Privacy Policy

1. Information We Collect

1.1 Information You Provide

API Keys: We store your API key locally in your browser using Chrome's local storage to authenticate your requests to our backend services.

Session Preferences: We store your selected session duration and assistance mode preference (hints or solutions) locally in your browser.

1.2 Information Automatically Collected

HTML Content: When you double-click on educational content, we temporarily capture the HTML content of that specific section for analysis. This content is sent to our backend servers for AI processing and is not stored permanently.

Session Data: We collect session start and end timestamps to manage active study sessions and enforce session duration limits.

Usage Data: We may collect information about how you interact with the Extension, including error messages and service usage patterns, for debugging and service improvement purposes.

1.3 Information We Do NOT Collect

We do not collect:

• Personal identifying information (name, email, address)
• Canvas account credentials
• Browsing history outside of Canvas pages
• Files or documents from your device
• Location data
• Payment information (handled exclusively by Stripe)

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Process your requests and deliver AI-powered educational assistance
• Authenticate Requests: Verify your API key to ensure authorized access
• Manage Sessions: Track active sessions and enforce duration limits
• Improve Service Quality: Analyze usage patterns to enhance functionality and fix issues
• Ensure Security: Monitor for unauthorized access and prevent abuse

3. Data Storage and Retention

3.1 Local Storage

The following data is stored locally in your browser using Chrome's local storage:

• API key (encrypted at rest by Chrome)
• Session preferences (duration, assistance mode)
• Active session status and timestamps

This data remains on your device and is not transmitted to our servers except for the API key, which is sent as part of API requests for authentication purposes.

3.2 Backend Storage

HTML Content: HTML content sent for analysis is processed by our AI service and is not permanently stored. Content is retained only for the duration necessary to generate a response.

Session Information: Basic session metadata (start time, duration, API key identifier) may be stored temporarily on our servers for rate limiting and service management purposes.

3.3 Data Retention

• Locally stored data persists until you uninstall the Extension or manually clear Chrome's extension data
• Backend session data is retained only as long as necessary for service operation and is automatically deleted after session completion
• Error logs and debugging information are retained for up to 90 days

4. Third-Party Services

We use the following third-party services that may have access to certain information:

5. Data Security

We implement appropriate technical and organizational security measures to protect your information:

• Encryption: All data transmitted between your browser and our servers uses HTTPS encryption
• Secure Storage: API keys stored locally are protected by Chrome's built-in security mechanisms
• Access Controls: Backend access is restricted and authenticated
• Rate Limiting: We implement rate limiting to prevent abuse and ensure service stability

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Your Rights and Choices

6.1 Access and Deletion

You have the right to:

• Access data stored locally by viewing Chrome's extension storage
• Delete locally stored data by uninstalling the Extension or clearing Chrome's extension data
• Request deletion of backend session data by contacting us at dagiga.founder@gmail.com

6.2 Data Portability

You may request a copy of any personal data we hold about you, subject to applicable law.

6.3 Opt-Out

You may stop using the Extension at any time by uninstalling it. Uninstalling the Extension will remove all locally stored data.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us at: dagiga.founder@gmail.com.

8. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right of Access: You can request access to your personal data
• Right to Rectification: You can request correction of inaccurate data
• Right to Erasure: You can request deletion of your data
• Right to Restrict Processing: You can request limitation of data processing
• Right to Data Portability: You can request transfer of your data
• Right to Object: You can object to processing of your data
• Right to Withdraw Consent: You can withdraw consent at any time

To exercise these rights, please contact us at: dagiga.founder@gmail.com.

9. Children's Privacy

Our Service is intended for use by students who are at least 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at: dagiga.founder@gmail.com.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our Service, you consent to the transfer of your information to these countries.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last Updated" date at the top of this page. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

12. Cookies and Tracking

Our Extension does not use cookies or tracking technologies. All data storage is handled through Chrome's local storage API, which is limited to the Extension's scope.

13. Do Not Track Signals

We do not respond to "Do Not Track" signals because our Extension does not track users across websites. Our Extension only functions on Canvas learning management systems.

14. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: dagiga.founder@gmail.com or through our Chrome Web Store listing.

15. Data Controller Information

GoToStudy AI acts as the data controller for information processed through our Service. For questions regarding data protection, please contact us at: dagiga.founder@gmail.com.