Privacy Policy

Last updated: December 2024

Information We Collect

We collect information you provide directly to us, automatically through your use of our services, and from third-party sources as described below.

Information You Provide

  • Account Information: Name, email address, password (encrypted)
  • Contact Information: Name, email, subject, and message content when you contact us
  • Support Requests: Name, email, issue category, priority level, and detailed descriptions
  • Profile Settings: Notification preferences, daily reminder times, reading goals, theme preferences
  • AI Conversations: Complete chat history with Lighty including your questions and AI responses
  • Community Posts: Public posts you share about character studies, including likes and interactions
  • Payment Information: Billing details processed securely by Stripe (we don't store card numbers)

Information Collected Automatically

  • Study Progress: Current character, lesson day, completed studies, streak counts, timestamps
  • Usage Data: Feature usage, page views, time spent in app, click patterns (with consent)
  • Device Information: Browser type, device type, IP address, timezone (auto-detected)
  • Performance Data: App load times, error logs, crash reports (anonymized)
  • Location Data: Approximate location based on IP address for timezone detection only

Cookies and Local Storage

  • Essential Cookies: Authentication sessions, security tokens, load balancing
  • Functional Storage: App preferences, study progress, AI conversation history (with consent)
  • Analytics Cookies: Vercel Analytics for usage patterns and performance (only with explicit consent)
  • Cookie Preferences: Your consent choices for different cookie categories

How We Use Your Information

Service Provision & Personalization

  • Account Management: Create and maintain your user account, authenticate access
  • Study Experience: Track your progress, maintain streaks, recommend next studies
  • AI Companion: Provide contextual responses based on your current study and conversation history
  • Personalization: Remember your preferences, timezone, notification settings, and reading goals
  • Community Features: Display your posts and interactions in community sections

Communication & Support

  • Customer Support: Respond to your inquiries, troubleshoot issues, provide assistance
  • Service Updates: Send important announcements, feature updates, security notices
  • Daily Reminders: Send personalized email reminders for daily study (if enabled)
  • Contact Form Responses: Reply to your messages sent through our contact forms

Business Operations

  • Payment Processing: Process subscription payments, manage billing, handle refunds
  • Analytics & Improvement: Analyze usage patterns to improve features (only with consent)
  • Security & Fraud Prevention: Detect suspicious activity, prevent unauthorized access
  • Legal Compliance: Meet legal obligations, enforce terms of service

Data Retention

  • Account Data: Retained while your account is active and for 30 days after deletion
  • AI Conversations: Stored to maintain conversation context and improve responses
  • Email Tracking: Daily reminder logs kept for 30 days to prevent spam
  • Analytics Data: Aggregated data retained for up to 24 months (if consented)

Information Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. We only share your information in specific circumstances with trusted service providers as described below:

Essential Service Providers

  • Supabase: Database hosting and user authentication. Your account data, study progress, AI conversations, and settings are stored on Supabase servers with enterprise-grade security.
  • Stripe: Payment processing for subscriptions. We share your name, email, and billing information necessary for payment processing. Stripe handles all credit card data securely.
  • OpenAI: AI conversation processing. Your messages to Lighty and relevant study context are sent to OpenAI's API to generate responses. Conversations are not used to train AI models.
  • Resend: Email delivery service. We share your name and email address to send contact form responses, support replies, and daily study reminders (if enabled).
  • Vercel: App hosting and analytics. Usage analytics are only shared if you consent via our cookie banner.

Legal and Safety Disclosures

  • Legal Compliance: When required by law, court order, or government request
  • Safety and Security: To investigate fraud, security issues, or violations of our terms
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice)
  • With Your Consent: Any other sharing only occurs with your explicit permission

Data Processing Locations

  • Primary Storage: United States (Supabase, Vercel, Stripe)
  • AI Processing: OpenAI servers (primarily US-based)
  • Email Services: Resend (US-based infrastructure)
  • International Transfers: All providers comply with GDPR and international data protection standards

Data Security and Protection

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Technical Security Measures

  • Encryption: All data transmitted between your device and our servers uses SSL/TLS encryption
  • Password Security: Passwords are hashed using industry-standard algorithms and never stored in plaintext
  • Database Security: Row Level Security (RLS) policies ensure users can only access their own data
  • API Security: Authentication required for all sensitive operations, with rate limiting and monitoring
  • Production Logging: No sensitive information is logged in production environments

Operational Security

  • Access Controls: Limited access to production systems with multi-factor authentication
  • Regular Updates: Security patches and updates applied promptly
  • Monitoring: Continuous monitoring for suspicious activity and unauthorized access attempts
  • Incident Response: Procedures in place to respond quickly to any security incidents

Financial Data Protection

  • PCI Compliance: Stripe handles all payment card data with PCI DSS Level 1 compliance
  • No Card Storage: We never store credit card numbers or sensitive payment information
  • Secure Payments: All payment processing occurs on Stripe's secure servers

Your Privacy Rights

Under privacy regulations including GDPR, CCPA, and similar laws, you have specific rights regarding your personal data:

Access and Information Rights

  • Right to Access: View all personal information we have about you
  • Right to Know: Understand what data we collect, how it's used, and who it's shared with
  • Data Portability: Export your data in a machine-readable format
  • Correction Rights: Update or correct inaccurate personal information

Control and Deletion Rights

  • Right to Delete: Request deletion of your account and all associated data
  • Right to Restrict: Limit how we process your personal information
  • Withdrawal of Consent: Revoke consent for analytics, marketing, or optional features
  • Cookie Control: Manage cookie preferences through our consent banner

Communication Preferences

  • Email Preferences: Opt out of daily reminders and promotional emails
  • Notification Settings: Control in-app notifications and alerts
  • Support Communications: Choose how we respond to support requests

How to Exercise Your Rights

  • Account Settings: Many preferences can be updated directly in your profile
  • Cookie Banner: Use our cookie consent banner to manage tracking preferences
  • Email Us: Contact david.beasley@inspirechronicles.com for data requests
  • Response Time: We respond to privacy requests within 30 days
  • Identity Verification: We may request verification to protect your data

Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

Parents who believe their child has provided personal information should contact us immediately at david.beasley@inspirechronicles.com.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via email if you have an account with us
  • Display a prominent notice in the app
  • For material changes, provide 30 days advance notice

Your continued use of our service after changes take effect constitutes acceptance of the updated policy.

Contact Information

For questions about this Privacy Policy, to exercise your privacy rights, or to report privacy concerns:

Email: david.beasley@inspirechronicles.com
Company: Elenta Technology LLC
Response Time: Within 30 days for privacy requests
Subject Line: Please include "Privacy Policy Inquiry" in your subject line