Privacy Policy

MathMind AI ("we", "us") is committed to protecting the privacy of students and their families. This Privacy Policy describes what information we collect, how we use it, and your rights.

Account information

When you sign up we collect your name, email address, grade level, and chosen math subjects. Passwords are hashed using PBKDF2-SHA256 (100,000 iterations) and the plaintext is never stored.

Usage data

We log anonymized AI token usage (model, feature, input/output token counts, estimated cost) to monitor system health and control costs. This data is stored in our database and used only for operational purposes.

Tutoring content

Math problems and tutoring conversations are processed by the Anthropic Claude API to provide the Service. Images you upload are sent to Anthropic transiently and are not stored on our servers after the API call completes. Tutoring sessions (problem text and messages) are saved to your account so you can review them across devices.

Payment information

Payments are handled by Stripe. We receive a Stripe customer ID and subscription status but never see or store your card number, bank account, or other payment details.

Device data

We collect your IP address for rate-limiting purposes (stored ephemerally in Redis; not linked to your account). We do not use cookies for tracking. Session tokens are stored in your browser's localStorage and are not accessible to third-party scripts.

• To provide the tutoring, work-check, and progress-tracking features
• To authenticate your account and keep it secure
• To process subscription payments via Stripe
• To enforce per-account usage limits and prevent abuse
• To monitor system performance and investigate errors (via Sentry)
• To send transactional emails (password reset, subscription receipts) via Resend

We do not sell your personal information. We do not use your data to train AI models.

We share data only with the vendors required to operate the Service:

• Anthropic — receives math problem content and tutoring messages to generate AI responses. Governed by Anthropic's Privacy Policy.
• Supabase — stores your account data and session history in a PostgreSQL database hosted on AWS.
• Stripe — processes payments. Governed by Stripe's Privacy Policy.
• Resend — sends transactional emails.
• Vercel — hosts the application; request logs may be retained per Vercel's data policy.
• Upstash — ephemeral rate-limit counters keyed by IP address.
• Sentry — captures application errors; may include stack traces and request metadata.

We understand that many users are under 18. We do not knowingly collect personal information from children under 13 without parental consent. If you believe a child under 13 has created an account without consent, please contact us at support@mathmindai.com and we will delete the account promptly.

We do not display advertising, sell data, or use behavioural profiling for any users, including minors.

Account data is retained until you delete your account. Deleting your account (via Settings → Delete Account) removes your Supabase record within seconds and cancels any active Stripe subscription. Residual logs held by third-party vendors are subject to their own retention policies.

Usage event logs (anonymized token counts) may be retained for up to 12 months for cost monitoring.

We implement industry-standard protections including:

• PBKDF2-SHA256 password hashing (100,000 iterations, unique salt per user)
• HMAC-SHA256 daily-rotating session tokens
• HTTPS-only transport (enforced by Vercel)
• Content Security Policy and XSS-prevention headers
• Server-side input validation and image content moderation

No system is 100% secure. If you discover a security vulnerability, please disclose it responsibly by emailing support@mathmindai.com.

You have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — update your name, email, or other account details via Settings
• Deletion — delete your account and all associated data via Settings → Delete Account
• Portability — request an export of your tutoring session history

To exercise these rights, email support@mathmindai.com. We will respond within 30 days.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or an in-app notice at least 7 days before they take effect. The effective date at the top of this page reflects the most recent update.

Questions or concerns about privacy? Email us at support@mathmindai.com.