Privacy Policy

1. Overview

H-AI-LEY is operated by HRB Studios ("we", "us", "our"). We design H-AI-LEY as an educational tool, not a data-harvesting platform. We try to keep data collection to the minimum needed to:

• Create and secure your account
• Provide AI-powered tutoring
• Remember your learning progress (if you want us to)
• Prevent misuse and keep users safe
• Operate subscriptions and billing where applicable

We do not sell your personal data. We do rely on third-party providers (such as OpenAI and Stripe) to power core features of the Service.

2. What data we collect (directly)

• Account information: your email address, chosen display name (if any), and a hashed version of your password. We do not store your password in plain text.
• Basic profile settings: account role (solo or parent), free trial usage (message counters), and settings like time-of-day preferences for reminders or progress emails (if enabled later).
• Usage and learning metadata: limited information about how you interact with the tutor (e.g., message counts, safety flags, pop quiz history, modules started/completed, and difficulty level) so we can enforce the free trial, apply safety rules, and adapt learning to you over time.
• Technical data: IP address, device or browser details, and basic logs, which may be used for rate limiting, security, and debugging.
• Conversation content: for most adult accounts, we store a limited window of recent chat messages on our servers (up to about 30 days) so H-AI-LEY can "remember" what you were working on and provide continuity between sessions. You can clear this conversation history at any time from your Privacy & Data settings.

For accounts marked as belonging to users under 18, we do not store full chat transcripts on our servers. Instead, we keep only limited learning progress metadata (for example, which topics have been covered) and rely on short-lived session context for replies.

All messages you send to H-AI-LEY are processed by our AI provider and may be retained temporarily according to their policies (see Section 4 and Section 8).

3. Cookies & session information

We use small cookies to keep you logged in and associate your requests with your account:

• ssc_auth: associates your session with your account email.
• ssc_session: a random session ID used to manage login state.

These cookies are typically httpOnly and same-site to reduce security risks. Blocking these cookies may prevent you from staying logged in.

4. Third-party providers (including OpenAI)

To provide AI tutoring and billing, we send some data to third-party services, including:

• AI provider (OpenAI or similar): we send your messages, limited context, and learning-related metadata so the model can generate replies. The AI provider may log inputs and outputs for a limited time (for abuse detection, security, or system monitoring).
• Payment processor (e.g., Stripe): if you upgrade to a paid plan, your payment details are handled by our payment partner. We do not store your full card number on our servers.

Important: these providers have their own privacy and data retention policies. We do our best to choose reputable providers and to send only the data needed to provide the Service.

5. How we use your information

• To create and manage your account and sessions.
• To enforce the free trial and detect abuse or misuse.
• To adapt the tutor experience to your level and goals (e.g., pop quizzes, difficulty routing, and personalized lesson plans).
• To remember your learning progress over time, unless you choose to reset or delete it.
• To provide support and respond to your questions.
• To protect the Service and other users from harmful or prohibited content, as described in the Terms of Service.

We also collect limited, privacy-respecting usage and billing events (for example, basic logs and subscription status) so we can keep the Service reliable and secure. We do not sell personal data or run third-party advertising trackers.

6. Children & teens

• The public edition of H-AI-LEY is intended for users 13 years and older.
• We do not knowingly allow children under 13 to create accounts. If we become aware of an account belonging to a child under 13, we may deactivate it and delete associated data where appropriate.
• For teen accounts (13–17), we aim to minimize long-term storage of sensitive content. We do not store full conversation transcripts for accounts marked as under 18, but we may keep limited learning progress data so the tutor can show improvement over time.
• Users aged 13–17 should use H-AI-LEY with the permission and understanding of a parent or legal guardian, especially for paid plans.

7. Data retention

We aim to retain only what we need and for as long as we reasonably need it:

• Account and profile data are kept while your account is active. If you delete your account, we delete or anonymize reasonably identifiable data under our control, except where retention is required for legitimate business or legal purposes (for example, billing records).
• Chat history (adult accounts): for most adult accounts, we keep a rolling window of recent conversation history (up to about 30 days) so you can pick up where you left off. You can clear this history at any time from your Privacy & Data settings.
• Chat history (under-18 accounts): for accounts marked as belonging to users under 18, we do not store full conversation transcripts on our servers. Session context may be used to generate replies but is not kept as a long-term chat history.
• Learning progress data: information about which topics you've studied, your quiz results, and your progress through lessons is stored until you choose to reset it or delete your account. This does not include full chat transcripts.
• Logs and safety-related records: some technical logs, safety-related flags, and records of serious misuse may be retained longer if needed for security, abuse prevention, or legal compliance.
• AI provider logs: our AI provider may retain your prompts and responses for a limited period for abuse monitoring and system safety. These logs are controlled by the provider and are not stored on H-AI-LEY's servers.

8. Data deletion & OpenAI log requests

We want you to stay in control of your data. You can manage most deletion and reset options yourself in the app:

• Clear conversation history: from the Privacy & Data page, you can delete the chat history that H-AI-LEY stores for your account (for adult accounts, up to the last 30 days of messages).
• Reset learning progress: you can reset your stored learning progress so the tutor starts fresh with you.
• Delete account & all data: you can request deletion of your account and associated data directly in the app. When you do this, we delete or anonymize reasonably identifiable data under our control, except where we are required to keep certain records (for example, limited billing or fraud-prevention data).

For messages and context that have been processed by our AI provider (such as OpenAI), we do not control their internal systems directly. However:

• We limit what we send to what is reasonably needed to provide the Service.
• The provider typically retains logs only for a short period for safety and abuse prevention, under their own policies.
• If you wish to request deletion of provider-held logs sooner, we can provide guidance or a template request, or you may contact the provider directly through their published channels.

If you are unable to use the in-app controls or have additional questions about deletion, you can also contact us at:

info@hrbstudios.com

9. Your rights

Depending on your location, you may have certain rights over your data, such as:

• Accessing a copy of the personal data we hold about you.
• Requesting correction of inaccurate information.
• Requesting deletion of your account data or using in-app controls to delete or reset it.
• Objecting to certain types of processing or requesting restrictions.

You can exercise these rights by using the in-app Privacy & Data controls or contacting us at the support email above. We may need to verify your identity before acting on a request.

10. Security

We use reasonable technical and organizational measures to protect your information. However, no system is perfectly secure, and we cannot guarantee absolute security of data transmitted over the internet.

If we become aware of a significant incident involving your data, we will take appropriate steps and, where required by law, notify you.

11. Changes to this Privacy Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date and may provide additional notice (such as a banner, email, or in-app message).

Your continued use of the Service after the changes become effective means you accept the updated Policy.