← Back to home

Privacy Policy

Last updated: 29 June 2026

1. Who we are

Learnisim AI ("we", "our", "us") is an AI-powered learning platform operated as an independent, individually-run project. We are the data controller for the personal data described in this policy.

For any privacy matter you can reach us at [email protected]. This Privacy Policy explains what data we collect when you use our website and app at learnisim.com, why we collect it, and how we protect it.

2. Data we collect

We collect only what we need to provide and improve the service:

  • Account information — your name, email address, and hashed password when you register.
  • Usage data — roadmaps you generate, topics you study, exam results, interview transcripts, and revision schedules. This data is necessary for core features like spaced revision and progress tracking.
  • AI inputs — text you submit to generate roadmaps, ask questions, or take interviews. This is sent to our AI provider to produce a response and is not used to train any model.
  • Billing data — your subscription tier and billing history. We never store card numbers — payment is handled entirely by Stripe.
  • Technical data — browser type, IP address, and session tokens (stored as signed, short-lived JWT cookies). We use this for security and to keep you signed in.

3. How we use your data

  • To operate the platform — authenticate you, run AI features, track progress, and schedule revisions.
  • To manage billing — process payments and enforce credit limits through Stripe.
  • To send transactional emails — account verification codes, subscription receipts, and security alerts. We do not send marketing emails unless you opt in.
  • To improve the service — aggregate, anonymous analytics about which features are used most. Individual learning content is never shared.

4. Legal basis for processing

If you are in the UK or EEA, we rely on the following lawful bases under the UK/EU GDPR:

  • Performance of a contract — to create your account, run AI features, track progress, and deliver the Service you signed up for.
  • Legitimate interests — to secure the platform, prevent abuse, and understand aggregate feature usage, balanced against your rights.
  • Legal obligation — to retain billing records and respond to lawful requests.
  • Consent — where required, e.g. before sending any marketing email. You may withdraw consent at any time.

5. Data sharing

We do not sell your data. We share it only with the following service providers, bound by data-processing agreements:

  • Neon / PostgreSQL — encrypted database hosting for all account and learning data.
  • AI providers (the provider configured in your deployment — e.g. xAI, Anthropic, OpenAI, DeepSeek) — your prompts are sent to generate responses. See each provider's privacy policy for how they handle API data.
  • Stripe — payment processing. Stripe's privacy policy governs card and billing data.
  • Resend — transactional email delivery.
  • Upstash Redis — rate-limit counters (no personal content, only request counts).

6. International data transfers

Some of our service providers (for example, AI providers, Stripe, Resend, Neon, and Upstash) process data on servers located outside the UK and EEA, including in the United States. Where we transfer your personal data internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an adequacy decision. You may request a copy of the relevant safeguard by emailing [email protected].

7. Data retention

Your account data is retained for as long as your account is active. If you delete your account (Settings → Data & Privacy), all personal data — including roadmaps, progress, and usage history — is permanently erased within 30 days. Anonymised aggregate statistics may be retained indefinitely.

8. Your rights

Depending on your jurisdiction you may have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data (right to erasure).
  • Object to or restrict certain processing.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, email [email protected]. We respond within 30 days.

If you are in the UK or EEA and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office). We'd appreciate the chance to address your concern first.

9. Security

Passwords are hashed with bcrypt. Sessions use signed JWT tokens stored in HttpOnly cookies with short expiry. All data in transit is encrypted with TLS. Database access is restricted to application infrastructure. We conduct periodic security reviews and aim to disclose any breach within 72 hours.

10. Children

Learnisim AI is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has created an account, contact us at [email protected] and we will delete the account promptly.

11. Changes to this policy

We may update this policy from time to time. We will notify you by email or in-app banner if the changes are material. The "last updated" date at the top of this page always reflects the current version.

12. Contact

Questions or concerns? Email us at [email protected].
© 2026 Learnisim AI. All rights reserved.
Privacy PolicyCookies PolicyTerms & Conditions