Privacy Policy

1. Data Controller

ispectAI is operated by Leo Giesen, an individual based in Germany. For privacy inquiries, contact us at info.ispectai@gmail.com.

2. Data We Collect

Account Information

• Email address
• Name (optional)
• Profile picture (if you choose to add one)

Learning Data

• Quizzes you create and their content
• Your answers and performance metrics
• Spaced repetition progress and schedules
• AI-generated feedback and explanations

Usage Data

• Pages visited and features used
• Session duration and frequency
• Device type and browser information
• IP address (anonymized after 30 days)

Payment Data

Payment processing is handled by Polar.sh. We do not store your credit card details. We only receive confirmation of successful payments and subscription status.

3. How We Use Your Data

• Provide and improve our learning platform
• Personalize your learning experience with AI
• Process payments and manage subscriptions
• Send important service updates (you can opt out of marketing)
• Analyze usage patterns to improve our service
• Prevent fraud and ensure platform security

4. Legal Basis for Processing (GDPR)

• Contract: To provide you with our learning services
• Legitimate Interest: To improve our platform and prevent fraud
• Consent: For marketing communications and optional cookies
• Legal Obligation: To comply with tax and legal requirements

5. Third-Party Services

We use carefully selected services to operate ispectAI:

For US-based services, we rely on Standard Contractual Clauses (SCCs) to ensure adequate data protection.

6. International Data Transfers

Your data is primarily stored in EU data centers. When data is transferred outside the EU (e.g., to OpenAI for AI processing), we ensure appropriate safeguards through Standard Contractual Clauses and data processing agreements.

7. Data Retention

• Account data: Until you delete your account
• Learning data: Until you delete your account or specific content
• Usage logs: 30 days (anonymized after)
• Payment records: 7 years (legal requirement)

8. Your Rights

Under GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Delete your data ("right to be forgotten")
• Portability: Export your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to certain processing activities
• Withdraw Consent: Withdraw consent at any time

To exercise these rights, email us at info.ispectai@gmail.com or use the data export/delete features in your account settings.

You also have the right to lodge a complaint with a supervisory authority. In Germany, this is the relevant state data protection authority (Landesdatenschutzbeauftragter).

9. Cookies & Local Storage

We use essential cookies for authentication and session management. We also use local storage to save your preferences and improve performance. We do not use tracking cookies or sell your data to advertisers.

10. Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, secure authentication, regular security audits, and access controls. While no system is 100% secure, we take your data protection seriously.

11. Children's Privacy

ispectAI is not intended for children under 16. We do not knowingly collect data from children under 16. If you believe we have collected such data, please contact us immediately.

12. Changes to This Policy

We may update this policy from time to time. We'll notify you of significant changes via email or in-app notification. Continued use after changes constitutes acceptance.

13. Contact & Complaints

• Email: info.ispectai{'@'}gmail.com
• Response Time: Within 30 days

As a small operation, we don't have a dedicated Data Protection Officer, but all privacy inquiries are handled with care and in compliance with GDPR requirements.