• Account information: name or display name, email address, password hash, login provider, account status, verification status, and account preferences.
• Identity and sign-in information: if you use a third-party sign-in provider such as Google, we may receive basic account details made available by that provider.
• Subscription and billing information: plan type, subscription status, renewal and cancellation status, billing identifiers, transaction history, and limited billing metadata from our payment processor.
• Learning and usage information: subject selections, learning-profile settings, study preferences, tailored-practice settings, progress signals, chat history, and service activity.
• Inputs and submitted content: prompts, messages, uploaded files, uploaded images, feedback, instructions, draft responses, and other content you choose to submit through the Services.
• Outputs and AI Feature interaction data: AI-generated responses, explanations, generated practice questions, summaries, suggestions, recommendations, quality signals, and related interaction data generated through your use of the AI Features.
• Sensitive information: depending on what you choose to submit, Inputs, uploads, images, messages, or support requests may include sensitive information or special-category data, such as health information, disability information, biometric information, ethnicity, religious or philosophical views, or similar information. Please do not submit sensitive information unless it is necessary for your use of the Services and you are permitted to provide it. If you choose to submit sensitive information and you have capacity to consent, you consent to ACE AI and its service providers collecting, using, storing, disclosing, and processing that information for the purposes described in this Privacy Policy and the Terms. If the information relates to another person, or if parent, guardian, school, institution, or other authorisation is required, you represent that the required authorisation has been obtained.
• Technical and security information: cookies, auth or session tokens, IP address, device or browser information, logs, crash or diagnostic data, and similar technical information reasonably required to operate and secure the Services.
• Communications: support requests, account emails, verification emails, password reset emails, billing messages, and other correspondence with us.

We collect personal information directly from you when you sign up, log in, upload content, send prompts, subscribe, manage billing, respond to surveys or notices, or otherwise use the Services. We also collect certain information automatically when you interact with the Services, and we may receive limited information from identity providers, payment processors, hosting providers, email providers, analytics providers, cookie or consent-management providers, and other service providers that help us operate the Services.

• create, maintain, and secure your account;
• authenticate users and support email/password and third-party sign-in flows;
• provide AI responses, tailored questions, study tools, uploaded-content processing, and related features, including by processing Inputs and generating Outputs;
• store and sync chat history, tailored-practice sessions, learning-profile data, Outputs, and settings;
• manage plan status and process subscriptions, renewals, cancellations, billing, refunds, taxes, and account support;
• send verification emails, password resets, service messages, billing notices, and support responses;
• monitor performance, diagnose issues, detect fraud or abuse, enforce limits, and protect the Services;
• operate, maintain, troubleshoot, evaluate, and improve the quality, safety, reliability, and security of the Services and AI Features, as described below;
• subject to applicable law and any required consent, notice, opt-out, or authorisation, collect, retain, evaluate, and use eligible data to improve, train, fine-tune, test, and secure ACE AI-controlled educational models, prompts, safety systems, classifiers, and related technologies, with the additional limits described in the AI Feature Processing section below;
• comply with legal obligations and enforce our Terms of Service.

Depending on your location and applicable law, we may process personal information or personal data on one or more of the following bases: performance of a contract with you or steps you request before entering into a contract; compliance with legal obligations; our legitimate interests in operating, securing, supporting, billing for, preventing misuse of, and improving the Services, where those interests are not overridden by your rights; and your consent where we ask for it.

Depending on your location and applicable law, you may have rights to request access to, correction of, deletion of, restriction of, or objection to certain processing of your personal information, request portability of certain data, withdraw consent where processing relies on consent, and complain to a local privacy or data protection regulator. You may also have rights relating to certain automated decision-making where required by law.

In this Privacy Policy, "AI Features" means the AI-assisted tools and model-powered functionality made available through the Services, "Inputs" means prompts, messages, uploads, files, images, feedback, instructions, chat history, and other content or information submitted to the Services, and "Outputs" means the answers, explanations, generated questions, summaries, suggestions, recommendations, or other content generated or returned by the AI Features.

To provide AI Features, we and our service providers may process Inputs and Outputs. This processing may be necessary to generate Outputs, maintain history or memory features, moderate content, detect misuse, troubleshoot issues, and operate, secure, and improve the Services.

We may also use Inputs, Outputs, chat history, feedback, and related interaction data to review, classify, analyse, de-identify, aggregate, troubleshoot, evaluate, and improve the quality, safety, reliability, and performance of the Services and AI Features.

Authorised ACE AI personnel or service providers may review Inputs or Outputs where reasonably necessary for support, abuse prevention, safety evaluation, debugging, legal compliance, dispute handling, or quality evaluation, subject to access controls and confidentiality obligations where applicable.

We may use automated systems to personalise learning content, generate practice, rank materials, detect misuse, and moderate content. We do not use solely automated decision-making that produces legal or similarly significant effects about individuals unless we separately notify you and provide any rights required by applicable law.

ACE AI may collect and retain Inputs, Outputs, uploads, chat history, feedback, learning-profile data, interaction data, and related metadata to provide, operate, secure, maintain, troubleshoot, evaluate, improve, and support the Services and AI Features.

Subject to applicable law and any consent, notice, opt-out, or authorisation required by law, ACE AI may use eligible data, including selected Inputs, Outputs, uploads, chat history, feedback, learning-profile data, interaction data, and related metadata, to train, fine-tune, evaluate, test, secure, and improve ACE AI-controlled educational models, prompts, classifiers, safety systems, and related technologies.

For adult self-service users, ACE AI may collect and retain training-eligible data for future ACE AI-controlled training or fine-tuning where this is disclosed and lawful. Where applicable law requires consent, a separate notice, an opt-out, or another authorisation, ACE AI will rely on that consent, notice, opt-out, or authorisation before using identifiable personal information for that purpose.

We do not use identifiable under-18, school-managed, institution-provided, or sensitive personal information for ACE AI model training or fine-tuning unless a separate training permission has been obtained and recorded. For users under 15, or users whose capacity is uncertain, this permission must come from a parent, guardian, school, institution, or other authorised person where required by law. For users aged 15 to 17, training permission may be given by the user only where we reasonably believe the user has capacity to understand the relevant data handling, and parent, guardian, school, or institution authorisation may still be required depending on the account type, context, payment method, school involvement, or applicable law.

Training permission is optional and is separate from permission needed to provide the core Services. Refusing or withdrawing training permission will not prevent ordinary use of the Services, although it may limit access to any research, beta, or model-improvement feature that clearly requires training participation.

A user, parent, guardian, school, institution, or other authorised person may withdraw training permission for future ACE AI-controlled model training or fine-tuning by using account settings where available or by contacting [email protected]. Withdrawal will stop future use of identifiable personal information for that purpose where required by law or supported by our controls, but may not remove information from models, safety systems, evaluations, logs, backups, or de-identified or aggregated datasets already created.

AI model, inference, safety, hosting, evaluation, or related technology providers that ACE AI uses or engages may process Inputs and Outputs to provide, secure, monitor, evaluate, and support their services for ACE AI. Their processing is governed by the applicable account, API, platform, service, data-processing, security, and usage terms that apply to ACE AI's use of those providers, together with the technical settings and instructions we configure for the Services.

We do not permit those providers to use identifiable ACE AI Inputs, Outputs, uploads, chat history, learning-profile data, feedback, or related metadata to train or improve the provider's own general or shared models by default, except where this is separately disclosed and authorised where required by law.

ACE AI may use provider-hosted model-customisation or fine-tuning services for ACE AI-controlled models where the provider acts under ACE AI's instructions, provider-side general or shared model training is disabled by default, the use is disclosed in this Privacy Policy or a provider notice, and any consent or authorisation required by law has been obtained.

We may disclose personal information to service providers and partners that help us operate the Services, including:

• hosting, cloud, storage, database, infrastructure, logging, and security providers;
• identity and authentication providers, including third-party sign-in providers if enabled;
• payment processors and billing providers, including providers such as Stripe;
• email delivery and support providers;
• analytics, fraud-prevention, consent-management, and customer-support tooling providers;
• AI model, inference, safety, evaluation, and related technology providers that ACE AI uses or engages, where their applicable account, API, platform, service, data-processing, security, and usage terms, data controls, age restrictions, and regional availability support the relevant use case;
• professional advisers, auditors, insurers, regulators, courts, law enforcement, or others where required or permitted by law;
• parties involved in a merger, restructure, financing, acquisition, or sale of all or part of our business.

We do not sell personal information to third-party advertisers. We also do not share personal information for cross-context behavioural advertising unless we first provide any notice, consent, and opt-out required by applicable law.

We may de-identify or aggregate information and use or disclose that de-identified or aggregated information for lawful business, analytics, safety, research, or product-improvement purposes.

We and our service providers may use cookies and similar technologies to keep you signed in, remember preferences, secure the Services, understand product usage, and improve performance. Some of these technologies are strictly necessary for the Services to work.

Where applicable law requires it, we will ask for your consent before using non-essential cookies or similar technologies, such as certain analytics, advertising, or personalisation technologies. You can manage cookies through your browser settings and, where available, our cookie or consent management tools. Additional details may be provided in our cookie settings or a separate Cookie Notice where made available.

We operate from Australia and initially launch the Services primarily for users in Australia, but users in other countries or regions may be able to access the Services where they are technically available and lawful. Personal information may be collected, stored, used, disclosed, or otherwise processed in Australia and in other countries where we or our service providers operate.

Based on our current launch position, the countries in which personal information is likely to be processed, accessed, or disclosed include Australia and the United States. Personal information may also be processed, accessed, or disclosed in other countries where our service providers, affiliates, support teams, infrastructure providers, or subprocessors operate.

This Privacy Policy, together with any linked provider, infrastructure, or subprocessor notice we make available, identifies material provider categories, their roles, relevant data categories, likely processing locations where practicable, and whether provider-side training or fine-tuning is enabled. At launch, material provider categories may include hosting, cloud, database, storage, authentication, payment, billing, email, analytics, support, security, and AI model, inference, safety, evaluation, or related technology providers.

For AI model, inference, safety, evaluation, or related technology providers, provider-side general or shared model training on identifiable ACE AI Inputs, Outputs, uploads, chat history, learning-profile data, feedback, or related metadata is disabled by default unless separately disclosed and authorised where required by law.

Where applicable law requires safeguards for cross-border transfers, we may rely on lawful transfer mechanisms such as adequacy decisions, standard contractual clauses, the UK International Data Transfer Agreement or Addendum, contractual protections, technical and organisational safeguards, or other approved measures. You may contact us for more information about the safeguards we rely on where applicable.

If applicable law requires us to appoint a local representative, data protection contact, or similar contact point in a jurisdiction we actively target, we may identify that person or entity in a supplemental notice or in an updated version of this Privacy Policy.

At launch, the Services are primarily offered through direct-to-consumer, self-service accounts. Schools, tutoring organisations, and other educational institutions may use or purchase the Services only where authorised by ACE AI and, where applicable, subject to separate written terms, privacy notices, data processing terms, or acceptable use rules.

A school, tutoring organisation, or institution must not create, manage, monitor, or administer student accounts through the Services unless it has authority to do so and has provided any required notices and obtained any required parent, guardian, student, or institutional consents. In the event of inconsistency, institution-specific written terms will govern for the relevant institution-provided data or access to the extent of that inconsistency.

The Services are designed for learners and students. ACE AI self-service accounts are for users aged 13+. Children under 13 must not create or use a self-service account in any country. Children under 13 may use ACE AI only through an approved parent, guardian, school, or other authorised workflow where ACE AI has made that workflow available and all required notices, permissions, and authorisations have been handled.

If you are under 15, or if we reasonably believe you may not have capacity to understand and consent to the relevant data handling, you may use the Services only with the permission, involvement, or authorisation required by applicable law, including from a parent, guardian, school, educational institution, or other authorised person where applicable.

If you are 15 to 17, you may use a self-service account only if you have capacity to understand this Privacy Policy and the Terms and your use is lawful in your location. Parent, guardian, school, or other authorisation may still be required depending on your location, account type, school involvement, payment method, or the information you submit.

We do not knowingly collect personal information from children where required consent or authorisation has not been obtained. We may request age, school, parent, guardian, or consent confirmation, and may refuse, limit, suspend, terminate, or delete access, accounts, or content where we reasonably believe required permission or authorisation has not been obtained.

Where a school, tutoring organisation, parent, guardian, or other authorised person provides or manages access, they are responsible for ensuring that they have authority to do so and for giving any required notices or obtaining any required consents unless a separate written agreement with us says otherwise.

We take reasonable technical and organisational steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. However, no service is completely secure and we cannot guarantee absolute security.

We retain different categories of information for different periods depending on why it was collected, how it is used, legal obligations, and operational needs. In general:

• account and profile information is retained while your account remains active and for a reasonable period after closure;
• billing, tax, payment, and transaction records are retained as required by applicable accounting, tax, and legal obligations;
• chats, prompts, uploads, generated history, feedback, learning-profile data, and training or evaluation datasets may be retained until deleted by you or us, or until no longer needed for service operation, safety, quality evaluation, ACE AI-controlled model improvement or training where permitted, dispute handling, or lawful business records;
• logs, diagnostics, and security records may be retained for reasonable security, fraud-prevention, and audit periods;
• backup data may persist for limited cyclical periods before deletion or overwrite.

If you delete content, close your account, opt out, or withdraw consent for an eligible training or fine-tuning use, we will stop using your identifiable personal information for future ACE AI model training or fine-tuning where required by law or supported by our controls. However, unless applicable law requires otherwise, deletion, opt-out, or withdrawal may not remove information from models, safety systems, evaluations, logs, backups, or de-identified or aggregated datasets that have already been created and that no longer identify you.

Where functionality is available, you may be able to delete individual chats, uploads, or other content directly in the Services. You may also request access to, correction of, deletion of, or a copy of your personal information by contacting us at [email protected].

Depending on your location and applicable law, you may also have rights to request restriction of processing, object to certain processing, request data portability, withdraw consent, or lodge a complaint with a local privacy or data protection regulator.

When we receive a request, we may need to verify your identity and may limit or decline the request where permitted by law. We may also delete or de-identify relevant information subject to legal, billing, fraud-prevention, security, dispute-resolution, and backup-retention limits. Some residual copies may remain in backups or system logs for a limited period before deletion or overwrite occurs.

If you have a privacy complaint, contact us at [email protected] and we will investigate and respond within a reasonable time. If you are in Australia and are not satisfied, you may complain to the Office of the Australian Information Commissioner. If you are in another jurisdiction, you may also have the right to complain to a local regulator where applicable.

We may send service, account, billing, security, and support communications. We do not currently send promotional or direct marketing communications unless permitted by applicable law and any required consent, notice, and opt-out mechanisms have been provided.

If we send promotional or direct marketing communications, we will provide a way to unsubscribe or opt out where required by law. Some service, account, billing, security, and support communications are not promotional and may still be sent while you use the Services.

We may update this Privacy Policy from time to time. We will publish the updated version with a revised "Last updated" date. If required by law or if a change is material, we may also provide additional notice within the Services or by email.

Operator / data controller: TIANYU EDUCATION Pty Ltd, trading as ACE AI EDUCATION
ABN: 81696120626
Support: [email protected]
Privacy contact: [email protected]