Privacy Policy
This page explains what data Udemy Enroller collects, how it is stored, and how you can delete it. Last updated: July 2026.
What Data Is Collected
When you connect your Udemy account, the following data is collected and stored on the instance running the app (your self-hosted machine or the hosted demo server):
- Email address — used to identify your account locally.
- Password — if you use Email Login, your Udemy password is sent directly to Udemy's login endpoint for authentication and is never stored in any form.
- Session cookies — your Udemy session tokens (access_token, client_id, csrftoken) are encrypted with Fernet (AES-128-CBC) before being stored in the local database.
- Enrollment history — course titles, URLs, coupon codes, and enrollment status are stored to track your progress and display on the dashboard.
How Data Is Stored
- All data is stored in a local SQLite database on the server or machine where the application is running.
- Your Udemy password is never stored - not even as a hash. It is sent directly to Udemy's enrollment endpoints for authentication and then discarded.
- Session cookies are encrypted with Fernet symmetric encryption before storage.
- When self-hosting, no data leaves your instance. On the hosted demo at udemyenroller.madhudadi.in, encrypted Udemy session cookies may be stored on the demo server so enrollment can run for your session. Hosted app sessions expire after about 24 hours. Each account is limited to a small number of concurrent app sessions (oldest sessions are signed out when the limit is exceeded). When the last session expires, log out, or you use Clear All Data, stored Udemy cookies for that user are removed. Prefer self-hosting for greater control over where session data lives. Credentials are used only to communicate with Udemy's enrollment endpoints.
What Data Is Not Collected
- Google Tag Manager (GTM) and Google Analytics 4 (GA4) are used for page view analytics and event tracking (e.g., CTA clicks, outbound links). These load only after you accept the cookie consent banner. No personal data is collected or sold. See the Google Privacy Policy for details.
- No cookies are set for advertising or cross-site tracking.
- Udemy credentials are not sold or shared with third parties. Anonymous page analytics via Google Tag Manager and GA4 load after cookie consent (see above).
How to Delete Your Data
You can delete all your stored data at any time:
- 1 Log in to the application and navigate to Settings.
- 2 Click Clear All Data to delete your enrollment history, reset lifetime statistics, end app sessions, and remove encrypted Udemy session cookies stored for your user. You will need to connect again to enroll. This does not delete your local app account row or preference settings. Self-hosters can also delete the database file as described below.
-
3
If you are self-hosting, you can also
delete the SQLite database file directly
(
udemy_enroller.db).
Browser Cookies
The application sets the following browser cookies for authentication:
| Cookie | Purpose | Flags |
|---|---|---|
| session_id | Authentication session token | HttpOnly, SameSite=Lax |
| csrf_token | Cross-site request forgery protection | SameSite=Strict |
Affiliation
Udemy Enroller is not affiliated with, endorsed by, or authorized by Udemy, Inc. It is an independent, open-source project. Use of this tool may be subject to Udemy's Terms of Service. Users are solely responsible for compliance with applicable terms and policies.
Source Code
The full source code of Udemy Enroller is publicly available. You can audit every line of code to verify the privacy claims on this page.
View Source on GitHubQuestions about privacy?
Open an issue on GitHub or check the FAQ for more information.