Privacy Policy
Last Updated: 19 May 2026
Welcome to Curo ("Pixelpath Studio", "we", "us", "our").
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use:
- curohq.com
- Curo (AI-powered learning companion platform)
- Curo mobile apps (iOS and Android)
- All related browser extensions, APIs, and features we provide
By using Curo, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use.
1. Who We Are
Curo is operated by Pixelpath Studio, based in Bangalore, India.
For privacy-related inquiries, contact us at: admin@curohq.com
2. Information We Collect
2.1 Information You Provide Directly
- Account information: name, email address, and password when you register
- Profile preferences: learning goals, topics of interest, and skill levels
- User-generated content: notes, saved resources, curated collections, and learning progress
- Feedback and communications: messages you send us, bug reports, and support requests
- Payment information: billing name, billing address, and payment method details (processed by our third-party payment provider — we do not store raw card data)
2.2 Information Collected Automatically
- Usage data: pages visited, features used, searches performed, time spent, and interactions within the platform
- Device information: device type, operating system, browser type and version, screen resolution, and app version
- Log data: IP address, referring URLs, timestamps, and error logs
- Session identifiers: cookies, local storage tokens, and session IDs used to keep you logged in
2.3 Information from Third Parties
- Authentication providers: if you sign in via Google or another OAuth provider, we receive your name, email address, and profile picture from that provider
- Analytics partners: aggregated behavioral data to help us understand how the platform is used
3. How We Use Your Information
We use the information we collect to:
- Provide and operate the Service — process your requests, deliver AI-generated learning content, and maintain your account
- Personalize your experience — tailor learning pathways, recommendations, and suggestions based on your goals and history
- Process payments — handle subscription billing and renewals
- Communicate with you — send transactional emails (account confirmations, receipts), product updates, and support responses
- Improve the platform — analyze usage patterns to fix bugs, optimize performance, and develop new features
- Ensure safety and security — detect fraud, enforce our Terms of Service, and protect users
- Comply with legal obligations — retain records as required by applicable law
We do not use your personal content to train publicly available AI models. We do not sell your personal information to third parties.
4. Legal Basis for Processing
If you are located in a region with data protection laws (such as the EU/EEA under GDPR, or other jurisdictions with similar frameworks), our legal bases for processing are:
- Performance of a contract — to provide you with the Service you signed up for
- Legitimate interests — to improve the platform, prevent fraud, and ensure security
- Consent — for optional communications such as marketing emails (you may withdraw consent at any time)
- Legal obligation — to comply with applicable laws and regulations
5. Information Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share information only in the following limited circumstances:
5.1 Service Providers
We work with third-party vendors who process data on our behalf, including:
- Payment processors — to handle subscription billing (e.g., Stripe or equivalent)
- Analytics providers — to understand product usage (e.g., PostHog)
- Cloud infrastructure — to host and serve the platform securely
- AI/LLM providers — to power AI-generated features (prompts may be processed by providers such as OpenAI or equivalent)
These providers are contractually bound to process data only on our instructions and in accordance with applicable privacy laws.
5.2 Legal Requirements
We may disclose your information if required to do so by law, court order, or government authority, or to protect the rights, safety, or property of Curo, our users, or the public.
5.3 Business Transfers
If Pixelpath Studio is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
5.4 With Your Consent
We may share information for any other purpose with your explicit consent.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you the Service.
- Account data is retained until you delete your account
- Usage and analytics data may be retained in aggregated or anonymised form for up to 24 months
- Payment records are retained for the period required by Indian financial and tax regulations (typically 7 years)
- Legal holds: if required for a legal dispute or compliance obligation, we may retain data beyond the periods above
Upon account deletion, we will delete or anonymise your personal data within 30 days, except where retention is legally required.
7. Data Security
We implement industry-standard security measures to protect your information, including:
- Encryption of data in transit (TLS/HTTPS)
- Encrypted storage of credentials
- Access controls limiting who can view personal data internally
- Regular security reviews
Despite these measures, no system is completely secure. We cannot guarantee absolute security and encourage you to use a strong, unique password for your account.
8. Cookies and Tracking Technologies
Curo uses cookies and similar technologies for the categories listed below. We show a cookie consent banner on your first visit. Analytics and session-replay cookies are opt-in and are not loaded until you accept.
8.1 Strictly Necessary
Required for the Service to function. These do not require consent.
| Cookie | Provider | Purpose |
|---|---|---|
| Access token | Curo (first-party) | Keeps you signed in for the duration of a session |
| Refresh token | Curo (first-party) | Renews your session securely without re-login |
curo_analytics_consent | Curo (first-party, localStorage) | Remembers your cookie consent choice |
8.2 Analytics and Session Replay (Opt-in)
Only set after you click "Accept" on the cookie banner.
| Cookie | Provider | Purpose |
|---|---|---|
ph_<project_key>_posthog | PostHog | Product analytics — captures page views, feature usage, and a pseudonymous device identifier |
| Session replay data | PostHog | Records interactions with the interface to help us diagnose bugs and improve usability. Form inputs are masked; non-input text rendered on screen may be captured. |
If you decline, PostHog is not loaded and no analytics or replay data is collected.
8.3 Managing Your Choice
- You can decline analytics at any time using the banner shown on first visit.
- To change your choice after deciding, clear your browser's site data for Curo, or contact us at admin@curohq.com and we will reset it for you.
- Blocking strictly necessary cookies through your browser will break sign-in and core functionality.
9. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Correction — request that we correct inaccurate or incomplete data
- Deletion — request deletion of your personal data ("right to be forgotten")
- Portability — request your data in a structured, machine-readable format
- Objection — object to certain types of processing, including direct marketing
- Restriction — request that we limit how we process your data in certain circumstances
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing
To exercise any of these rights, email us at admin@curohq.com. We will respond within 30 days.
10. Children's Privacy
Curo requires users to be at least 15 years old.
We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13 without verifiable parental consent, we will delete that information promptly.
If you believe a child under 13 has provided us with personal information, please contact us at admin@curohq.com.
11. Cross-Border Data Transfers
Pixelpath Studio is based in India. If you access Curo from outside India, your data may be transferred to, stored, and processed in India or in other countries where our service providers operate.
We take steps to ensure that such transfers comply with applicable data protection laws and that your information receives an adequate level of protection.
12. Third-Party Links and Services
Curo surfaces links to external platforms (YouTube, research papers, blogs, courses, etc.) and may integrate with third-party services.
This Privacy Policy applies only to Curo. We are not responsible for the privacy practices of third-party websites or services. We encourage you to review the privacy policies of any third-party services you use.
13. Mobile Applications (iOS & Android)
When you use Curo on a mobile device, we may additionally collect:
- Push notification tokens — to send you learning reminders (only if you grant permission)
- Device identifiers — to associate your session with your account
We do not access your camera, microphone, contacts, or location unless you explicitly grant permission for a specific feature that requires it, and such permissions will be clearly explained at the point of request.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by:
- Posting a notice on the platform
- Sending an email to your registered address
The "Last Updated" date at the top of this page will always reflect when the most recent changes were made. Continued use of Curo after changes take effect constitutes acceptance of the updated policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:
Email: admin@curohq.com Company: Pixelpath Studio (CuroHQ Technologies) Location: Bangalore, India
Copyright ©2026 Pixelpath Studio Pvt. Ltd.
All rights reserved.
