, drip content, marketing)
  • Community posts, comments, and discussion threads
  • Direct messages between students and instructors
  • Email open rates and click tracking for marketing emails

Certificates and Credentials

  • Course completion certificates with student name and completion date
  • Publicly verifiable certificate URLs containing student information
  • Certificate sharing to LinkedIn and social platforms

Certificate URLs are publicly accessible. Students should be informed that their name and completion data are visible to anyone with the link.

3

Payment Data Processing

Thinkific processes payments through Stripe (for Thinkific Payments) or PayPal. Your privacy policy must disclose how payment data is handled and which processors are involved.

Payment DataHandled ByRetention
Credit card numbersStripe (PCI compliant)Tokenized, never stored on Thinkific
Billing name and addressThinkific + StripeRetained for tax/legal obligations
Transaction historyThinkificRetained while account is active
Refund recordsThinkific + Stripe7 years for tax compliance
Subscription statusThinkificActive until canceled
Important: If you use Thinkific Payments (powered by Stripe), credit card data never touches your Thinkific site directly. However, you must still disclose Stripe as a payment processor in your privacy policy and link to their privacy policy.
4

GDPR for International Students

Online courses attract students globally. If any of your students are in the EU, you must comply with GDPR regardless of where your business is based.

Data location: Thinkific is a Canadian company hosting data on AWS in North America. EU student data is transferred internationally under Standard Contractual Clauses.

Lawful basis for processing: Contractual necessity (course delivery), consent (marketing emails), legitimate interests (course analytics and improvement).

Student data rights: Students can request access to their progress data, quiz scores, and personal information. They can request deletion, but you may retain transaction records for tax purposes.

Email marketing consent: GDPR requires explicit opt-in for marketing emails. Thinkific's built-in email tools and third-party integrations (Mailchimp, ConvertKit) must respect consent preferences.

Third-party integrations: If you connect Thinkific to Zapier, Mailchimp, Google Analytics, or Facebook Pixel, each integration is an additional data transfer requiring disclosure.

5

What Your Thinkific Privacy Policy Must Include

Your privacy policy should cover these Thinkific-specific areas:

Student Data Collection Disclosure

Detail what student data you collect through Thinkific -- enrollment info, progress tracking, quiz scores, and assignment submissions.

Payment Processor Disclosure

Name Stripe (or PayPal) as your payment processor, explain that credit card data is handled by them, and link to their privacy policies.

Email Marketing Integration

Disclose any email marketing tools connected to Thinkific (Mailchimp, ConvertKit, ActiveCampaign) and explain how students can opt out.

Certificate and Credential Data

Explain that course completion certificates contain student names and are accessible via public URLs. Students should know this before earning certificates.

Data Retention and Deletion

Explain how long you retain student data, how students can request deletion, and what data you must keep for tax and legal compliance.

Generate Your Thinkific Privacy Policy

Create a customized privacy policy for your Thinkific courses covering student data, payments, and compliance.

Free previewOne-time paymentCourse platform disclosures

Structured around widely accepted GDPR and CCPA requirements. Not legal advice.

Related Resources

Privacy Policy for Ecommerce

Online store compliance guide

Privacy Policy for Websites

General website compliance guide

GDPR Privacy Policy Template

EU compliance requirements

Privacy Policy for Zapier

Automation data compliance guide

CCPA Privacy Policy Example

California compliance requirements

Privacy Policy for Canva

Design tool compliance guide

Cookie Policy for Websites

Cookie compliance requirements

Policy Generator

Create your compliant privacy policy