Privacy Policy

Last updated: 2026-04-15

Draft notice. This policy is a good-faith starting template. It does not constitute legal advice and may not satisfy every jurisdiction's requirements (e.g., GDPR, CCPA, LGPD, PIPEDA). Review with a qualified attorney before relying on it in a regulated market.

1. Who We Are

AI-Native Upskill ("we", "us", "our") operates this Service. Our contact email is solomon.learn.ai@gmail.com.

2. Information We Collect

Account information: When you register, we collect your name, email address, and a hashed version of your password.

Learning activity: We store your progress, completion timestamps, quiz answers, practice-editor submissions, and derived metrics (e.g., streaks, experience points).

AI-assistant interactions: We store the messages you send to Nova so we can show you chat history and improve the assistant. We also transmit your messages (and relevant lesson context) to third-party AI providers for inference.

Technical data: We collect standard server logs (IP address, user agent, request timestamps) and error-monitoring data via Sentry. If we enable product analytics (e.g., PostHog), we also collect basic interaction events.

Cookies: We use an authentication cookie to keep you signed in. We do not currently use advertising or cross-site tracking cookies.

3. How We Use Information

• Operate the Service (authentication, progress tracking, content delivery).
• Send transactional email (verification, password reset, account notifications). Promotional email is opt-in.
• Improve the Service (aggregate analytics, debug errors, measure activation).
• Comply with legal obligations and enforce our Terms.

We do not sell your personal information.

4. Third-Party Processors

We use the following sub-processors to operate the Service:

• Railway — application hosting and Postgres database.
• Cloudflare R2 — encrypted Postgres backups.
• Sentry — error monitoring.
• Resend — transactional email delivery (once enabled).
• AI inference provider(s) — e.g., Anthropic or OpenRouter — for Nova responses.
• PostHog (once enabled) — product analytics.

Each processor operates under its own privacy terms. We make reasonable commercial efforts to ensure processors provide adequate data protection.

5. Data Retention

• Account data: retained while your account is active. On account deletion, we delete or anonymize within 30 days, except where we have a legal obligation to retain.
• Learning activity: retained for the life of your account.
• Server logs: retained up to 30 days.
• Postgres backups: retained up to 30 days (R2 lifecycle rule).

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access a copy of your personal data.
• Correct inaccurate data.
• Request deletion.
• Object to or restrict processing.
• Port your data to another service.

To exercise any of these rights, email solomon.learn.ai@gmail.com. We will respond within 30 days.

7. Security

We use industry-standard measures to protect your data, including:

• TLS for all connections (HSTS enforced).
• Hashed passwords (never stored in plain text).
• Environment-scoped credentials and rate limiting on authentication endpoints.
• Nightly encrypted backups of the production database.

No method of transmission or storage is perfectly secure. If you believe your account has been compromised, email us immediately.

8. International Transfers

Our servers and sub-processors may operate outside your country. We rely on standard contractual clauses and provider-side safeguards where applicable.

9. Children

The Service is not directed to children under 13 (or the age of digital consent in your jurisdiction, whichever is higher). If you believe a child has created an account, email us and we will remove it.

10. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you via the Service or email and update the "Last updated" date.

11. Contact

Privacy questions or requests: solomon.learn.ai@gmail.com