Privacy Policy

At AConsultIT OÜ we take your privacy seriously. This policy explains what data we collect, how we use it, and your rights as a user under the EU General Data Protection Regulation (GDPR).

1. Who we are

The data controller is AConsultIT OÜ, registered at Tallinn, Estonia. For privacy questions, contact us at support@aconsultit.example.

2. What we collect

• Account data: email, name, password (hashed), preferred language, locale.
• Billing data: for paid purchases — billing name, country, optional VAT ID.
• Learning activity: lessons started/completed, quiz answers, points earned.
• Notes & bookmarks: any notes you write or lessons you bookmark are stored against your account.
• Server logs: IP address and basic request data are kept for security up to 30 days.
• AI tutor messages: we store your conversations with the AI tutor to improve answers and prevent abuse.

3. What we don't collect

• No third-party advertising or analytics trackers (no Google Analytics, no Facebook Pixel).
• No tracking cookies — only an essential session cookie for authentication.
• No selling or sharing of data with third parties for marketing.

4. Legal basis

We process your data on the basis of contract performance (account & learning features) and legitimate interest (security, fraud prevention). Marketing emails — if any — are sent only with your explicit consent.

5. Data sharing

We share data only with the following processors, each bound by a Data Processing Agreement (DPA):

• Stripe (Ireland) — for payment processing. Stripe receives your name, email, and payment details directly.
• Hosting provider — for storing your account and content.
• Email provider — for sending verification and notification emails.
• AI tutor provider (Groq / Anthropic) — when you use the AI tutor, your message is sent to the provider for an answer; we do not opt your data into model training where opt-out is offered.

6. Your rights

Under GDPR, you have the right to:

• Access — request a copy of your personal data.
• Correction — fix inaccurate data via your profile page or by emailing us.
• Deletion — request deletion of your account and all associated data.
• Portability — receive your data in a machine-readable format.
• Object — to specific processing activities.
• Lodge a complaint — with your local data protection authority.

To exercise any of these rights, email support@aconsultit.example.

7. Retention

Account data is retained for as long as your account is active. After account deletion, billing records are retained for 7 years to comply with EU tax law, but personal identifiers are anonymised where legally possible.

8. Cookies

We use only one essential cookie: a session cookie that keeps you logged in. It is HTTP-only, set with SameSite=Lax, and expires when you close your browser. We don't use any tracking, marketing, or analytics cookies.

9. Changes to this policy

If we make material changes, we will notify you by email and post the change date below.

Last updated: June 2026