Privacy Policy

1. Introduction

Welcome to Discenius. This Privacy Policy explains how APP DEV MASTERS LTD ("we", "us", or "our") collects, uses, discloses, and protects your personal information when you use our AI-powered learning platform.

By using Discenius, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

2.1 Information You Provide

When you create an account and use our services, we collect:

• Account Information: Email address, password (encrypted), full name (optional), avatar URL (optional), and preferred language
• Learning Content: Study subjects, learning goals, duration preferences, study plans you create, and book content you generate
• Payment Information: Billing details processed through Stripe (we do not store full card numbers, only card brand and last 4 digits)
• Communications: Messages you send to our support team

2.2 Automatically Collected Information

When you use our platform, we automatically collect:

• Usage Data: View counts, timestamps, last viewed dates, and interaction patterns with study plans and books
• Authentication Data: Session tokens stored in secure HTTP-only cookies managed by Supabase
• Technical Data: Server logs including IP addresses, browser type, device information, and error logs (stored by our hosting provider)

2.3 Cookies and Tracking Technologies

We use the following types of cookies:

• Necessary Cookies: Essential for authentication and security (cannot be disabled)
• Analytics Cookies: Help us understand how you use our site (optional, requires consent)
• Preference Cookies: Remember your settings and language preferences (optional, requires consent)

You can manage your cookie preferences at any time using our cookie consent banner or by adjusting your browser settings.

3. How We Use Your Information

We use your personal information for the following purposes:

• Service Delivery: To provide, maintain, and improve our AI-powered learning platform
• Content Generation: To generate personalized study plans and books using AI (OpenAI GPT-5 Nano)
• Authentication: To manage your account, verify your identity, and secure your sessions
• Payment Processing: To process payments and manage subscriptions through Stripe
• Communication: To send you service-related notifications, updates, and respond to your inquiries
• Analytics: To analyze usage patterns and improve our services (only with your consent)
• Security: To detect, prevent, and address technical issues, fraud, and security incidents
• Legal Compliance: To comply with legal obligations and protect our legal rights

4. Third-Party Services and Data Sharing

We use the following third-party services to operate our platform. Each service has its own privacy policy:

4.1 Supabase (Backend Services)

Purpose: Database, authentication, and backend infrastructure

Data Shared: All user account data, study plans, books, payment records, and session tokens

Location: Data stored on Supabase servers (AWS infrastructure)

Privacy Policy: https://supabase.com/privacy

4.2 OpenAI (AI Content Generation)

Purpose: AI-powered study plan and book content generation

Data Shared: Study subjects, learning goals, duration preferences, language settings, and study plan structures

Data Retention: OpenAI may retain data for a limited time as per their data usage policies

Privacy Policy: https://openai.com/privacy

4.3 Stripe (Payment Processing)

Purpose: Secure payment processing and subscription management

Data Shared: Email address, payment amounts, user ID, study plan details (as metadata), and payment method information

Data Stored by Us: We only store Stripe IDs, payment status, card brand, and last 4 digits. Full card details are never stored on our servers.

Privacy Policy: https://stripe.com/privacy

4.4 Vercel (Hosting Provider)

Purpose: Application hosting and content delivery

Data Shared: Server logs including IP addresses, user agents, and request data

Privacy Policy: https://vercel.com/legal/privacy-policy

4.5 Google Analytics (Web Analytics)

Purpose: Website analytics and user behavior tracking (only with your consent)

Data Collected: IP addresses (anonymized), browser information, device type, pages visited, time spent on site, geographic location, referral sources, and user interactions

Tracking ID: G-V81XSWWTZP

Consent Requirement: Google Analytics only loads if you accept "Analytics Cookies" in our cookie consent banner. You can withdraw consent at any time by rejecting analytics cookies.

Data Retention: Google Analytics retains data according to Google's data retention policies (typically 14-26 months)

Privacy Policy: https://policies.google.com/privacy

Opt-Out: You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or by rejecting analytics cookies on our site.

Note: We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: All data transmitted is encrypted using HTTPS/TLS
• Password Security: Passwords are hashed using bcrypt before storage
• Access Controls: Row-Level Security (RLS) ensures users can only access their own data
• Session Management: Secure JWT tokens with HTTP-only cookies
• Webhook Verification: All webhook endpoints verify cryptographic signatures
• Regular Updates: We keep our infrastructure and dependencies up to date

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to:

• Provide you with our services
• Comply with legal obligations (e.g., tax and accounting records for 7 years)
• Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal compliance.

7. Your Rights (GDPR & Data Protection)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request that we limit the processing of your personal data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data for certain purposes
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us at info@appdevmasters.com. We will respond to your request within 30 days.

8. International Data Transfers

Your personal information may be transferred to and processed in countries outside your country of residence, including the United States. These countries may have data protection laws that differ from your jurisdiction.

When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with third-party service providers
• Adequacy decisions for certain jurisdictions

9. Children's Privacy

Our services are not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete it.

10. Managing Cookies

You can manage your cookie preferences through our cookie consent banner or your browser settings:

• Browser Settings: Most browsers allow you to refuse or delete cookies
• Opt-Out: You can opt out of optional cookies at any time
• Necessary Cookies: Cannot be disabled as they are essential for authentication and security

Note: Disabling cookies may affect the functionality of our platform.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or through a prominent notice on our platform. The "Last Updated" date at the top indicates when the policy was last revised. Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry as soon as possible, typically within 30 days.

13. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contractual Necessity: To provide our services as agreed in our Terms of Service
• Consent: When you provide explicit consent (e.g., for analytics cookies)
• Legitimate Interests: To improve our services, detect fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations