2. Information We Collect
Account Information
- • Name and email address (provided by Google when you sign in via Google OAuth)
- • Profile picture URL (if included in your Google profile)
- • Account creation date and subscription tier
Usage and Content Data
- • Chat messages and AI responses (stored to maintain conversation history)
- • Images you upload to the chat (stored in Cloudflare R2)
- • Flashcard decks and cards you create
- • Practice session responses and progress data
- • Daily usage counts for limit enforcement
Payment Information
- • Subscription status, plan tier, and billing period (stored by us)
- • Payment card details are processed and stored exclusively by Stripe — we never see or store your card number
Technical and Analytics Data
- • Session tokens (stored in our database to keep you signed in)
- • Aggregate usage analytics collected by Vercel Analytics (no personally identifiable information)
- • Cookies set by Google AdSense for ad personalisation (see Section 7)
3. How We Use Your Information
- • To authenticate you and maintain your session
- • To provide AI tutoring, flashcard, and practice question services
- • To enforce daily usage limits and manage subscription access
- • To process payments and send billing-related communications via Stripe
- • To store and retrieve your chat history and flashcard data
- • To process images you upload through our AI pipeline (OCR and image analysis)
- • To send transactional emails (e.g. PDF issue reports) via Resend
- • To monitor service health and performance
- • To investigate abuse and enforce our Terms and Conditions
We do not use your personal data to train AI models, and we do not sell your data to any third party.
4. Third-Party Services and Data Sharing
We share data with the following third-party processors solely to operate the Service. Each provider has its own privacy policy.
- • Google (OAuth & AdSense): Authentication and advertising. Google may use cookies for ad personalisation. Google Privacy Policy
- • Stripe: Payment processing. Card details are handled entirely by Stripe. Stripe Privacy Policy
- • Google Gemini API: Powers the AI chat, query rewriting, embedding, and image analysis features. Your messages and images are transmitted to Google's API for processing.
- • Mistral AI: Used for OCR extraction from images you upload to the chat.
- • OpenAI: Used for AI-powered flashcard generation (Pro/Premium feature).
- • Neo4j AuraDB: Our knowledge graph database used to retrieve relevant economics content for AI responses. Queries derived from your messages are sent to this service.
- • Cloudflare R2: Stores images you upload to the chat and study note files.
- • Neon PostgreSQL: Stores weekly digest, past paper, MCQ, and LQ metadata.
- • Prisma Accelerate: Database connection pooling and query caching layer.
- • Resend: Sends transactional emails when you submit a PDF issue report.
- • Vercel: Hosts and deploys the Service. Vercel Analytics collects anonymised performance metrics.
We do not sell, rent, or trade your personal information to any third party for marketing purposes.
5. Cookies and Tracking
We use the following cookies and similar technologies:
- • Session cookie (
__Secure-authjs.session-token): Required to keep you signed in. Expires after 30 days or on sign-out. - • Google AdSense cookies: Set by Google to serve and personalise advertisements. You can manage or opt out via Google Ad Settings or your browser's cookie controls.
We do not use tracking cookies for marketing or analytics purposes beyond what is described above.
6. Data Retention
- • Account data: Retained until you delete your account or request deletion.
- • Chat history and messages: Retained until you manually delete individual chats.
- • Uploaded images: Deleted from Cloudflare R2 when the associated chat is deleted.
- • Flashcards and practice data: Retained until you delete them or your account.
- • Daily usage records: Retained for up to 90 days.
- • Payment records: Retained as required by applicable accounting and tax law (typically 7 years).
- • Session tokens: Expire after 30 days of inactivity.
7. Advertising
We use Google AdSense to display advertisements on the Service. Google may use cookies and device identifiers to serve ads based on your prior visits to our site and other websites. This constitutes a form of interest-based advertising. You can opt out of personalised advertising at adssettings.google.com or by installing the Google Analytics opt-out browser add-on.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- • Access: Request a copy of the personal data we hold about you.
- • Correction: Request correction of inaccurate or incomplete data.
- • Deletion: Request deletion of your personal data. You may delete individual chats and flashcards directly in the app. To request full account deletion, email us at dseconmentor@gmail.com.
- • Portability: Request a structured export of your personal data.
- • Objection: Object to processing of your data in certain circumstances.
- • Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at dseconmentor@gmail.com. We will respond within a reasonable timeframe. We may need to verify your identity before fulfilling a request.
9. Data Security
- • All data is transmitted over HTTPS/TLS encryption.
- • Authentication is handled via Google OAuth — we never store passwords.
- • Session tokens are stored in HttpOnly, Secure cookies.
- • Payment card data is handled exclusively by Stripe and never passes through our servers.
- • File storage uses signed URLs with expiry to prevent unauthorised access.
While we implement reasonable security measures, no system is completely secure. We cannot guarantee absolute security of data transmitted over the internet.
10. Children's Privacy
The Service is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at dseconmentor@gmail.com and we will delete it promptly.
11. International Data Transfers
Our third-party service providers (including Google, Stripe, Vercel, Mistral, OpenAI, and Neo4j) may process your data outside of Hong Kong. By using the Service, you acknowledge that your data may be transferred to and processed in other countries, which may have different data protection laws than your own. We ensure that such transfers are subject to appropriate safeguards through contractual arrangements with our providers.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or by email. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after the effective date of changes constitutes acceptance of the revised policy.