Assistivity Privacy Policy

2. Information We Collect

We collect several types of information to provide, maintain, secure, and improve the Services, including Personal Data, Usage Data, and the content you submit, as described below.

A. Personal Data

When you create an account or otherwise use the Services, we may collect:

• Your email address
• Account identifiers associated with your Google sign-in, such as your Google user ID
• Any other information you choose to provide, for example when you contact us for support

B. Usage Data

We may collect information about how you access and use the Services, including your IP address, browser type and version, device and operating system information, the pages or API endpoints you access, timestamps, system and performance logs, and other diagnostic data ("Usage Data").

C. Content You Provide

When you use Phoenix's features, we collect the content you submit for processing — for example, the text or voice input you ask Phoenix to transcribe or transform, and the output returned to you ("Customer Content"). We process Customer Content to deliver, maintain, secure, and improve the Services, including to detect and resolve errors. Your saved workspace — equations, diagrams, markup, and sessions — is stored locally in your browser.

D. Authentication Through Google

You sign in to Phoenix using Google OAuth. When you connect your Google account, Google provides us a limited set of profile information that we use to authenticate you and operate your account. We do not receive your Google password. You can revoke Phoenix's access at any time through your Google account settings.

E. Payment Information

Phoenix is currently free to use, and we do not collect payment information. If we introduce paid Services, payment details will be collected and processed by a third-party payment processor, and we will update this Privacy Policy accordingly.

3. Use of Data

We may use Personal Data, Usage Data, and Customer Content for the following purposes:

• Service Operation. To provide, maintain, secure, monitor, and improve the Services, including debugging and resolving errors.
• AI Features. To process your inputs through our systems and third-party AI providers in order to return transcriptions and transformations. We do not use your Customer Content to train AI models. If we offer the ability to contribute content for model improvement in the future, it will be optional and subject to your consent.
• Communication. To send you service-related messages and, where permitted, information about new features and other updates. You can opt out of non-essential communications at any time.
• Account Administration. For authentication, account management, and enforcement of usage limits.
• Compliance. To comply with applicable laws, regulations, and lawful requests.
• Risk Mitigation. To detect, prevent, investigate, and respond to fraud, abuse, security incidents, and violations of our terms.
• With Your Consent. For any other purpose we disclose to you and to which you consent.

Our lawful basis for processing depends on the information and the context in which we process it. We may process your information to perform our contract with you, in reliance on our legitimate interests (where not overridden by your rights and freedoms), with your consent, or to comply with our legal obligations.

4. Cookies and Tracking Technologies

We and our service providers use cookies and similar technologies to operate the Services, maintain your session, remember your preferences, and understand how the Services are used. You can control cookies through your browser settings, though some features may not function properly without them.

5. Retention of Data

We retain Personal Data, Usage Data, and Customer Content only for as long as is necessary for the purposes set out in this Privacy Policy, after which we delete or anonymize it. We may retain certain information for longer where necessary to comply with our legal obligations, resolve disputes, enforce our agreements, or protect the security and integrity of the Services. Retention periods vary depending on the type of data and how it is used. Where we anonymize or aggregate information so that it no longer identifies you, we may retain and use it for business purposes.

6. Transfer of Data

The Services are operated in the United States. If you access them from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Services, you consent to this transfer. We take steps reasonably necessary to ensure your data is treated securely and in accordance with this Privacy Policy.

7. How We Share Information

We do not sell your Personal Data. We may share information in the following circumstances:

• Service Providers. We share information with vendors who perform services on our behalf — including cloud hosting (Digital Ocean), authentication (Google), and third-party AI providers (Anthropic, Google, and OpenAI) — solely to provide and support the Services and under contractual confidentiality obligations. When you use an AI feature, the relevant input is sent to one of these AI providers to generate your result; these providers receive your input content but not your account identifiers. On the commercial tiers we use, they do not use your content to train their models and delete it within 30 days, except where longer retention is legally required.
• Compliance and Protection. We may disclose information where we believe it is reasonably necessary to comply with applicable law or legal process, respond to lawful requests, enforce our terms, or protect the rights, property, safety, or security of Assistivity, our users, or the public.
• Business Transfers. We may disclose or transfer information in connection with, or during negotiations of, any merger, financing, due diligence, acquisition, reorganization, sale of assets, or other business transaction.
• With Your Consent. We may share information with others when you direct us to or otherwise consent.

8. How We Secure Your Information

We implement technical, administrative, and physical safeguards designed to protect the information we hold from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These include encryption of data in transit (TLS 1.2 or higher) and of our user database at rest (AES-256), access controls limiting production systems to authorized personnel, and a documented incident response process under which we will notify affected users where required. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. To report a vulnerability, please contact security@assistivity.org.

9. Your Data Protection Rights (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the GDPR or equivalent laws, including the right to access, correct, delete, restrict, or object to our processing of your Personal Data; the right to data portability; and the right to withdraw consent where our processing is based on consent. To exercise these rights, email privacy@assistivity.org. We may need to verify your identity before responding. You also have the right to lodge a complaint with your local data protection authority.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what Personal Data we collect, to request its deletion, to correct inaccurate information, and to opt out of any "sale" or "sharing" of Personal Data as those terms are defined under the CCPA. We do not sell your Personal Data. To exercise these rights, email privacy@assistivity.org.

11. Children's Personal Data

The Services are intended for users who are at least 13 years old, or the minimum age required in your jurisdiction. We do not knowingly collect Personal Data from children under 13. If you believe a child under 13 has provided us with Personal Data, please contact privacy@assistivity.org and we will delete it. Educational institutions that wish to use Phoenix with students under 13 must enter into a separate written agreement with us addressing COPPA, FERPA, and other applicable student-privacy laws before doing so.

12. Links to Third-Party Websites

The Services may contain links to third-party websites or services that we do not control. We are not responsible for their content or privacy practices, and we encourage you to review the policies of any third party before providing information to them.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date above. If a change materially reduces your rights, we will provide additional notice — for example, by email to the address associated with your account or a notice within the Services — before it takes effect. Changes will not apply retroactively.

14. Contact Us

If you have questions or requests regarding this Privacy Policy:

• Privacy: privacy@assistivity.org
• Security: security@assistivity.org
• General: kennyge@assistivity.org

Assistivity