10minsAI← Back to home
Legal

Privacy Policy

Effective date: May 21, 2026

At 10minsAI, your privacy is a fundamental priority. This Policy explains what personal information we collect, why we collect it, how we use it, and the choices and rights you have over your data. We follow privacy-by-design principles.

1. Who We Are

10minsAI Inc. ("10minsAI," "we," "us," or "our") operates the 10minsAI platform — a personalized, continuous AI learning service accessible via our website at 10minsai.com and related applications. We are headquartered in Vancouver, British Columbia, Canada.

For the purposes of applicable data protection law (including Canada's PIPEDA, British Columbia's PIPA, and the EU General Data Protection Regulation where applicable), 10minsAI Inc. is the data controller responsible for your personal information.

2. Information We Collect

Information you provide directly

CategoryExamples
Account dataName, email address, password, profile photo, job title, organization
Onboarding dataRole, learning goals, AI experience level, preferred topics
Payment dataBilling name, address, last 4 digits of card (full card data handled by Stripe)
CommunicationsMessages you send us via email, contact forms, or support channels
User contentQuiz responses, notes, comments, and feedback submitted in the platform

Information collected automatically

CategoryExamples
Usage dataPages visited, features used, time spent, lesson completion, button clicks
Device & browserIP address, browser type, OS, screen resolution, language settings
Learning analyticsQuiz scores, streaks, progress milestones, content interactions
Referral dataHow you found us (UTM parameters, referral URL)

Information from third parties

  • Social login providers (Google, GitHub, LinkedIn) — name, email, and profile photo when you choose to sign in with them
  • Payment processors (Stripe) — confirmation of payment status
  • Analytics partners — aggregate usage signals to help us understand how the Service is used

3. How We Use Your Information

We use personal information for the following purposes:

  • To create and manage your account and authenticate your identity
  • To personalize your learning path, recommend content, and adapt your curriculum to your goals
  • To process payments, manage subscriptions, and send billing receipts
  • To communicate with you about the Service, including onboarding, product updates, and support
  • To send educational and promotional emails (with your consent, and opt-out available at any time)
  • To monitor and improve platform performance, reliability, and security
  • To detect and prevent fraud, abuse, and violations of our Terms of Service
  • To analyze aggregate trends and generate anonymized research insights
  • To comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data only where we have a valid legal basis:

CategoryExamples
ContractProcessing necessary to provide the Service you have signed up for
Legitimate interestsImproving the platform, preventing fraud, and ensuring security
ConsentMarketing communications, optional cookies, and analytics
Legal obligationCompliance with applicable laws and responding to lawful requests

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

5. Sharing Your Information

We do not sell your personal information. We share it only in the following circumstances:

Service providers

We share data with trusted third-party vendors who process it on our behalf and under our instructions. These include:

  • Supabase — database hosting and authentication
  • Stripe — payment processing
  • Vercel — platform hosting and CDN
  • Resend / SendGrid — transactional email delivery
  • Vercel Analytics — anonymized usage analytics
  • OpenAI / Anthropic — AI model providers for content personalization

Legal requirements

We may disclose your information if required to do so by law, court order, or government authority, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers

In connection with a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred. We will notify you before such a transfer and offer you choices in accordance with applicable law.

6. Data Retention

We retain personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account and profile data: retained while your account is active and for up to 3 years after deletion to meet legal obligations
  • Payment records: retained for 7 years for accounting and tax compliance
  • Learning progress data: retained while your account is active; exported or deleted on request
  • Server logs and security data: retained for up to 90 days
  • Marketing consent records: retained until consent is withdrawn plus 3 years

When data is no longer required, we delete or anonymize it securely.

7. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

CategoryExamples
AccessRequest a copy of the personal data we hold about you
CorrectionRequest correction of inaccurate or incomplete data
DeletionRequest deletion of your account and personal data ("right to be forgotten")
PortabilityReceive your data in a structured, machine-readable format
RestrictionRequest that we limit how we process your data in certain circumstances
ObjectionObject to processing based on legitimate interests or for direct marketing
WithdrawalWithdraw consent at any time for consent-based processing

To exercise any of these rights, contact us at privacy@10minsai.com. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before acting on your request.

You also have the right to lodge a complaint with your local data protection authority. In Canada, this is the Office of the Privacy Commissioner of Canada (OPC). In the EU, this is your national supervisory authority.

8. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service. Cookies are small text files stored on your device.

Types of cookies we use

CategoryExamples
Strictly necessaryRequired for the Service to function (authentication, session management)
AnalyticsHelp us understand how users interact with the platform (Vercel Analytics)
PreferencesRemember your settings and personalization choices
MarketingOnly with your consent; used to understand campaign effectiveness

You can control cookies through your browser settings. Note that disabling strictly necessary cookies may affect the functionality of the Service. For analytics and marketing cookies, you will be asked for consent when you first visit.

9. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

  • TLS/HTTPS encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Row-level security policies in our database
  • Access controls limiting data access to authorized personnel only
  • Regular security reviews and dependency audits
  • Third-party payment processing (we never store full card numbers)

Despite these measures, no method of electronic transmission or storage is 100% secure. If you become aware of any security breach, please notify us immediately at security@10minsai.com.

10. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will delete it promptly.

Users between 13 and 18 must have verifiable parental or guardian consent to use the Service. Parents or guardians who believe their child has provided us with personal information without consent should contact us at privacy@10minsai.com.

11. International Data Transfers

10minsAI is based in Canada. Your information may be transferred to, stored in, and processed in countries other than your own — including the United States, where many of our service providers (such as Stripe, Vercel, and Supabase) operate their infrastructure.

When transferring personal data from the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision. Canada is recognized by the EU as providing adequate protection for personal data.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will:

  • Notify you by email to the address associated with your account
  • Display a prominent notice within the Service
  • Update the effective date at the top of this Policy

Your continued use of the Service after the updated Policy takes effect constitutes your acceptance of the changes. We encourage you to review this Policy regularly.

Last updated: May 21, 2026 · This Policy supersedes all prior versions.

← Back to homeTerms of Service →