Privacy Policy

SpevyAI ("SpevyAI", "we", "us", or "our") operates the website spevy.ai and its associated tools and services (collectively, the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how it is used and stored, who it is shared with, and what rights you have regarding your data.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of the Service.

1. Data Controller

SpevyAI is the data controller responsible for your personal data collected through this Service. For all privacy-related inquiries, you may contact us at: contact@spevy.ai.

2. Information We Collect

We collect the following categories of personal data:

a) Account Data

When you create an account, we collect your email address and, if provided, a display name or username. If you sign in via Google OAuth, we also receive your name and profile picture as provided by Google. This data is stored securely via Supabase and is used to manage your account, authenticate you, and communicate with you.

b) Content You Submit

Text, notes, questions, assignments, PDFs, and any other content you enter into our AI tools (AI Tutor, Study Planner, AI Summarizer, Flashcard Generator, Quiz Generator, Mind Map Generator, Past Paper Solver) is transmitted to our AI provider (Anthropic) solely to generate your requested output. This content is not stored permanently on our servers and is not used to train any AI models.

c) Payment Data

If you subscribe to SpevyAI Premium, payments are processed by Stripe. We do not receive or store your full card details. Stripe may share with us limited billing information such as the last four digits of your card, card brand, billing country, and subscription status, solely for account management purposes.

d) Usage and Analytics Data

We use PostHog to collect anonymized data about how users interact with the Service, including pages visited, features used, session duration, and click events. This data is aggregated and cannot be used to identify you personally. It is used solely to improve the platform.

e) Technical Data

We automatically collect certain technical information when you access the Service, including your IP address, browser type and version, operating system, device type, referring URLs, and language preferences. This data is used for security monitoring, performance optimization, and fraud prevention.

f) Communications Data

If you contact us via email or submit a bug report through the Service, we collect the content of your message and your email address in order to respond and resolve your inquiry. This data is retained for customer support purposes.

g) Locally Stored Data

Certain features (including your Study Streak, Reading List, Progress Tracker, and free-tier usage counters) store data locally in your browser using localStorage. This data does not leave your device and is not transmitted to our servers. Clearing your browser storage will remove this local data permanently.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

• Performance of a contract: Processing necessary to provide your account, deliver the Service, and fulfill your subscription.
• Legitimate interests: Analytics to improve the platform, security monitoring, fraud prevention, and responding to support inquiries.
• Legal obligation: Where we are required to process data to comply with applicable law.
• Consent: Where you have given explicit consent, such as for optional communications. You may withdraw consent at any time.

4. How We Use Your Information

• To create, maintain, and authenticate your account
• To deliver the features and functionality of the Service
• To process your AI requests via Anthropic's Claude API
• To manage your subscription and process payments via Stripe
• To send transactional emails (e.g. account confirmation, subscription receipts, cancellation notices) via SendGrid
• To analyze and improve product usage via PostHog
• To respond to your support requests and bug reports
• To detect, investigate, and prevent fraud, abuse, or security incidents
• To comply with legal obligations and enforce our Terms of Service

We do not use your personal data for advertising, and we do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

5. Third-Party Service Providers

We share data with the following third-party service providers solely to operate the Service. Each provider is bound by their own privacy policies and data processing agreements:

• Supabase: Authentication, database storage, and account management. Stores your email address, username, and subscription status. Privacy Policy
• Anthropic (Claude API): Processes content you submit to AI features to generate responses. Subject to Anthropic's data handling practices. Privacy Policy
• Stripe: Payment processing for Premium subscriptions. Handles all card and billing data. We do not store full card details. Privacy Policy
• SendGrid (Twilio): Transactional email delivery (e.g. welcome emails, billing notifications). Receives your email address for delivery purposes only. Privacy Policy
• PostHog: Anonymized product analytics. Collects usage events and session data that cannot be used to personally identify you. Privacy Policy
• Google (OAuth): If you choose to sign in with Google, Google shares your name, email address, and profile picture with us. We do not receive your Google password. Privacy Policy

We do not share your personal data with any other third parties except as required by law or as described in this policy.

6. International Data Transfers

SpevyAI and some of our third-party providers (including Supabase, Anthropic, Stripe, and SendGrid) may process your data in the United States or other countries outside your home jurisdiction. Where such transfers occur from the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms to ensure your data is protected in accordance with applicable law.

7. Cookies & Tracking

We use the following types of cookies and tracking technologies:

• Essential cookies: Required for the Service to function, including session authentication and user preferences. These cannot be disabled without disrupting the Service.
• Analytics cookies: Used by PostHog to collect anonymized usage data. These help us understand how the platform is used and improve it over time.

We do not use advertising cookies, retargeting pixels, or third-party tracking for marketing purposes. You may disable cookies in your browser settings; however, doing so may limit functionality of the Service.

8. Data Retention

• Account data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days, except where retention is required by law.
• AI tool content: Not stored permanently. Processed in real time and not retained on our servers after a response is delivered.
• Payment records: Stripe retains billing history in accordance with financial regulations. We retain subscription status records for accounting and legal compliance.
• Analytics data: Anonymized and aggregated; may be retained indefinitely as it cannot identify you.
• Support communications: Retained for up to 2 years to maintain customer support records, then deleted.

9. Children's Privacy (COPPA)

SpevyAI is intended for users aged 13 and over. We do not knowingly collect, solicit, or maintain personal information from children under the age of 13. If we become aware that a user under 13 has created an account or submitted personal data, we will take immediate steps to delete that information and terminate the account. If you are a parent or guardian and believe your child under 13 has used our Service, please contact us at contact@spevy.ai and we will act promptly.

10. Your Rights

Depending on your location, you may have the following rights. To exercise any of them, contact us at contact@spevy.ai:

• Right to access: Request a copy of all personal data we hold about you.
• Right to deletion (erasure): Request that we delete your personal data. You may also delete your account directly from your account settings.
• Right to correction (rectification): Request that we correct any inaccurate or incomplete data.
• Right to portability: Request your data in a structured, machine-readable format.
• Right to object: Object to processing of your data based on legitimate interests.
• Right to restriction: Request that we limit how we process your data in certain circumstances.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
• Right to lodge a complaint: If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection supervisory authority.

We will respond to all verified requests within 30 days.

11. California Privacy Rights (CCPA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):

• Right to know: The categories and specific pieces of personal information we collect, use, and disclose.
• Right to delete: Request deletion of personal information we have collected from you.
• Right to opt out of sale: We do not sell, rent, or trade your personal information to third parties. No opt-out is required.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise these rights, contact us at contact@spevy.ai.

12. Security

We implement industry-standard security measures to protect your data, including encrypted authentication via Supabase, encrypted payment processing via Stripe (PCI-DSS compliant), and secure HTTPS communication across the Service. However, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security and are not liable for unauthorized access beyond our reasonable control. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will make reasonable efforts to notify you (for example, via email or a notice on the Service). Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

14. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or how your data is handled, please contact us at: contact@spevy.ai