The question

Hi everyone. In this post I address a question that certain people ask sometimes. The people that ask this question are people who are using an online course creation and delivery platform (like, Kajabi, Thinkific, Teachable, etc), as opposed to doing everything on their own website.

The question is this:

“Doesn’t the course platform take care of privacy issues for me?”

The answer

The short answer is, no, they do not, and cannot do that for you. To give some examples: has a Data Protection Addendum which applies “if you and/or your end users are located in the European Union or United Kingdom”. In this context, it states:

“Unless otherwise agreed by the parties, when Subscriber [i.e., a course creator] processes personal data as a controller pursuant to the terms of the DPA, MasterMind and Subscriber process personal data as independent controllers. Each controller is solely responsible for its own obligations as a controller, as required under the applicable data privacy law.”

Now, if you’re not familiar with Europe’s General Data Protection Regulation (GDPR), then that may sound like legal gobbledegook. The key point for present purposes is that the reference to you being an “independent controller” means you are required to comply with the GDPR’s privacy-related disclosure requirements in relation to the personal information about end users that you collect. does not do this for you. It does it for itself, but not for you. The same conclusion applies to the application of privacy laws in other countries that require you to tell people certain things when you collect personal information from them.

What about other platforms? Are they any different? No, they’re not. Teachable says this in its privacy policy:

“If you are a Student whose personal information has been collected by a Creator, please contact the Creator directly and view the Creator’s privacy policy if you have questions about how the Creator uses your personal information.”

Kajabi says this in its privacy policy:

“Our customers decide how the personal information of their users are processed, so we urge them to make full and complete disclosure about their processing activities. Our customers are advised to, at a minimum, post a privacy policy on their websites that describes how they collect, use, and share the personal information of their users.”

Thinkific says this in its privacy policy:

“Privacy is important! As a Thinkific customer, you recognize that it’s your responsibility to post a privacy policy on your course site that complies with the laws applicable to your business, if you are required to do so. You also agree to obtain consent from your students for the use and access of their Personal Information by Thinkific and other third parties when required.”

The takeaway

So what’s the main takeaway from all this? It’s that course creators using course platforms will often be required by the privacy laws that apply to them to post their own privacy statements. They cannot rely on the platform providers doing this for them.

I talk about privacy statements in detail in my Online Courses and Legal Stuff course, and provide access to a privacy statement builder that helps you create your own. The builder takes into account key privacy laws in the US, Canada, the UK, Australia and New Zealand. 

Sign up to our newsletter for more actionable content!

By signing up, you agree to be added to our email list and that we may send you news items of general interest as well as information on our courses, other services we may offer, and related matters. You can unsubscribe from the newsletter at any time.