Privacy Policy

Last Updated: April 2026

1. Information We Collect

Information You Provide

• Account information: Email address, display name, avatar
• Authentication data: When you sign in via Google, GitHub, or Discord OAuth
• Payment information: Processed securely by our payment provider; we do not store full card details
• Beta application information: When you apply for beta access, we collect your school name, role (teacher, student, etc.), and email address for eligibility review and invite code delivery

Automatically Collected Information

• API usage data: Model used, token counts, request timestamps, latency, User-Agent (client application identifier)
• File uploads: Files you upload through our API (stored securely, accessible only to your account)
• Logs: Server logs for debugging, security, and performance monitoring

2. How We Use Your Data

We use the information we collect to:

• Provide, maintain, and improve our Services
• Process transactions, manage credits, and handle billing
• Authenticate your identity and secure your account
• Monitor usage for abuse prevention and rate limiting
• Send service-related notifications (billing, security alerts, beta application results)
• Respond to your support requests

3. Data We Do NOT Collect

• We do not use your prompts, completions, or uploaded file contents to train AI models.
• We do not sell your personal data to third parties.
• We do not share your API usage data with other users.

4. Data Storage & Security

• Your data is stored on secure cloud infrastructure with encryption at rest and in transit.
• API keys are hashed and never stored in plaintext.
• File uploads are stored in private object storage with access controls.
• We implement rate limiting, IP validation, and security headers to protect against abuse.

5. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account termination upon request.
• Usage logs: Retained for up to 12 months for billing and abuse prevention.
• Beta application records: Retained until review is complete. If your application is rejected, you may reapply and the previous record will be overwritten.
• Uploaded files: May be deleted after a period of inactivity. We recommend maintaining your own backups.

6. Third-Party Services

We use the following third-party services that may process your data:

• Payment Provider: Payment processing
• OAuth Providers (Google, GitHub, Discord): Authentication only; we receive your email and public profile info

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction or deletion of your data
• Export your data in a machine-readable format
• Revoke OAuth access at any time through your provider's settings

8. Cookies & Local Storage

We use cookies and local storage for:

• Session authentication
• User preferences (language, theme)
• CSRF protection

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Services.

10. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us through our support channels.