Privacy Policy | study.and.travel

1. Information We Collect

We collect information you provide directly: email address, name, and profile picture via OAuth providers (Google, Apple, Microsoft). We also collect usage data including token counts, model usage, and conversation metadata (not content).

2. How We Use Your Information

We use your information to provide the Service, manage your subscription, track token usage for billing, and improve our platform. We do not sell your personal data.

3. API Keys & Conversations

Your API keys are encrypted at rest using AES-256 and are only decrypted server-side when making API calls to your chosen provider. Conversation content is stored in DynamoDB and is accessible only to you. We do not use your conversations to train models.

4. Data Sharing

We share data only with service providers necessary to operate the platform: Stripe for payment processing, AWS for infrastructure, and AI model providers when you initiate conversations. Each provider's own privacy policy applies to their processing.

5. Data Retention

Account data is retained as long as your account is active. Conversations may be deleted by you at any time. Upon account deletion, all personal data is removed within 30 days.

6. Security

We implement industry-standard security measures including encryption at rest and in transit, secure authentication via AWS Cognito, and regular security audits.

7. Your Rights

You may access, update, or delete your personal data at any time through your account settings. To request a full data export or account deletion, contact us at privacy@example.com.

8. Contact

For privacy-related inquiries, contact us at privacy@example.com.