Privacy Policy — Coding Tutor AI

This page summarizes how we handle your data. The full data-handling spec is in our public 14-SECURITY_PRIVACY.md; this page is the user-facing version.

What we collect

Account data: email, display name, age bracket, hashed password (bcrypt cost 12) or OAuth subject.
Learner model: per-concept Beta-mastery parameters, common confusions, preferred analogies, learning style. Built from your in-app interactions.
Sessions & chat: the code you write, the test results, and your chat with the AI tutor. Code snapshots retained 90 days; chat 365 days. Both then archived (encrypted) for one year before deletion.
Billing: Razorpay customer ID, subscription & invoice IDs. Card brand + last 4 cached for UI. We never see or store full card numbers.
Audit log: auth events (sign-in, sign-out, password change), billing events (refund, cancellation), deletions. Retained 2 years per spec.

What we do NOT do

We do not train AI models on your data — ever. Your prompts and code stay yours.
We do not sell or rent your data.
We do not store full IP addresses for more than 24 hours; the audit log uses a one-way hash.
We do not use third-party advertising trackers.

Third-party processors

MiniMax processes your chat + code to generate tutor responses. They do not retain your data by default per their API policy/configuration.
OpenAI processes embeddings for search / recommendations (no chat).
Razorpay handles all card data via their PCI-DSS-compliant hosted checkout. We never see full card numbers.
AhaSend sends transactional emails (sign-up, billing, dunning).
Sentry & PostHog for error monitoring and product analytics. Default-PII off; identifiers are pseudonymous (user_id only).
Cloudflare for DNS + CDN + WAF.

Your rights (GDPR + similar regimes)

Access: Settings → "Export your data" downloads a single JSON file with everything we hold on you.
Rectification: Settings UI for profile fields.
Erasure: Settings → "Delete my account" triggers soft-delete; full purge after 30 days. Billing records (invoices, payments) are retained 7 years for legal compliance.
Portability: the export JSON is the canonical machine-readable format.
Object: contact us by email to object to processing on legitimate-interest grounds.

Data residency

Primary servers in the EU (Hetzner Frankfurt). Backups stored encrypted in Cloudflare R2.

Security

TLS everywhere; secrets never in git; Razorpay webhooks signature-verified (HMAC-SHA256); bcrypt cost 12; ES256 JWTs (15-minute access, 30-day rotated refresh); failed-login lockout cadence per spec. Backups encrypted with GPG before upload.

Children

The Service is not intended for users under 16.

Changes

Material changes are notified by email at least 14 days in advance.

Contact

Privacy questions / data-subject requests: admin@kshurikaacademy.com.

What we collect

Account data: email, display name, age bracket, hashed password (bcrypt cost 12) or OAuth subject.

Learner model: per-concept Beta-mastery parameters, common confusions, preferred analogies, learning style. Built from your in-app interactions.

Sessions & chat: the code you write, the test results, and your chat with the AI tutor. Code snapshots retained 90 days; chat 365 days. Both then archived (encrypted) for one year before deletion.

Billing: Razorpay customer ID, subscription & invoice IDs. Card brand + last 4 cached for UI. We never see or store full card numbers.

Audit log: auth events (sign-in, sign-out, password change), billing events (refund, cancellation), deletions. Retained 2 years per spec.

Third-party processors

MiniMax processes your chat + code to generate tutor responses. They do not retain your data by default per their API policy/configuration.

OpenAI processes embeddings for search / recommendations (no chat).

Razorpay handles all card data via their PCI-DSS-compliant hosted checkout. We never see full card numbers.

AhaSend sends transactional emails (sign-up, billing, dunning).

Sentry & PostHog for error monitoring and product analytics. Default-PII off; identifiers are pseudonymous (user_id only).

Cloudflare for DNS + CDN + WAF.

Your rights (GDPR + similar regimes)

Access: Settings → "Export your data" downloads a single JSON file with everything we hold on you.

Rectification: Settings UI for profile fields.

Erasure: Settings → "Delete my account" triggers soft-delete; full purge after 30 days. Billing records (invoices, payments) are retained 7 years for legal compliance.

Portability: the export JSON is the canonical machine-readable format.

Object: contact us by email to object to processing on legitimate-interest grounds.