Privacy Notice

Effective date: TBD

Last updated: TBD

This notice explains how EducatioAI collects, uses, and shares personal data when you use our app and APIs.

Who we are

EducatioAI provides AI-powered learning tools.

Contact: [email protected]

Scope

  • The EducatioAI web app and web APIs.
  • OAuth sign-in flows.
  • File upload, content processing, tutoring, and chat features.

Data we collect

  • Account data such as email, name, avatar, and subscription tier.
  • Uploaded files and related metadata (filename, size, type, source URL).
  • Extracted text, AI classifications, and organization metadata (classes, tags, topics).
  • Study sessions, messages, web sources, and generated visuals.
  • Learning progress and concept mastery data.
  • Usage logs, web search queries (when enabled), and storage download metadata.
  • Device and log data for security and reliability.

How we use data

  • Provide and operate the service.
  • Personalize learning experiences.
  • Run web enrichment when enabled.
  • Maintain security, prevent abuse, and monitor reliability.
  • Measure usage and operational costs.
  • Cache data in Redis to improve performance.

Legal bases (GDPR)

  • Contract: to provide the service you request.
  • Consent: for optional processing such as web enrichment and external OCR/vision.
  • Legitimate interests: to secure, improve, and operate the service.
  • Legal obligations: to comply with applicable laws.

Sharing and processors

We share data with service providers that process data on our behalf.

  • Supabase (auth, database, storage).
  • LLM providers (OpenAI, Anthropic, Google) for chat, OCR/vision, and optional image generation.
  • Serper for web search queries when web enrichment is enabled.
  • Upstash Redis for caching and background task processing.
  • User-supplied URLs may be fetched by our servers for link previews or enrichment.

International transfers

Some processors may operate outside your country. We rely on appropriate transfer mechanisms such as SCCs where required.

Data retention

  • Chat messages and study sessions: 2 years.
  • Usage logs: 90 days.
  • Embeddings: retained alongside source content.
  • Resource usage snapshots: 12 months.
  • Deleted content: 30-day soft delete window before hard deletion.
  • Cache entries: TTL-based.

Security

We use technical and organizational measures designed to protect your data, including access controls and row-level security.

Your rights

Depending on your location, you may have rights to:

  • Access your data.
  • Correct inaccurate data.
  • Delete your data.
  • Object to or restrict processing.
  • Request data portability.

Cookies and local storage

We currently use localStorage to store access tokens and basic profile data for session management. We plan to migrate to HttpOnly secure cookies.

Children's privacy

EducatioAI is not intended for children under the age required by local law. If minors are in scope, additional safeguards will apply.

Changes to this notice

We may update this notice from time to time and will update the "Last updated" date accordingly.