Privacy Policy

Who We Are

Guidra is an AI-powered learning platform based in the United Kingdom. Contact: legal@guidra.ai

What Data We Collect

2a. Information you provide:

2b. Collected automatically:

Usage: lessons completed, questions asked, revision activity; Device: browser type, OS, screen size; IP address: used for country detection and fraud prevention only; Log data: errors, performance metrics, timestamps.

2c. From third parties: Google Sign-In: name, email, profile photo; referral relationships.

2d. Voice data: IMPORTANT: Your spoken audio is converted to text immediately. The audio is then discarded. We NEVER store voice recordings. Only the text transcript is retained.

2e. Browser extension: Page text you choose to learn from is processed to generate lessons. It is not stored permanently. Your browsing history is NEVER recorded or transmitted.

• Name, email, password (stored as cryptographic hash — never plain text)
• Profile: country, education level, school, age, subjects, goals
• Coach profile: study hours, learning style, confidence, obstacles
• Feedback, reviews, support messages
• Payment info: processed by payment providers, we never store card details

How We Use Your Data

We do NOT use your data for advertising. We do NOT sell, rent, or share your data for marketing.

• Provide and improve the Service
• Personalise lessons based on your profile and progress
• Generate AI lessons, explanations, and coaching messages
• Match scholarships to your profile
• Send transactional emails (verification, password reset, billing)
• Detect and prevent fraud
• Comply with legal obligations

Legal Basis (UK/EU Users)

• Contract performance: operating the Service
• Legitimate interests: security, fraud prevention, service improvement
• Consent: optional communications
• Legal obligation: where required by law

Data Sharing

We do not sell your data. We share only with:

• Service providers: Resend (email), payment processors, cloud hosting. All bound by data processing agreements.
• Legal requirements: valid court orders or government requests
• Business transfers: you will be notified before data is subject to a different privacy policy

Data Retention

• Account data: active period + 30 days after deletion
• Learning history: lifetime of your account
• Voice transcripts: 90 days then automatically deleted
• Audit logs: 12 months
• Payment records: 7 years (financial regulations)

Data Security

Report security vulnerabilities to legal@guidra.ai

• Passwords: bcrypt hashed, never plain text
• All data in transit: HTTPS encrypted
• Encrypted database storage
• Role-based access controls
• Audit logging of all admin actions

Your Rights

Depending on your location:

Contact legal@guidra.ai — we respond within 30 days.

• Access: request a copy of your data
• Rectification: correct inaccurate data
• Erasure: delete your data (right to be forgotten)
• Portability: receive data in machine-readable format
• Objection: object to certain processing
• Restriction: limit how we use your data
• Withdraw consent: at any time

Children's Privacy

Not directed at children under 13. Ages 13-17 require parental consent. Contact legal@guidra.ai to remove a child's data.

International Data Transfers

Based in UK. Data may be transferred to and processed in the UK. EEA users: Standard Contractual Clauses or approved mechanisms apply.

Cookies

Essential cookies only (session, authentication). No advertising cookies or tracking pixels.

Social Media

We operate social media accounts on X (Twitter), TikTok, Instagram, and LinkedIn.

Interactions on these platforms are subject to each platform's own privacy policy.

Changes to This Policy

Material changes notified 14 days in advance.

Contact and Complaints

Email: legal@guidra.ai

Website: guidra.ai

UK users: complaint rights with the ICO at ico.org.uk