Privacy Policy

Last updated: May 11, 2026

This Privacy Policy describes how Tutor AI SAT (“we,” “our,” or “us”) collects, uses, stores, and protects your personal information when you use our AI-powered SAT preparation platform. By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address and the name you provide. If you sign in via Google or Apple OAuth, we collect the email and name associated with that provider. We do not store your Google or Apple passwords.

1.2 Learning & Usage Data

To personalize your preparation and improve our AI models, we collect data about your activity on the platform, including:

• Practice questions answered, your responses, scores, and accuracy rates
• Diagnostic assessment results and skill-level predictions
• AI tutor conversations, hints requested, and explanations viewed
• Study time, session duration, and practice frequency
• Review cards created and spaced repetition progress (SM-2 algorithm data)
• Mock test results, completion rates, and section performance
• Bookmarked questions

1.3 Payment Information

If you subscribe to Premium, payment processing is handled entirely by Stripe. We do not collect, store, or process credit card numbers. Stripe may share your subscription status and billing email with us so we can manage your account.

1.4 Device & Technical Data

We collect standard technical information including browser type, device type, operating system, IP address, and referral URL. This data is used for analytics, security, and troubleshooting purposes.

2. How We Use Your Data

We use the information we collect to:

• Personalize your learning path — Our AI engine adapts question difficulty and topic selection based on your performance.
• Generate performance insights — Score predictions, study plans, and diagnostic reports are powered by your data.
• Improve our AI models — Aggregated, anonymized data helps us train better recommendation algorithms and question selection.
• Communicate with you — Account-related emails (verification, password reset, subscription updates) via AWS SES.
• Monitor and secure the platform — Detect abuse, unauthorized access, and technical issues.
• Comply with legal obligations — Respond to lawful requests and enforce our Terms of Service.

3. Analytics & BigQuery

We use Google BigQuery to aggregate anonymized usage events (login, registration, question answered, AI tutor usage, test completions) for product improvement and internal analytics. This data is:

• Stored with automatic 90-day partition expiration
• Aggregated and not linked to individual identities in our reports
• Not shared with third parties

4. AI & Third-Party Services

Our AI Tutor feature uses Anthropic’s Claude API (via Google Vertex AI) to generate explanations and answer hints. When you use the AI Tutor, your question and conversation context may be sent to these providers for processing. We do not share your personal identity with AI providers. Your conversations are stored in our database and associated with your account for continuity purposes.

Other third-party services we use include:

• Stripe — Payment processing (see Section 1.3)
• AWS SES — Transactional email delivery
• Google Cloud Platform — Infrastructure hosting (Cloud Run, Secret Manager, BigQuery)
• MongoDB Atlas — Primary database
• Vercel — Frontend hosting

5. Data Storage & Security

Your data is stored in Google Cloud Platform (us-central1) and MongoDB Atlas (GCP CENTRAL_US region). We implement industry-standard security measures including encryption at rest and in transit, access controls, and regular security reviews. Passwords are hashed using bcrypt with a cost factor of 12. API keys and secrets are stored in Google Secret Manager.

6. Data Retention

We retain your account information for as long as your account is active. Usage data (events) in BigQuery is automatically deleted after 90 days. If you delete your account, your personal data will be deleted or anonymized within 30 days, except where we are required to retain it for legal purposes.

7. Children’s Privacy

Our Service is intended for high school students preparing for the SAT. We recognize that many of our users may be under 18. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe a child under 13 has provided us with personal data, please contact us immediately.

8. Your Rights & Choices

You have the right to:

• Access — Request a copy of the personal data we hold about you.
• Correct — Update your account information at any time in your profile settings.
• Delete — Request deletion of your account and associated data.
• Export — Request a machine-readable export of your data.
• Opt out — You may opt out of non-essential analytics by disabling cookies where applicable.

To exercise any of these rights, contact us at privacy@tutoraisat.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a notice on our platform. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related inquiries, contact our Data Protection team at privacy@tutoraisat.com.