UofAi

Legal

Privacy Policy

Last updated: June 2026 · Draft

Placeholder draft. This is scaffold content pending review by qualified legal counsel. It is not yet a binding policy and should be replaced before launch.

1. Overview

This Privacy Policy explains what data UofAi ("we", "us") collects, how we use it, and the choices you have. It applies to the UofAi learning service.

2. Information we collect

  • Account data — your email address (used for passwordless sign-in) and basic profile details.
  • Learning data — your lesson progress, streaks, lab submissions, reflections, and coach interactions.
  • Payment data — when you subscribe, billing is handled by Stripe; we store a customer/subscription reference, not your full card details.
  • Usage and device data — product analytics events and basic technical data to operate and improve the Service.

3. How we use your information

We use your data to provide the Service (deliver lessons, save progress, give coach feedback, build your portfolio), process subscriptions, communicate with you (sign-in links, transactional and — where permitted — product emails), and to understand and improve how the product is used.

4. Service providers (sub-processors)

We share data only as needed with providers that help us run the Service:

  • Stripe — payment processing.
  • Resend — transactional and sign-in emails.
  • Anthropic — powers the AI coach; your submitted text is sent to generate feedback.
  • PostHog — product analytics.
  • Vercel (hosting) and Neon (database) — infrastructure.

We do not sell your personal data.

5. Cookies and analytics

We use a strictly-necessary cookie to keep you signed in. Product-analytics cookies are set only after you accept them via our cookie banner — you can decline, and analytics will not run. [Regional consent behavior (e.g. opt-in vs opt-out by jurisdiction) to be confirmed with counsel.]

6. Data retention

We keep your account and learning data while your account is active. If you delete your account, we delete or anonymize associated personal data within a reasonable period, except where retention is required by law or for legitimate business records.

7. Your rights

Depending on your jurisdiction (e.g., GDPR / CCPA), you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact us. [Specific rights, response timelines, and verification process to be finalized with counsel.]

8. Data security

We use industry-standard measures to protect your data, including encrypted transport and access controls. No system is perfectly secure, and we cannot guarantee absolute security.

9. Children's privacy

The Service is not directed to children under 16, and we do not knowingly collect their personal data.

10. Changes and contact

We may update this Policy and will communicate material changes through the Service or by email. Questions or privacy requests: hello@uofai.com.