Privacy Policy

When you use the Service, we may collect the following information.

Account Registration and Authentication

When you create an account, start a free trial, subscribe, log in, or use the Service, you may provide information such as:

• email address
• display name
• phone number, if provided
• password or login credentials
• account preferences
• onboarding responses
• referral code
• role or account permission information
• subscription status
• communications you send to us

Authentication is provided through Supabase Auth via Lovable Cloud. Supabase Auth may store your email address, password hash, session tokens, and refresh tokens. Password hashes are managed by Supabase and are not exposed to the app.

Supabase Auth may use browser localStorage to persist your session, including access and refresh tokens. The Service may also use standard cookies or similar technologies as needed for session management, security, CSRF protection, and core functionality.

Social logins, such as Google or Apple sign-in, are not currently active unless you have separately enabled them in the authentication settings.

Profile, Learning, and Activity Information

We may collect and generate information about your use of the Service, including:

• profile information, such as email, display name, phone number, referral code, XP, streak, level, confidence score, and last lesson date
• onboarding answers
• lesson progress
• quiz attempts
• badges
• saved prompts or toolkit activity
• learning preferences
• categories or topics you interact with
• checkout attempts
• subscription mirror data from Stripe
• promo code redemptions
• product events, such as lessons completed, quizzes attempted, checkout events, and other usage activity

We use this information to provide the Service, personalize your experience, track progress, improve lessons, support billing and subscriptions, and understand what users find helpful.

Community Content

If you use community features, we may collect and store posts, comments, likes, reactions, and related activity.

Community content may be visible to other users or, depending on the feature, to the public. Please do not post sensitive, confidential, or private information in community areas.

We may review, moderate, restrict, or remove community content that violates our Terms of Service, community rules, or applicable law.

User-Submitted Content

You may submit prompts, notes, comments, onboarding responses, survey responses, support messages, email drafts, or other content through the Service.

Please do not submit sensitive, confidential, regulated, or private third-party information into the Service, including Social Security numbers, financial account numbers, medical records, legal documents, passwords, client confidential information, trade secrets, or information you do not have permission to share.

AI Features

Actually Useful AI may include AI-generated or AI-assisted content, including lessons, prompts, examples, summaries, recommendations, chat features, and Dot assistant functionality.

AI calls are processed through the Lovable AI Gateway, which may proxy requests to Google Gemini, OpenAI, or other AI providers supported by Lovable.

When you interact with the chat widget, Dot assistant, or other AI-enabled features, the information you type, along with relevant lesson context or app context, may be sent to Lovable AI Gateway and the applicable AI provider to generate a response.

Static prompts shown on toolkit or free-prompt pages are not sent to AI providers unless you copy them into an AI tool or submit them through an AI-enabled feature.

Lovable AI providers act as processors or service providers. Based on Lovable's terms and platform information, inputs sent through Lovable AI Gateway are not used by those providers for model training. Minimal request metadata may be retained by Lovable AI Gateway for abuse prevention, security, debugging, or operational purposes.

We do not store full prompt and response transcripts in our database by default unless a feature specifically saves that content or you choose to save it.

Do not submit sensitive, confidential, or private information into AI-powered features.

AI output may be inaccurate, incomplete, biased, outdated, or unsuitable for your specific circumstances. You are responsible for reviewing and verifying AI output before relying on it.

We may use aggregated, anonymized, or de-identified information to understand product usage, improve the Service, develop future features, and improve AI-assisted experiences. We do not intend to use your identifiable personal information to train general-purpose third-party AI models unless we clearly disclose that use or obtain consent where required by law.

Payment Information

Stripe is our payment processor. We do not store full credit card numbers, PAN, or CVV information.

Stripe may collect and process your payment card details, billing information, transaction history, fraud-prevention data, receipts, invoices, and related payment information under Stripe's own privacy policy.

Our database may store or mirror limited Stripe-related billing information, such as:

• Stripe customer ID
• Stripe subscription ID
• billing email
• plan type
• subscription status
• trial end date
• current billing period end date
• amount totals
• checkout attempt status
• completed-at timestamps
• renewal, cancellation, or payment status

Stripe sends its own receipts and invoices independently where applicable.

Email, Suppression, and Communication Data

Transactional and lifecycle emails are sent through Lovable Email, Lovable's built-in email infrastructure, processed through backend queues and scheduled routes.

We may store:

• email delivery logs
• recipient email address
• message ID
• email template
• delivery status
• error messages
• suppressed emails
• bounce, complaint, and unsubscribe records
• unsubscribe tokens
• email drafts
• marketing opt-in or opt-out status
• privacy preferences

We retain certain email suppression and unsubscribe records as needed to comply with email laws, prevent unwanted email, and honor opt-out requests.

Privacy Preferences and Requests

We may collect and store privacy-related preferences and requests, including:

• cookie consent
• marketing opt-in or opt-out
• do-not-sell or do-not-share preferences
• privacy access, deletion, correction, or export requests
• request status and verification details

These records help us comply with applicable privacy laws and document how privacy requests were handled.

Device, Usage, Log, and IP Information

When you use the Service, we, Lovable, Supabase, Cloudflare, Stripe, or other service providers may automatically collect information such as:

• IP address
• browser type
• device type
• operating system
• referring URL
• pages viewed
• timestamps
• approximate location based on IP address
• session activity
• clicks and interactions
• error logs
• API logs
• authentication logs
• performance data
• URL parameters
• lesson and product usage events

We use this information to operate the Service, keep accounts secure, detect fraud or abuse, troubleshoot bugs, improve performance, understand usage, and measure product effectiveness.

Analytics and Tracking

We do not currently have Google Analytics, Meta Pixel, PostHog, FullStory, Session Replay, or similar third-party behavioral analytics tools installed in the codebase.

We do collect first-party product event data in our own Supabase Postgres database, such as lessons completed, quiz attempts, checkout events, and similar product activity.

Lovable Cloud may collect basic platform-level operational telemetry, such as errors and infrastructure metrics, to operate and secure the platform. Lovable may act as an independent controller for platform-level telemetry it collects directly.

If we add analytics, advertising pixels, marketing cookies, or session replay tools in the future, we will update this Privacy Policy and, where required, provide appropriate consent or opt-out choices.

Cookies and Similar Technologies

We may use cookies, localStorage, pixels, SDKs, and similar technologies to:

• keep you logged in
• remember preferences
• secure the Service
• prevent fraud
• support payment checkout
• operate authentication
• support CSRF protection
• understand basic product usage
• save privacy choices

Essential technologies currently include Supabase authentication session storage, standard session or security cookies where needed, Cloudflare infrastructure cookies, and Stripe cookies on Stripe-hosted checkout pages.

We do not currently set Meta, Google, or other marketing cookies through the app.

Our database supports privacy preference fields for analytics and marketing cookie consent if those tools are added later.

You can control cookies through your browser settings. Some features may not work properly if essential cookies or localStorage are disabled.

Where required by law, we will request consent before using non-essential cookies or similar tracking technologies.

Lovable Hosting and Platform Providers

Actually Useful AI is built and hosted using Lovable.

The Service runs on Lovable Cloud. App and server-side rendering may run on Cloudflare Workers through Lovable's deployment infrastructure. Supabase powers the database, authentication, and backend functions, managed through Lovable Cloud.

We do not currently have separate storage buckets configured.

Your use of Actually Useful AI may involve processing by Lovable, Supabase, Cloudflare, Stripe, Lovable Email, Google Gemini, OpenAI, and other service providers we use to operate the Service.

For your end-user personal information, Lovable generally acts as our processor or service provider. For certain platform-level telemetry, account, billing, and platform usage information Lovable collects directly, Lovable may act as an independent controller.

We do not control the independent privacy practices of third-party providers. Their processing is governed by their own privacy policies, terms, and applicable agreements.

We may use your information to:

• provide, operate, and maintain the Service
• create and manage accounts
• authenticate users and maintain sessions
• process free trials, subscriptions, renewals, receipts, cancellations, failed payments, and billing notices
• personalize lessons, prompts, recommendations, and progress tracking
• provide AI-assisted features
• enable community features
• send transactional emails
• send marketing emails where permitted
• honor unsubscribe and suppression requests
• respond to support requests
• improve the Service
• test and develop new features
• understand user engagement
• detect and fix bugs
• prevent fraud, abuse, security incidents, and policy violations
• comply with legal, tax, accounting, and regulatory obligations
• enforce our Terms of Service
• protect our rights, users, property, and safety

If you are located in the European Economic Area, United Kingdom, Switzerland, or another jurisdiction that requires a legal basis for processing, we may process your information based on:

• performance of a contract, to provide the Service you requested
• consent, for marketing, optional cookies, or other consent-based processing
• legitimate interests, such as operating, improving, securing, and promoting the Service
• legal obligations, such as tax, accounting, consumer protection, and regulatory requirements
• vital interests, in rare cases where processing is necessary to protect someone's safety

You may withdraw consent at any time where processing is based on consent.

We do not sell your personal information for money.

We may share information in the following ways.

Service Providers and Processors

We may share information with vendors, processors, and service providers that help us operate, secure, improve, or promote the Service, including:

• Lovable
• Supabase
• Cloudflare
• Stripe
• Lovable Email
• Google Gemini, through Lovable AI Gateway
• OpenAI, through Lovable AI Gateway
• customer support tools, if used
• security and fraud-prevention tools
• analytics or advertising tools, if later enabled

These providers may process information on our behalf and are permitted to use it as allowed by their agreements with us and applicable law.

Payment Processors

Payment information is processed by Stripe. We do not receive or store full card numbers.

AI Providers

When you use AI-enabled features, the information you submit and related context may be processed through Lovable AI Gateway and applicable AI providers, such as Google Gemini or OpenAI, to generate a response and operate the feature.

Analytics and Advertising Partners

We do not currently use third-party advertising pixels or behavioral analytics tools in the app.

If we later enable analytics, retargeting, advertising pixels, or marketing cookies, we may share limited usage, device, cookie, or website interaction information with analytics or advertising partners to measure campaign performance, understand traffic, retarget visitors, or show relevant ads.

Some privacy laws may define certain targeted advertising, retargeting, or cross-context behavioral advertising as "sharing" or "selling." Where required, you may opt out.

Legal and Safety Reasons

We may disclose information when we believe it is necessary to:

• comply with law, subpoena, court order, legal process, or government request
• enforce our Terms of Service
• prevent fraud, abuse, or security incidents
• protect our rights, property, users, or the public
• assist law enforcement where legally required or appropriate
• prevent imminent harm

Business Transfers

If we sell, transfer, merge, reorganize, assign, or otherwise transfer part or all of the business, user information may be transferred as part of that transaction.

With Your Consent

We may share information when you direct us to do so or give us permission.

We may send transactional emails related to:

• account creation
• login or password resets
• free trials
• subscriptions
• billing
• receipts
• failed payments
• renewal notices
• cancellation confirmations
• security notices
• important Service updates

You cannot opt out of transactional emails while you have an active account because they are necessary to provide the Service.

We may also send marketing emails, such as AI tips, product updates, free resources, educational content, or offers. You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in an email or contacting us at actuallyusefulaiapp@gmail.com.

We process marketing opt-outs as required by applicable law, including CAN-SPAM.

We do not currently use Meta Pixel, Google Ads tags, or other third-party personalized advertising trackers in the app.

If we enable personalized advertising, retargeting, or similar tracking in the future, we will update this Privacy Policy and provide consent or opt-out choices where required by law.

Opting out of personalized advertising does not necessarily prevent all ads from being shown to you. It generally means the ads will not be personalized based on covered tracking activity.

We may anonymize, aggregate, or de-identify personal information so it no longer identifies you.

We may use anonymous, aggregated, or de-identified information for any lawful purpose, including analytics, product improvement, research, AI feature development, marketing insights, and business operations.

Depending on where you live, you may have some or all of the following rights:

• know what personal information we collect
• access a copy of your personal information
• know what personal information we have shared and with whom
• correct inaccurate information
• delete personal information
• export or receive a portable copy of your information
• object to certain processing
• restrict certain processing
• withdraw consent
• opt out of marketing emails
• opt out of sale, sharing, targeted advertising, or profiling where applicable
• limit use of sensitive personal information where applicable
• appeal a denied privacy request where applicable
• not be discriminated against for exercising privacy rights

To make a privacy request, email actuallyusefulaiapp@gmail.com.

We may need to verify your identity before fulfilling a request. These rights are not absolute. We may deny or limit a request where permitted by law, including when:

• we cannot verify your identity
• the request could violate another person's rights
• the request conflicts with applicable law
• the information is needed to provide the Service
• the information is needed for security or fraud prevention
• the information is needed for legal, tax, accounting, dispute, or compliance purposes
• fulfilling the request would interfere with legal rights or obligations

We will respond within the timeframe required by applicable law.

We do not currently offer a self-serve data export tool. You may request access to, export of, correction of, or deletion of your personal information by emailing actuallyusefulaiapp@gmail.com.

Our recommended privacy request process is:

• you email us with your request
• we verify your identity
• we fulfill the deletion, access, correction, or export request where required and permitted
• we log the request in our privacy requests records

Account deletion through authentication systems may remove or cascade-delete certain app-side data, including profile information, lesson progress, quiz attempts, badges, community posts, comments, likes, privacy preferences, promo redemptions, and user roles.

However, some information may be retained where legally permitted or required, including:

• email logs and suppression records
• unsubscribe records
• privacy request records
• Stripe payment and billing records
• tax and accounting records
• security logs
• backup copies retained for a limited period
• records needed to prevent fraud, enforce agreements, resolve disputes, or comply with law

Stripe records are retained by Stripe according to Stripe's legal, tax, accounting, and compliance obligations, even if app-side account data is deleted.

Residents of California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island, and other states with applicable privacy laws may have additional privacy rights.

The categories of personal information we may collect include:

• identifiers, such as name, email address, phone number, IP address, account ID, and device identifiers
• commercial information, such as subscription plan, payment status, purchase history, trial status, checkout attempts, and billing records
• internet or electronic network activity, such as pages viewed, clicks, session activity, device information, authentication logs, and lesson engagement
• approximate geolocation based on IP address
• inferences, such as product preferences, learning activity, or engagement patterns
• user-generated content, such as prompts, notes, comments, posts, support messages, email drafts, or survey responses
• education-like learning activity within the Service, such as lessons completed, quiz attempts, badges, XP, streaks, and confidence score

We collect this information from you, your device, service providers, payment processors, analytics tools if later enabled, platform providers, and our own product systems.

We use and disclose this information for the purposes described in this Privacy Policy.

We do not knowingly sell or share personal information of users under 16.

We do not intentionally collect sensitive personal information and ask you not to submit it.

We do not offer financial incentives in exchange for personal information unless clearly disclosed.

If you are a California resident, you may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.

You may request to know, access, correct, delete, or receive a copy of certain personal information. You may also opt out of sale or sharing of personal information where applicable.

We do not sell personal information for money.

If we later use advertising or analytics tools that constitute "sharing" under California law, you may request to opt out by contacting us at actuallyusefulaiapp@gmail.com or using any available privacy preference controls.

California residents may also request information about certain disclosures of personal information to third parties for their direct marketing purposes, if applicable.

The Service is not directed to children under 16.

Children under 13 may not create an account or use the Service.

We do not knowingly collect personal information from children under 13 in the United States or under the age of digital consent in other jurisdictions.

If we learn that we have collected personal information from a child without required parental consent, we will delete it as required by law.

If you believe a child has provided personal information to us, contact actuallyusefulaiapp@gmail.com.

We retain personal information for as long as needed to provide the Service, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, investigate abuse, and protect our legal rights.

In general:

• account information is retained while your account is active
• lesson progress, quiz attempts, badges, preferences, and app activity may be retained while your account is active
• billing and tax records may be retained as required by law, typically up to 7 years or longer where required
• Stripe retains payment and billing records according to its own policies and legal obligations
• email send logs may be retained unless and until we prune them
• suppression, unsubscribe, bounce, and complaint records may be retained to comply with email laws and avoid unwanted email
• privacy request records may be retained to document compliance
• security, authentication, API, database, and edge logs may be retained according to Supabase, Cloudflare, Lovable, and plan-specific retention periods
• Supabase automated backups may retain information for a limited period according to the applicable plan
• anonymized or de-identified information may be retained indefinitely

When you delete your account or request deletion, we will delete or anonymize personal information unless we are legally allowed or required to retain it.

We use reasonable administrative, technical, and organizational measures designed to protect personal information from unauthorized access, loss, misuse, disclosure, alteration, or destruction.

Security measures may include:

• HTTPS through Cloudflare TLS
• encryption in transit
• Supabase encryption of Postgres databases and backups at rest
• Supabase Auth password hashing
• role-based access controls
• row-level security on user-facing tables
• policies scoped to authenticated user IDs
• admin role gating through user role controls
• limited production access
• service provider security controls
• authentication logs and platform logs

No system is perfectly secure. We cannot guarantee that unauthorized access, hacking, data loss, or other security incidents will never occur.

If we discover a security incident affecting your personal information, we will notify you and applicable authorities as required by law.

Actually Useful AI is operated from the United States.

If you access the Service from outside the United States, your information may be transferred to, stored in, or processed in the United States or other countries where our service providers operate.

Data may be processed in the United States and at Cloudflare edge locations globally for routing, security, caching, and performance. Stripe may process data in the United States, European Union, or other locations. Lovable AI Gateway is currently described as operating in the United States. Your Supabase project region is based on the region configured in your Cloud dashboard.

These countries may have data protection laws different from those in your country.

Where required, we rely on appropriate safeguards for international transfers, such as contractual protections, data processing agreements, standard contractual clauses, or other legally recognized mechanisms used by our service providers.

Actually Useful AI is not currently certified under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, or the Swiss-U.S. Data Privacy Framework. If that changes, we will update this Privacy Policy.

In some jurisdictions, local laws may provide additional rights or require supplemental privacy terms. If applicable law conflicts with this Privacy Policy, the rights and protections required by applicable law will apply.

The Service may contain links to third-party websites, tools, payment processors, AI providers, social platforms, integrations, or advertisements.

We are not responsible for the privacy practices, security, content, or policies of third-party services.

Your use of third-party services is governed by their own privacy policies and terms.

Some browsers offer "Do Not Track" signals. The Service is not currently designed to respond to all Do Not Track signals.

Where legally required and technically supported, we will honor recognized opt-out preference signals, such as Global Privacy Control, for applicable targeted advertising or sale/share opt-outs.

You may also contact us at actuallyusefulaiapp@gmail.com to make an opt-out request.

We do not intentionally use automated decision-making that produces legal or similarly significant effects about you.

We may use automated systems for ordinary product functionality, authentication, security, fraud prevention, personalization, analytics, subscription operations, email operations, and AI-assisted features.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the Service.

When we update the Privacy Policy, we will change the "Last updated" date above.

If changes are material, we may provide additional notice, such as by email, account notice, or website notice.

Your continued use of the Service after an updated Privacy Policy becomes effective means you accept the updated Privacy Policy.

For privacy questions, requests, or concerns, contact:

Anna Nadybska
Sole proprietor doing business as Actually Useful AI
Email: actuallyusefulaiapp@gmail.com
Website: https://actuallyusefulai.app