Privacy policy

Last updated · 4 July 2026

foyl Learn (learn.foyl.io, operated by foyl — "we") is a free cybersecurity learning platform. This policy explains what we collect when you create an account, why, and what rights you have. Short version: we collect the minimum needed to run accounts and progress tracking, we sell nothing, and we run no third-party trackers.

What we collect

DataSourceWhy (lawful basis)
Email addressYou, or your GitHub accountAccount identity, sign-in links (contract)
Display name & avatarYour GitHub profile (GitHub sign-in only)Showing you your account (contract)
GitHub account IDGitHub (GitHub sign-in only)Linking your login (contract)
Account type (student / instructor)Your choice at sign-upTailoring the platform (contract)
Learning progress (labs, tools, scenarios, certs — status, scores, checkpoints)Your activity on the platformProgress tracking — the point of the account (contract)
Class membership (if you join an instructor's class with an invite code)Your choiceLetting your instructor see your progress (contract)
Sign-in events and session timestampsYour activitySecurity, abuse prevention (legitimate interest)

We never collect passwords, because there are none: sign-in is by GitHub or single-use email links only.

What we deliberately do not store: IP addresses (raw or hashed) and browser user-agents are never written to sessions, tokens, or audit logs. Hashed IPs exist only inside transient rate-limit counters that are purged within 24 hours. Site analytics are aggregate daily counters per page with no link to any account.

Instructor visibility: if you join a class, that class's instructor can see your name/email, your progress, checkpoints, and certificates — that's the feature. Leave the class (or ask the instructor to remove you) to stop sharing; your progress itself stays yours.

Processors

No analytics providers, no advertising networks, no data brokers.

Retention

Your rights

Under GDPR/UK GDPR you can access, export, correct, and erase your data. Both core rights are self-service on the privacy & data page: Export my data downloads everything as JSON (profile, progress, checkpoints, classes, activity); Delete my account permanently erases progress, checkpoints, class memberships, and sessions, and anonymizes your profile and activity log. For anything else, contact support@foyl.io.

Cookies

Covered in the cookie policy. All cookies are strictly necessary; there are no advertising or analytics cookies.

Changes

Material changes to this policy will be flagged on the sign-in page and the consent banner will re-prompt.