Privacy Policy

1. Who we are (Data Controller)

The Service is operated by:

• Name: MyLearnEngine

For the purposes of the EU General Data Protection Regulation ("GDPR"), MyLearnEngine is the data controller of your personal data.

2. What data we collect

We collect and process the following categories of data when you use the Service.

2.1 Account & profile data

• Email address
• Password (stored in hashed form)
• Name or username (if you provide it)
• Language, time zone or other display preferences
• Subscription status and plan (Free / Basic / Pro)

2.2 Payment & billing data

We use Stripe as our payment processor. When you subscribe to a paid plan, Stripe processes your payment details.

• Partial card details (e.g. last 4 digits, card brand)
• Billing country and/or billing address (where required for VAT and invoices)
• Transaction IDs and payment status
• Subscription plan, amount, currency, invoice records

We do not store full card numbers on our servers. We may receive and store from Stripe:

2.3 Learning & content data

To provide the learning experience, we store content related to your use of the Service, for example:

• Learning sessions (subjects, goals, level, language or topic)
• Study plans and learning paths generated for you
• Flashcards and quizzes generated for you
• Messages, prompts and responses within learning sessions
• AI-generated explanations and feedback
• Quiz results, scores, streaks and progress indicators

2.4 Technical & usage data

When you access or use the Service, we may collect:

• IP address
• Browser type and version
• Device type, operating system
• Date and time of access
• Pages and screens visited, buttons clicked, features used
• Session identifiers, cookies or similar identifiers

2.5 Communication & support data

If you contact us or interact with us outside the product interface, we may collect:

• Your email address or other contact details
• The content of your messages (e.g. support requests, feedback)
• Any information you choose to provide in forms (e.g. bug reports or feature requests)

3. How we use your data and legal bases (GDPR)

We process your personal data for the purposes listed below, under the legal bases defined by GDPR.

3.1 To provide and operate the Service

We use your data to:

• Create and manage your user account
• Authenticate you when you log in
• Generate and store your study plans, flashcards and quizzes
• Power the learning chat and show your learning history
• Track your progress, streaks and performance

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) – we need this data to provide the Service to you.

3.2 To process payments and manage subscriptions

We use payment and billing data to:

• Process your payments via Stripe
• Start, renew, cancel or change your subscription
• Issue invoices and handle refunds or chargebacks
• Comply with tax and accounting obligations

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and legal obligation for accounting and tax (Art. 6(1)(c) GDPR)

3.3 To improve, maintain and protect the Service

We use technical and usage data to:

• Monitor performance and reliability of the Service
• Detect and prevent abuse, fraud or security incidents
• Debug errors and resolve technical issues
• Analyse aggregated usage patterns to improve features and user experience

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) – our interest in keeping the Service secure, stable and improving it over time.

3.4 Communication with you

We use your contact details to:

• Respond to your support requests or questions
• Send important service-related messages (e.g. changes to terms, security notices)

Legal basis: Performance of a contract / legitimate interest, depending on the context.

3.5 Marketing (if applicable)

If you opt in, we may use your email address to send you:

• Product updates and news
• Information about new features or offers

Legal basis: Consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time.

4. AI Features and Your Content

When you use our AI-based features (for example, to generate study plans, flashcards, quizzes, or explanations), we process the text you enter and related context from your learning sessions ("AI Content").

4.1 What we send to AI providers

To generate answers and learning content for you, we send AI Content to external AI service providers. This may include:

• The prompts and messages you type
• Relevant previous messages in the same learning session
• Information about your learning goals and topics

We do not send your password or full payment card details to AI providers.

Our AI providers include providers of large language models (for example, OpenAI accessed via its API).

4.2 Model training and retention by providers

For API-based AI services we use, our understanding is that data sent via the API is not used to train or improve the provider's models by default, unless the customer explicitly opts in.

4.3 Please avoid sensitive information

AI features are designed for general learning content only. Please do not include the following in your prompts or AI Content:

• Passwords, payment card numbers or other login credentials
• National ID numbers or other government identifiers
• Detailed health information or other special categories of personal data
• Highly confidential business information
• Personal data of other people without their permission

5. Cookies and similar technologies

We use cookies and similar technologies to provide, protect, and improve the Service. A cookie is a small text file that is stored on your device when you visit our website.

5.1 Cookie consent banner

When you first visit our website, we display a cookie consent banner that allows you to:

• Accept All: Allow all cookies, including analytics cookies
• Reject All: Only use essential cookies required for the Service to function

You can change your cookie preferences at any time by clicking the "Cookie Settings" link in our website footer.

5.2 Types of cookies we use

5.3 Google Analytics and Consent Mode v2

We have implemented Google Analytics 4 with Consent Mode v2, which:

• Does not set analytics cookies until you provide consent
• Respects your cookie preferences throughout your visit
• Uses cookieless pings if you reject analytics cookies
• Complies with GDPR requirements for consent

Google processes analytics data as a data processor on our behalf. Data is sent to Google's servers, which may be located outside the EU/EEA, including in the United States. Google has implemented appropriate safeguards, including Standard Contractual Clauses.

For more information about how Google uses data, please see Google's Privacy Policy.

5.4 Third-party cookies

When you enable analytics cookies, third-party cookies from Google may be set on your device. We do not control these third-party cookies and recommend reviewing the privacy policies of these third parties.

5.5 How to manage cookies

You have several options to manage cookies:

• Cookie Settings: Use the "Cookie Settings" link in our footer to change your preferences
• Browser settings: Most browsers allow you to refuse or delete cookies through their settings. Note that disabling essential cookies may affect the functionality of the Service
• Opt-out tools: You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

6. Third-party service providers (processors)

We share your data with third-party service providers that help us operate the Service. They act as data processors, processing personal data on our behalf.

6.1 Hosting and infrastructure

• Vercel, Inc. – hosts our web application and backend functions
• MongoDB Atlas (MongoDB, Inc.) – hosts our databases

6.2 Payments

• Stripe, Inc. – processes payments for subscriptions

6.3 AI providers

• OpenAI, L.L.C. – processes AI Content via their API

We do not sell your personal data.

7. International data transfers

Some of our service providers are located outside the European Union (EU) and European Economic Area (EEA), in particular in the United States.

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

8. Data retention

We keep your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, or as required by law.

• Account and profile data: Kept while your account is active. Deleted within 90 days after account deletion.
• Learning sessions and content: Kept while your account is active. Deleted within 90 days after account deletion.
• Billing and payment records: Kept for 5-10 years as required by tax and accounting laws.
• Logs and technical data: Kept for 12-24 months for security and analytics.

9. Security

We take appropriate technical and organisational measures to protect your personal data, including:

• Using HTTPS to encrypt data in transit
• Storing passwords in hashed form
• Restricting access to personal data to authorised personnel only
• Regular monitoring and backups

No method of transmission or storage is completely secure, but we work to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

10. Your rights under GDPR

If you are in the EU/EEA, you have the following rights regarding your personal data:

• Right of access – to obtain confirmation whether we process your data and receive a copy
• Right to rectification – to correct inaccurate or incomplete data
• Right to erasure ("right to be forgotten") – to ask us to delete your personal data
• Right to restriction of processing – to request that we limit the processing of your data
• Right to data portability – to receive your data in a machine-readable format
• Right to object – to object to processing based on our legitimate interests
• Right to withdraw consent – where processing is based on your consent

To exercise any of these rights, please contact us at: superaismartstudy@gmail.com

You also have the right to lodge a complaint with a data protection supervisory authority in the EU/EEA.

11. Children's privacy

The Service is not directed to children under 16 years of age, and we do not knowingly collect personal data from children under this age.

If you believe that a child has provided us with personal data, please contact us and we will take steps to delete such data.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Where appropriate, notify you via email or an in-app notification

We recommend that you review this page periodically to stay informed about how we process your personal data.

13. Contact

If you have any questions, comments or requests regarding this Privacy Policy or our data practices, you can contact us at: