Your privacy, our responsibility

Brainy AI accesses your learning activity data: course enrolments, worksheet submission scores, AI tutor session logs (anonymised), and tutoring session transcripts after analysis.

This data is used solely to calculate your mastery scores, generate personalised learning insights, apply Lesson Jumble discounts, and produce your weekly performance report.

Brainy AI does not access your payment information, authentication credentials, or any data unrelated to your learning activity.

Account data: name and email address provided at signup (via Supabase Auth).

Onboarding data: subjects, learning goals, target grades, and exam preparation preferences — used only to personalise your Brainy AI experience.

Learning activity: course progress, worksheet answers, AI tutor conversation history, and session recordings uploaded by tutors.

Payment data: PayPal transaction references and credit balance. We do not store full card or PayPal account details.

AI session transcripts are processed by Google Gemini to extract anonymised insights (subject studied, comprehension level, key remarks). Raw transcripts are stored encrypted in your private Supabase Storage bucket.

Learning analytics used for aggregate reporting are stripped of personally identifiable information before any internal analysis.

Mastery scores and XP data are attached to your account ID, not your name or email, in all internal calculations.

We do NOT sell your data to third parties — ever.

We do NOT use your data for advertising or marketing profiling.

We do NOT share your personal information with any external marketing platforms.

We do NOT train AI models on your personal conversation data without explicit opt-in consent.

We do NOT retain data from deleted accounts beyond a 30-day grace period.

All data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) enabled — you can only ever access your own data.

Audio recordings and marketplace files are stored in private Supabase Storage buckets with signed, time-limited access URLs.

All API routes require authentication. Sensitive operations (booking sessions, purchasing credits) include additional role-based authorisation checks.

We use HTTPS everywhere. Passwords are never stored in plain text — authentication is managed by Supabase Auth.

You can request a full export of your personal data at any time by contacting us at hello@simpler.ai.

You can request permanent deletion of your account and all associated data.

You can opt out of weekly AI-generated reports in your account settings.

If you are in the EU or UK, you have additional rights under GDPR / UK GDPR including the right to rectification and the right to object to processing.