# Privacy Policy (/docs/legal/privacy) # Privacy Policy [#privacy-policy] **Last Updated:** April 2026 ## 1. Information We Collect [#1-information-we-collect] ### Information You Provide [#information-you-provide] * **Account information:** Email address, display name, avatar * **Authentication data:** When you sign in via Google, GitHub, or Discord OAuth * **Payment information:** Processed securely by our payment provider; we do not store full card details * **Beta application information:** When you apply for beta access, we collect your school name, role (teacher, student, etc.), and email address for eligibility review and invite code delivery ### Automatically Collected Information [#automatically-collected-information] * **API usage data:** Model used, token counts, request timestamps, latency, User-Agent (client application identifier) * **File uploads:** Files you upload through our API (stored securely, accessible only to your account) * **Logs:** Server logs for debugging, security, and performance monitoring ## 2. How We Use Your Data [#2-how-we-use-your-data] We use the information we collect to: * Provide, maintain, and improve our Services * Process transactions, manage credits, and handle billing * Authenticate your identity and secure your account * Monitor usage for abuse prevention and rate limiting * Send service-related notifications (billing, security alerts, beta application results) * Respond to your support requests ## 3. Data We Do NOT Collect [#3-data-we-do-not-collect] * We **do not** use your prompts, completions, or uploaded file contents to train AI models. * We **do not** sell your personal data to third parties. * We **do not** share your API usage data with other users. ## 4. Data Storage & Security [#4-data-storage--security] * Your data is stored on secure cloud infrastructure with encryption at rest and in transit. * API keys are hashed and never stored in plaintext. * File uploads are stored in private object storage with access controls. * We implement rate limiting, IP validation, and security headers to protect against abuse. ## 5. Data Retention [#5-data-retention] * **Account data:** Retained while your account is active. Deleted within 30 days of account termination upon request. * **Usage logs:** Retained for up to 12 months for billing and abuse prevention. * **Beta application records:** Retained until review is complete. If your application is rejected, you may reapply and the previous record will be overwritten. * **Uploaded files:** May be deleted after a period of inactivity. We recommend maintaining your own backups. ## 6. Third-Party Services [#6-third-party-services] We use the following third-party services that may process your data: * **Payment Provider:** Payment processing * **OAuth Providers (Google, GitHub, Discord):** Authentication only; we receive your email and public profile info ## 7. Your Rights [#7-your-rights] You have the right to: * Access the personal data we hold about you * Request correction or deletion of your data * Export your data in a machine-readable format * Revoke OAuth access at any time through your provider's settings ## 8. Cookies & Local Storage [#8-cookies--local-storage] We use cookies and local storage for: * Session authentication * User preferences (language, theme) * CSRF protection ## 9. Changes to This Policy [#9-changes-to-this-policy] We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Services. ## 10. Contact [#10-contact] If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us through our support channels.