Privacy Policy
1. Who We Are
AI4AI — Academic Institute For Artificial Intelligence (the "Service") is operated by mAIb Tech LLC, a limited liability company organized in the State of Delaware, United States of America. For purposes of data-protection law, mAIb Tech LLC is the controller of personal information processed through the Service. You can reach us about privacy at support@maib.io. This Privacy Policy explains what we collect, why, who we share it with, and the choices and rights you have.
2. Information You Provide
• Account and sign-in: By default you can use the Service with an anonymous account, which is just a random identifier with no personal details. If you choose to sign in with email, Apple, or Google, we receive your email address and a provider account identifier through our authentication provider, Supabase. • Profile and preferences: your chosen role, interests, reading-level preference, and onboarding choices. • Learning activity: lessons completed, quiz results, certificates earned, XP, and streaks. • Community content: prompts, prompt versions, posts, comments, votes, forks, and saved items you create or interact with. • Support communications: the contents of messages you send to support@maib.io.
3. Information Created Through Use
• Playground and lesson prompts: When you run a prompt, the text you submit is transmitted to a third-party AI model provider to generate a response (see Section 6). Our servers do not retain the content of your Playground prompts after the request completes; we record only metering metadata (for example, that a run occurred and the model used) to enforce usage limits and operate the Service. Prompts you choose to publish to the Vault are, by design, stored and shown to other users. • Usage and metering: counts of daily runs and similar product analytics. • Device and connection data: IP address and basic request metadata are processed transiently by our gateway and hosting providers for security, rate-limiting, and abuse prevention; we do not use them to build advertising profiles.
4. Payment Information
Premium subscriptions are processed by Stripe, Inc. When you subscribe, you provide your payment details directly to Stripe; we do not receive or store your full card number, CVC, or bank credentials. We receive and store limited billing information from Stripe — such as your subscription status, plan, and Stripe customer and subscription identifiers — to grant and manage Premium access. Stripe processes your data as an independent controller/processor under its own privacy policy.
5. How We Use Information
We use personal information to: provide and maintain the Service; authenticate you and keep your account secure; save and sync your learning progress and content across devices; run AI prompts you request; process subscriptions and payments and enforce free-tier limits; prevent fraud, abuse, and security incidents; respond to your support requests; understand and improve the Service; and comply with legal obligations. We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under California law.
6. AI Model Providers and How Your Prompts Are Handled
When you run a prompt, our gateway routes it to the provider that serves the selected model. In production these are: Anthropic, PBC (for Claude models) and OpenRouter, Inc. (which routes to providers including OpenAI, Google, Meta, xAI, and Mistral). Your prompt text and the generated output are processed by the relevant provider to fulfill your request and are subject to that provider's privacy and data-retention terms. We send only the prompt content needed to generate the response — not your name, email, or payment details. If you self-host models (for example, a local model), prompts for those models are not sent to third parties.
7. Sub-Processors and Service Providers
We use the following providers to operate the Service: Supabase, Inc. (authentication and database hosting); Stripe, Inc. (payments); Anthropic, PBC and OpenRouter, Inc. (AI model access); our cloud/VPS hosting provider (application hosting); and, for the mobile app, Expo / Apple App Store and Google Play (distribution and, if enabled, push notifications). Each processes personal information on our behalf or as an independent controller, under contractual and legal safeguards. We will keep an up-to-date list available on request at support@maib.io.
8. Legal Bases (for EEA/UK Users)
Where the EU or UK GDPR applies, we rely on: performance of our contract with you (to provide the Service and process subscriptions); our legitimate interests (to secure, maintain, and improve the Service and prevent abuse), balanced against your rights; your consent (where we ask for it, such as optional communications), which you may withdraw at any time; and compliance with legal obligations.
9. Cookies and Local Storage
The Service does not use third-party advertising or tracking cookies. The web app stores data in your browser's local storage, and the mobile app stores data on your device, to keep you signed in and to cache your progress and preferences. Supabase sets a small number of cookies/tokens necessary for authentication. See our Cookie & Storage Policy for details. You can clear this data at any time via your browser/device settings or the in-app "Reset" control.
10. Data Retention
We retain your account and profile data for as long as your account exists. Community content you published remains available unless you delete it (noting that forks or copies made by others may persist independently). Metering records are kept as needed to operate and secure the Service. We do not retain Playground prompt content after a run completes. When you request deletion (Section 12), we delete or anonymize your personal information within 30 days, except where we must retain it to comply with legal, tax, accounting, or security obligations.
11. Security
We protect your information with technical and organizational measures, including: encryption in transit (HTTPS/TLS); row-level security in our database so each user can access only their own private records; server-side enforcement of entitlements and usage limits (your subscription status and quotas cannot be altered from the client); processing of payment-card data exclusively by PCI-DSS-compliant Stripe; and keeping all provider API keys and secrets on our servers, never exposed to the client. No system is perfectly secure, but we work to protect your data and to address vulnerabilities promptly.
12. Your Rights and Choices
Depending on where you live, you may have the right to access, correct, delete, or export your personal information; to object to or restrict certain processing; and to withdraw consent. To exercise any right, email support@maib.io from your account email or include your account identifier; we will verify your request and respond within the time required by law. You can also update many details in the app, and you can delete locally stored data using the in-app "Reset" control. We will not discriminate against you for exercising your rights.
13. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect and how we use and disclose it; to request access to and deletion of your personal information; to correct inaccurate information; and to opt out of the "sale" or "sharing" of personal information. We do not sell or share your personal information, and we do not use sensitive personal information for purposes requiring a right to limit. The categories we collect are described in Sections 2–4 (identifiers, account and profile data, commercial/subscription data, internet and usage activity, and user-generated content). To exercise your rights, contact support@maib.io. You may use an authorized agent, and we will not discriminate against you for exercising these rights.
14. International Data Transfers
We are based in the United States, and we and our providers may process your information in the United States and other countries whose data-protection laws may differ from yours. Where required for transfers from the EEA, UK, or Switzerland, we and our sub-processors rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
15. Children's Privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact support@maib.io and we will delete it. Users between 13 and 18 should use the Service only with a parent or guardian's involvement.
16. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you within the Service or by email before they take effect, and we will update the "Last updated" date below.
17. Contact Us
For privacy questions or to exercise your rights, contact mAIb Tech LLC at support@maib.io or via https://maib.io.
Questions about this policy? Contact mAIb Tech LLC at support@maib.io.