Legal
Privacy policy
Last updated: 2026-06-02
What we collect
When you sign up: email, name (if provided via Google), profile image (Google). When you practice: your attempts, scores, time-stamps, mastery per topic, streak, and your self-reported confidence.
What we don't collect
We don't fingerprint you. We don't sell data. We don't run third-party ad trackers. Our auth secrets stay server-side. AI eval requests on short-answer attempts go to our AI evaluation model; we cache the result but never share the raw text with any other vendor.
Cookies
We set: a session cookie (NextAuth JWT), a CSRF cookie, and a per-session unlock-tracking cookie for free tier users. No third-party analytics cookies.
Subprocessors
- Supabase, database hosting (your account + attempt data)
- Vercel, application hosting (request logs)
- Resend, transactional email (sign-in magic links, weekly digest)
- Our AI evaluation model: text only on short-answer attempts; raw answer text is not shared with any other vendor
- Dodo Payments, subscription billing (no card data is stored on our side)
- Upstash, Redis for rate limiting (IP + counters; no PII)
Your rights
Email hello@zenaique.com to export or delete your data. We respond within 7 business days.