Effective Date: January 15, 2025
Your privacy matters to us. This policy explains what data we collect, why we collect it, and how you can control it.
1. Data Controller
ispectAI is operated by Leo Giesen, an individual based in Germany. For privacy inquiries, contact us at info.ispectai@gmail.com.
2. Data We Collect
Account Information
- Email address
- Name (optional)
- Profile picture (if you choose to add one)
Learning Data
- Quizzes you create and their content
- Your answers and performance metrics
- Spaced repetition progress and schedules
- AI-generated feedback and explanations
Usage Data
- Pages visited and features used
- Session duration and frequency
- Device type and browser information
- IP address (anonymized after 30 days)
Payment Data
Payment processing is handled by Polar.sh. We do not store your credit card details. We only receive confirmation of successful payments and subscription status.
3. How We Use Your Data
- Provide and improve our learning platform
- Personalize your learning experience with AI
- Process payments and manage subscriptions
- Send important service updates (you can opt out of marketing)
- Analyze usage patterns to improve our service
- Prevent fraud and ensure platform security
4. Legal Basis for Processing (GDPR)
- Contract: To provide you with our learning services
- Legitimate Interest: To improve our platform and prevent fraud
- Consent: For marketing communications and optional cookies
- Legal Obligation: To comply with tax and legal requirements
5. Third-Party Services
We use carefully selected services to operate ispectAI:
Supabase
Database and authentication
EU (Frankfurt)
OpenAI
AI content generation (data not used for training)
USA
Polar.sh
Payment processing
EU
Cloudflare
Security and performance
Global
For US-based services, we rely on Standard Contractual Clauses (SCCs) to ensure adequate data protection.
6. International Data Transfers
Your data is primarily stored in EU data centers. When data is transferred outside the EU (e.g., to OpenAI for AI processing), we ensure appropriate safeguards through Standard Contractual Clauses and data processing agreements.
7. Data Retention
- Account data: Until you delete your account
- Learning data: Until you delete your account or specific content
- Usage logs: 30 days (anonymized after)
- Payment records: 7 years (legal requirement)
8. Your Rights
Under GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Delete your data ("right to be forgotten")
- Portability: Export your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to certain processing activities
- Withdraw Consent: Withdraw consent at any time
To exercise these rights, email us at info.ispectai@gmail.com or use the data export/delete features in your account settings.
You also have the right to lodge a complaint with a supervisory authority. In Germany, this is the relevant state data protection authority (Landesdatenschutzbeauftragter).
9. Cookies & Local Storage
We use essential cookies for authentication and session management. We also use local storage to save your preferences and improve performance. We do not use tracking cookies or sell your data to advertisers.
10. Security
We implement industry-standard security measures including encryption in transit (TLS) and at rest, secure authentication, regular security audits, and access controls. While no system is 100% secure, we take your data protection seriously.
11. Children's Privacy
ispectAI is not intended for children under 16. We do not knowingly collect data from children under 16. If you believe we have collected such data, please contact us immediately.
12. Changes to This Policy
We may update this policy from time to time. We'll notify you of significant changes via email or in-app notification. Continued use after changes constitutes acceptance.
13. Contact & Complaints
- Email: info.ispectai{'@'}gmail.com
- Response Time: Within 30 days
As a small operation, we don't have a dedicated Data Protection Officer, but all privacy inquiries are handled with care and in compliance with GDPR requirements.