• Account information: name or display name, email address, password hash, login provider, account status, verification status, and account preferences.
• Identity and sign-in information: if you use a third-party sign-in provider such as Google, we may receive basic account details made available by that provider.
• Subscription and billing information: plan type, subscription status, renewal and cancellation status, billing identifiers, transaction history, and limited billing metadata from our payment processor.
• Learning and usage information: subject selections, learning-profile settings, study preferences, tailored-practice settings, progress signals, chat history, and service activity.
• Content you submit: prompts, messages, uploaded files, uploaded images, draft responses, feedback, and other content you choose to submit through the Services.
• Technical and security information: cookies, auth or session tokens, IP address, device or browser information, logs, crash or diagnostic data, and similar technical information reasonably required to operate and secure the Services.
• Communications: support requests, account emails, verification emails, password reset emails, billing messages, and other correspondence with us.

We collect personal information directly from you when you sign up, log in, upload content, send prompts, subscribe, manage billing, respond to surveys or notices, or otherwise use the Services. We also collect certain information automatically when you interact with the Services, and we may receive limited information from identity providers, payment processors, hosting providers, email providers, analytics providers, cookie or consent-management providers, and other service providers that help us operate the Services.

• create, maintain, and secure your account;
• authenticate users and support email/password and third-party sign-in flows;
• provide AI responses, tailored questions, study tools, uploaded-content processing, and related features;
• store and sync chat history, tailored-practice sessions, learning-profile data, and settings;
• manage plan status and process subscriptions, renewals, cancellations, billing, refunds, taxes, and account support;
• send verification emails, password resets, service messages, billing notices, and support responses;
• monitor performance, diagnose issues, detect fraud or abuse, enforce limits, and protect the Services;
• operate, maintain, troubleshoot, evaluate, and improve the quality, safety, reliability, and security of the Services, as described below;
• comply with legal obligations and enforce our Terms of Service.

Depending on your location and applicable law, we may process personal information or personal data on one or more of the following bases: performance of a contract with you or steps you request before entering into a contract; compliance with legal obligations; our legitimate interests in operating, securing, supporting, billing for, preventing misuse of, and improving the Services, where those interests are not overridden by your rights; and your consent where we ask for it.

Depending on your location and applicable law, you may have rights to request access to, correction of, deletion of, restriction of, or objection to certain processing of your personal information, request portability of certain data, withdraw consent where processing relies on consent, and complain to a local privacy or data protection regulator. You may also have rights relating to certain automated decision-making where required by law.

To provide AI features, we and our service providers may process the prompts, messages, files, images, and other content you submit. This processing may be necessary to generate outputs, maintain history or memory features, moderate content, detect misuse, troubleshoot issues, and operate, secure, and improve the Services.

We may also use prompts, uploads, chat history, feedback, and related interaction data to review, classify, analyse, de-identify, aggregate, troubleshoot, evaluate, and improve the quality, safety, reliability, and performance of the Services.

We may use automated systems to personalise learning content, generate practice, rank materials, detect misuse, and moderate content. We do not use solely automated decision-making that produces legal or similarly significant effects about individuals unless we separately notify you and provide any rights required by applicable law.

We do not use content submitted through the Services to train ACE AI or third-party foundation models unless we separately notify you and obtain any consent or authorisation required by law.

We may disclose personal information to service providers and partners that help us operate the Services, including:

• hosting, cloud, storage, database, infrastructure, logging, and security providers;
• identity and authentication providers, including third-party sign-in providers such as Google;
• payment processors and billing providers, including providers such as Stripe;
• email delivery and support providers;
• analytics, fraud-prevention, consent-management, and customer-support tooling providers;
• AI model, inference, and related processing providers, including providers such as OpenAI, Google/Gemini, or similar providers we may use from time to time;
• professional advisers, auditors, insurers, regulators, courts, law enforcement, or others where required or permitted by law;
• parties involved in a merger, restructure, financing, acquisition, or sale of all or part of our business.

We do not sell personal information to third-party advertisers. We may de-identify or aggregate information and use or disclose that de-identified or aggregated information for lawful business, analytics, safety, research, or product-improvement purposes.

We and our service providers may use cookies and similar technologies to keep you signed in, remember preferences, secure the Services, understand product usage, and improve performance. Some of these technologies are strictly necessary for the Services to work.

Where applicable law requires it, we will ask for your consent before using non-essential cookies or similar technologies, such as certain analytics, advertising, or personalisation technologies. You can manage cookies through your browser settings and, where available, our cookie or consent management tools. Additional details may be provided in our cookie settings or a separate Cookie Notice where made available.

We operate from Australia and may provide the Services to users in selected countries or regions. Personal information may be collected, stored, used, disclosed, or otherwise processed in Australia and in other countries where we or our service providers operate.

The countries in which personal information is likely to be processed or disclosed currently include: Australia; the United States; and [insert any additional countries in which your current hosting, AI, analytics, identity, email, support, or billing providers process personal information before publishing].

Where applicable law requires safeguards for cross-border transfers, we may rely on lawful transfer mechanisms such as adequacy decisions, standard contractual clauses, the UK International Data Transfer Agreement or Addendum, contractual protections, technical and organisational safeguards, or other approved measures. You may contact us for more information about the safeguards we rely on where applicable.

If applicable law requires us to appoint a local representative, data protection contact, or similar contact point in a jurisdiction we actively target, we may identify that person or entity in a supplemental notice or in an updated version of this Privacy Policy.

If the Services are provided through a school, tutoring organisation, or other educational institution, additional terms, privacy notices, data processing terms, or acceptable use rules may apply to institution-provided accounts or data. In the event of inconsistency, those institution-specific terms will govern for the relevant institution-provided data or access to the extent of that inconsistency.

The Services are designed for learners and students, but are not directed to children under 13 in the United States unless we expressly make available a parent, guardian, school, or other authorised workflow that permits such use.

If you are below the age at which you can lawfully consent to online, digital, or similar services in your place of residence, you may use the Services only with the permission or authorisation required by applicable law, including from a parent, guardian, school, or educational institution where applicable.

We may ask for age or consent confirmation and may suspend, restrict, or delete accounts or content if we reasonably believe age-related or permission requirements have not been satisfied.

We take reasonable technical and organisational steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. However, no service is completely secure and we cannot guarantee absolute security.

We retain different categories of information for different periods depending on why it was collected, how it is used, legal obligations, and operational needs. In general:

• account and profile information is retained while your account remains active and for a reasonable period after closure;
• billing, tax, payment, and transaction records are retained as required by applicable accounting, tax, and legal obligations;
• chats, prompts, uploads, and generated history may be retained until deleted by you or us, or until no longer needed for service operation, safety, dispute handling, or lawful business records;
• logs, diagnostics, and security records may be retained for reasonable security, fraud-prevention, and audit periods;
• backup data may persist for limited cyclical periods before deletion or overwrite.

Where functionality is available, you may be able to delete individual chats, uploads, or other content directly in the Services. You may also request access to, correction of, deletion of, or a copy of your personal information by contacting us at privacy@aceaiedu.com.

Depending on your location and applicable law, you may also have rights to request restriction of processing, object to certain processing, request data portability, withdraw consent, or lodge a complaint with a local privacy or data protection regulator.

When we receive a request, we may need to verify your identity and may limit or decline the request where permitted by law. We may also delete or de-identify relevant information subject to legal, billing, fraud-prevention, security, dispute-resolution, and backup-retention limits. Some residual copies may remain in backups or system logs for a limited period before deletion or overwrite occurs.

If you have a privacy complaint, contact us at privacy@aceaiedu.com and we will investigate and respond within a reasonable time. If you are in Australia and are not satisfied, you may complain to the Office of the Australian Information Commissioner. If you are in another jurisdiction, you may also have the right to complain to a local regulator where applicable.

We may send service, account, billing, security, and support communications. We do not currently send promotional or direct marketing communications unless permitted by applicable law and any required consent, notice, and opt-out mechanisms have been provided. If that changes, we will update this Privacy Policy.

We may update this Privacy Policy from time to time. We will publish the updated version with a revised "Last updated" date. If required by law or if a change is material, we may also provide additional notice within the Services or by email.

Operator / data controller: TIANYU EDUCATION Pty Ltd
Support: support@aceaiedu.com
Privacy contact: privacy@aceaiedu.com