Privacy Policy — Studora

Studora (“we”, “us”) helps high-school students keep a record of their courses, activities, awards, goals, and reflections. This policy explains what we collect, why we collect it, and what you can do about it. If anything below is unclear, email us at support@studorahub.com.

1. Who can use Studora

Studora is only for users who are 13 years of age or older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, email us and we will delete it.

2. What we collect

Account data: your email, password (stored as a one-way hash by our auth provider), first and last name, and — for students — grade level and school name.
Profile + school record:the courses, activities, awards, test scores, goals, and reflections you choose to enter. This is the product. It's private to you by default.
Supervisor connections: if you invite a parent or counselor, we store their email so they can accept the invite.
Billing data: if you subscribe to Premium, Stripe handles your card. We only store your Stripe customer ID and the current subscription status — never your card number.
Usage logs:when you use Premium AI features, we log the feature used, token counts, and estimated cost so we can enforce daily limits and keep costs in check. We do not log the content of your AI prompts beyond what's necessary to produce the response.

3. How we use it

To run the service and show you your own data.
To send transactional email — verification, password resets, and notifications when a supervisor comments on your record.
To process payments for Premium subscriptions.
To generate AI suggestions when you explicitly trigger a Premium feature.
To debug issues and prevent abuse.

We do not sell your data. We do not run advertising. We do not train AI models on your data.

4. Who we share it with (“sub-processors”)

We use a small number of vendors to operate Studora:

Supabase — database, authentication, and file storage. Your account and records live here.
Vercel — hosts the website and runs the server code.
Stripe — processes payments for Premium. Stripe receives your card details directly; we never see them.
Resend — sends transactional email.
Anthropic— powers Premium AI features. When you trigger a Premium feature, the relevant prompt is sent to Anthropic to generate a response. Anthropic's current policies do not use API content for training.

5. Your rights

You can at any time:

See what we have: your profile and all records are visible in the app. You can also export a snapshot from the Export page.
Correct it: edit any field from the relevant page.
Delete everything: from Profile → Delete my account. This permanently removes your account and all associated records. Active Premium subscriptions are cancelled as part of deletion.
Cancel Premium: from Billing → Manage subscription, which opens the Stripe customer portal.

6. Security

Traffic to Studora is encrypted with HTTPS. Passwords are stored as salted hashes by Supabase. Database access is gated by row-level security so a given user can only read their own records (or their supervisors', if they've granted access). We do our best, but no service is immune to security incidents — if one happens that affects you, we'll notify you.

7. Retention

We keep your data for as long as your account is active. When you delete your account, your data is removed from our production database immediately. Backup snapshots may retain deleted data for up to 30 days before being overwritten, after which it is irrecoverable.

8. Changes to this policy

If we make material changes to this policy we'll update the “Last updated” date above and, for significant changes, email active users.

9. Contact

Questions, requests, or concerns: support@studorahub.com.