Privacy Policy

We collect the following categories of information:

• Account information. When you create an account using email and password, or sign in with a third-party provider such as Google, we collect your name, email address, profile picture (if provided), and a unique account identifier.
• Authentication data. We store hashed credentials and session tokens needed to keep you signed in securely.
• Learning activity. We collect data you generate while using the Service, such as lessons completed, progress, project submissions, and messages exchanged with our AI tutor, in order to personalize your experience.
• Device and usage data. We automatically collect log data such as IP address, browser type, operating system, referring pages, and timestamps to operate, secure, and improve the Service.
• Cookies. We use strictly necessary cookies for authentication and basic functionality, and may use analytics cookies to understand how the Service is used.

• To create and manage your account and authenticate you.
• To provide, personalize, and improve the Service, including course recommendations and AI tutor responses.
• To communicate with you about your account, updates, security alerts, and support requests.
• To monitor and protect the security and integrity of the Service, including detecting and preventing fraud or abuse.
• To comply with legal obligations.

If you choose to sign in with Google, we use the OAuth scopes you authorize (typically your basic profile information and email address) solely to create and authenticate your Aurilake account. We do not use Google user data for advertising and we do not sell it.

Aurilake’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We do not sell your personal information. We share data only:

• With service providers who help us operate the Service (for example, hosting, email delivery, and AI model providers), under contracts requiring them to safeguard your data.
• For legal reasons when required by law, regulation, or valid legal process, or to protect the rights, property, or safety of Aurilake, our users, or others.
• In a business transfer if Aurilake is involved in a merger, acquisition, or sale of assets, in which case we will notify you before your information is transferred.

We retain personal information for as long as your account is active or as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your account and associated data at any time by contacting us.

We use industry-standard administrative, technical, and physical safeguards to protect your information, including encryption in transit, hashed credentials, and access controls. No method of transmission or storage is 100% secure, but we work continuously to protect your data.

• Access, correction, and deletion. You may review and update most account information from your settings, or request access, correction, or deletion by contacting us.
• Revoke Google access.You can revoke Aurilake’s access to your Google account at any time at myaccount.google.com/permissions.
• Marketing emails. You can unsubscribe from marketing emails at any time using the link in those emails.

Depending on your location (e.g., EEA, UK, California), you may have additional rights under applicable privacy laws such as GDPR or CCPA, including the right to object to or restrict certain processing.

The Service is operated from servers that may be located outside your country of residence. By using the Service, you consent to the transfer and processing of your information in those jurisdictions.

The Service is not directed to children under 13 (or the equivalent age in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us so we can delete it.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date and, where required, provide additional notice. Your continued use of the Service after changes become effective constitutes acceptance of the updated Policy.

If you have questions about this Privacy Policy or our data practices, contact us at [email protected].