Privacy Policy

Everymathia is an interactive educational platform designed for students aged 10–15. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our learning platform at everymathia.com. By using Everymathia, you agree to the practices described in this policy, our Terms of Service, Cookie Policy, and Refund Policy.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

• First and last name
• Email address
• Password (hashed using bcrypt before storage — we never store passwords in plain text)

1.2 Profile Information

You may optionally provide or configure:

• Avatar type and avatar data
• Theme preference (light, dark, or auto)
• Accent colour selection
• Daily study goal
• Auto-advance preference

1.3 Learning and Usage Data

We automatically collect information about how you use the platform:

• Total study minutes and daily study time
• Study streak data (current streak, longest streak, last active date)
• Course progress and chapter completion status
• Quiz attempt details (questions presented, your selected answers, correct answers, scores, pass/fail status, and timestamps)
• Study notes you create (content, associated chapter and section type)
• Achievements and badges earned
• Notification preferences (which email types you have opted into or out of)

1.4 Payment Information

All payment processing is handled by Stripe. We do not store credit card numbers, CVVs, or billing addresses on our servers. We store only your Stripe customer ID, Stripe subscription ID, subscription plan type, billing period dates, and cancellation status.

1.5 Communication Data

If you contact us through our contact form, we collect your first name, last name, email address, subject, and message content.

1.6 Technical Data

We collect standard technical data through HTTP headers, including your IP address, browser type, and device information. We do not use browser fingerprinting or tracking pixels.

2. How We Use Your Information

We use the collected information for the following purposes:

• To provide and maintain our learning platform services
• To personalise your learning experience and track your progress
• To award achievements and maintain study streaks
• To generate performance reports and quiz analytics (available to subscribers)
• To send transactional and notification emails (see Section 3)
• To process subscription payments through Stripe
• To improve the platform and develop new features
• To enforce security measures, prevent fraud, and protect against abuse
• To comply with legal obligations

3. Email Communications

We send the following types of emails:

Essential Emails (cannot be opted out of)

• Email verification — Sent when you register an account, containing a verification link valid for 24 hours
• Password reset — Sent when you request a password reset, containing a reset link valid for 1 hour

Notification Emails (can be opted out of individually)

• Inactivity reminders — Sent if you have not used the platform for an extended period
• Milestone achievements — Sent when you reach chapter completion milestones (25, 50, 75, 100, or 125 chapters)
• Course completion — Sent when you complete all chapters in a course
• Subscription renewal reminders — Sent before your subscription renewal date

You can manage your notification preferences at any time from your account settings under the Notifications tab.

4. Third-Party Services

We use the following third-party services to operate the platform:

Stripe (Payment Processing)

Stripe processes all subscription payments. Stripe is PCI DSS Level 1 certified. We send Stripe your email address and user ID to create a customer record. All credit card data is handled exclusively by Stripe and never touches our servers. See Stripe's Privacy Policy.

Anthropic / Claude AI (Content Generation)

We use Anthropic's Claude AI to generate educational content, including theory sections, quiz questions, and interactive problems. Your personal data is never sent to Anthropic. Only educational content prompts (course topics, chapter descriptions) are sent. Generated content is stored on our servers and served to you. See Anthropic's Privacy Policy.

Google Fonts (Font Delivery)

We load the Signika font family from Google Fonts. When fonts are loaded, Google may receive your IP address and browser information. No tracking or advertising data is exchanged. See Google's Privacy Policy.

Email Service Provider (SMTP)

We use an SMTP provider to send transactional and notification emails. The provider receives your email address and message content for delivery purposes only.

5. AI-Generated Content

Educational content on Everymathia — including theory sections, quiz questions, and interactive problems — is generated using artificial intelligence (Anthropic Claude). All generated content is reviewed and stored on our servers before being served to users. While we strive for accuracy, AI-generated material may contain inaccuracies inherent to the technology. Your personal data is never included in prompts sent to the AI.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: We share data with the third-party service providers listed in Section 4 (Stripe, Anthropic, Google Fonts, SMTP provider), solely for the purposes described
• Legal Requirements: We may disclose information when required by law, court order, or governmental regulation, or to protect our rights, safety, or property
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services:

• Account information — Retained until you request deletion
• Study notes — Retained until you delete them or your account is deleted
• Quiz attempt history — Automatically deleted after 1 year
• Administrative audit logs — Automatically deleted after 90 days
• Sessions — Expire after 24 hours and are destroyed on logout
• Email verification tokens — Expire after 24 hours
• Password reset tokens — Expire after 1 hour

You can export your quiz report data at any time before it expires (available to subscribers as an XLSX download).

8. Account Deletion

You can delete your account at any time from your account settings. Deletion requires password confirmation. When you delete your account:

Data that is permanently deleted:

• Your user profile and account information
• All study notes you created
• All quiz attempt history
• Your active Stripe subscription (cancelled immediately)
• All active sessions

Data that may be retained:

• Contact form submissions (stored in administrative email)
• Email delivery logs (for operational and legal purposes)
• Anonymised API usage records

9. Certificate Verification

When you earn the Master Scholar certificate by completing all 144 chapters, a public verification page is created that displays your name, completion date, and a unique verification ID. This page is publicly accessible to allow third parties to verify your achievement. If you delete your account, the certificate verification will no longer be available.

10. Cookies and Local Storage

We use one essential cookie and several localStorage items:

• sessionId cookie — Maintains your login session (httpOnly, secure, SameSite=Strict, 24-hour maximum age)
• localStorage items — Theme preference, accent colour, cookie consent status, and UI preferences

We do not use advertising or tracking cookies. For full details, see our Cookie Policy.

11. Your Rights

You have the right to:

• Access your personal information through your profile and account settings
• Correct inaccurate or incomplete data by editing your profile
• Delete your account and associated data (with password confirmation via account settings)
• Export your quiz performance data as an XLSX file (available to subscribers)
• Opt out of notification emails individually through notification preferences
• Object to certain data processing activities by contacting us

To exercise any of these rights, use the relevant feature in your account settings or contact us at privacy@everymathia.com.

12. Children's Privacy

Everymathia is designed for students aged 10–15. We take the privacy of young users seriously:

• Account registration requires users to be at least 13 years of age. Users affirm their age during registration.
• We do not knowingly collect personal information from children under 13 without parental consent.
• We minimise data collection to only what is necessary to provide the educational service.
• We do not use advertising, tracking cookies, or sell user data.
• Parents or guardians may contact us at any time to review, request deletion of, or prevent further collection of their child's personal information.

If you believe we have inadvertently collected information from a child under 13 without proper consent, please contact us immediately at privacy@everymathia.com and we will promptly delete the information.

13. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of discovery. We will also notify relevant authorities as required by applicable law. Our notification will include the nature of the breach, the data affected, steps we are taking to address it, and recommended actions you can take to protect yourself. For more details on our security measures, see our Data Protection & Security page.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any significant changes by email or through a notice on our platform. Your continued use of Everymathia after changes indicates your acceptance of the updated policy.