Privacy Policy

Effective date: 1 April 2026 Service: TutorAI Data Controller: AKSA Corp OÜ, Estonia

1. Data Controller

The data controller responsible for your personal data is:

AKSA Corp OÜ Registry code: [registration number] Address: Estonia Contact: support@tutorai.ee

If you have any questions about how your data is handled, please contact us at the address above.

2. Data We Collect

We collect only the data that is necessary to provide and improve the Service.

2.1 Account Data

Data	Required	Purpose
Email address	Yes	Account creation, login, communication
Name	No (optional)	Personalisation of your experience

2.2 User Settings

We store the preferences you configure in your account settings:

Interface language — the language used for the TutorAI interface
Explanation language — the language in which AI explanations are delivered
Grade level — used to tailor explanations to your academic level
Country — used to align explanations with your curriculum

2.3 Usage Data

We track usage metrics necessary for operating the Service fairly:

Number of explanations requested per day and per month
Date of last usage reset
Subscription status (free or Pro)

This data is used solely to enforce the daily free usage limit and the fair usage policy, and to determine Pro subscription access.

2.4 Technical Data

When you use the Service, we may automatically collect:

IP address (used for rate limiting on account registration; not stored long-term)
Browser type and version (for compatibility purposes)
Device type

We do not build advertising profiles or track your behaviour across other websites.

3. Uploaded Content

When you upload an image or submit a text question:

Your content is transmitted securely to our AI provider (OpenAI) for processing.
The AI-generated explanation is returned and displayed to you.
Uploaded images are not stored on our servers after the explanation is generated.
A short preview of your text question (up to 100 characters) is stored in your explanation history so you can identify past sessions.
The full text of your questions is not stored beyond what appears in the explanation history summary.

You may delete your explanation history at any time from your account dashboard.

4. Purpose of Processing

We process your personal data for the following purposes:

Providing the Service — to operate your account, authenticate you, and deliver AI explanations.
Usage management — to apply daily free usage limits and the fair usage policy.
Subscription management — to manage Pro plan access and billing via Stripe.
Service improvement — to monitor system performance and usage patterns at an aggregate level.
Communication — to send important service-related notifications (not marketing emails without your consent).
Legal compliance — to fulfil our obligations under applicable law.

5. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

Contract performance (Article 6(1)(b)) — processing your email address, name, and settings is necessary to provide the Service you have agreed to use.
Legitimate interests (Article 6(1)(f)) — processing usage and technical data to protect the integrity and fair operation of the Service.
Consent (Article 6(1)(a)) — where you have explicitly agreed to specific processing (e.g. accepting these terms during registration).
Legal obligation (Article 6(1)(c)) — where processing is required to comply with applicable law.

6. Third-Party Services

We share data with the following third-party providers only to the extent necessary to operate the Service.

6.1 OpenAI

Your questions and uploaded images are sent to OpenAI, Inc. (USA) for AI processing. OpenAI processes this data as a data processor on our behalf.

OpenAI's privacy practices are governed by their own Privacy Policy: openai.com/privacy
We have configured our OpenAI integration to avoid using your data for OpenAI model training where this option is available.
Data transferred to OpenAI may be processed outside the European Economic Area (EEA). Such transfers are covered by appropriate safeguards as required by GDPR.

6.2 Stripe

Subscription payments are processed by Stripe, Inc. (USA). When you subscribe to TutorAI Pro, your payment information is handled directly by Stripe — we do not store your card details.

Stripe's privacy practices: stripe.com/privacy
Stripe may process data outside the EEA under appropriate transfer mechanisms.

We do not sell or rent your personal data to any third party.

7. Cookies

TutorAI uses only functional cookies and local storage necessary for the Service to operate correctly. We do not use advertising, tracking, or analytics cookies.

Storage item	Purpose
Session cookie	Keeps you logged in during your browser session
`tutorai_ui_language`	Remembers your chosen interface language
Authentication token	Maintains your login state between visits

You can clear cookies and local storage at any time through your browser settings. Doing so will log you out and reset your language preference.

We do not use third-party tracking cookies or cross-site analytics.

8. Data Retention

We retain your personal data only for as long as necessary:

Data type	Retention period
Account data (email, settings)	Until you delete your account
Explanation history summaries	Until you delete them or your account
Uploaded images	Deleted immediately after AI processing
Usage counters	Reset monthly; deleted when account is deleted
Payment records	Retained as required by Estonian accounting law (7 years)
IP addresses (rate limiting)	Not stored beyond the current server session

When you delete your account, your personal data is removed from our systems within 30 days, except where retention is required by law.

9. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

Right of access — you can request a copy of the personal data we hold about you.
Right to rectification — you can request correction of inaccurate or incomplete data.
Right to erasure — you can request deletion of your personal data ("right to be forgotten").
Right to restriction — you can request that we limit processing of your data in certain circumstances.
Right to data portability — you can request your data in a structured, machine-readable format.
Right to object — you can object to processing based on legitimate interests.
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at support@tutorai.ee. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection authority. In Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): aki.ee

10. Children and Parental Involvement

TutorAI is designed for students aged 10–18. We take the privacy of younger users seriously.

We do not knowingly collect personal data from children under 13 without verified parental consent.
Users under 18 must use the Service under parental or guardian supervision, in accordance with our Terms of Use.
Parents and guardians may contact us at support@tutorai.ee to request access to, correction of, or deletion of their child's account data.
If we become aware that a child under 13 has created an account without parental consent, we will delete the account and associated data promptly.

We encourage parents to speak with their children about safe and responsible use of online services.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of significant changes by posting a notice in the Service or by email.

The date at the top of this page indicates when the Policy was last updated. Continued use of the Service after changes are published constitutes acceptance of the updated Policy.

For questions about this Privacy Policy, contact us at support@tutorai.ee.