Aced logoAced← Home

Privacy Policy

Last updated: May 5, 2026

This Privacy Policy explains how Aced ("Aced", "we", "us"), the data controller of personal information collected through the aced.app website and related services (the "Service"), collects, uses, and shares information. By using Aced, you agree to this Policy.

1. Information We Collect

  • Account info — name, email address, password (hashed), and (optionally) grade level and hardest subject you provide during onboarding.
  • User content — notes, questions, prompts, and other input you submit to the AI features, plus the resulting outputs.
  • Usage data — feature usage counters, study streaks, timestamps, device/browser type, and approximate location derived from IP.
  • Payment info — if you subscribe to Pro, our Merchant of Record (Stripe Payments Europe, Ltd. and its affiliates, "Stripe") collects and processes your billing details directly. We never see or store your full card number; we receive only limited transaction metadata (e.g., subscription status, last 4 digits, country) needed to provision your account.
  • Cookies & similar tech — we use cookies and local storage for authentication, session continuity, and basic analytics.

2. How We Use Information

  • To provide, maintain, and improve the Service.
  • To process AI requests (your prompts are sent to our model providers).
  • To handle billing, subscriptions, and customer support.
  • To prevent fraud, abuse, and violations of our Terms.
  • To comply with legal obligations.

3. Third-Party Subprocessors

We share data with vetted service providers strictly to operate the Service:

  • Supabase — database, authentication, and file storage.
  • AI model providers (e.g., Anthropic, Google, OpenAI) — to generate AI responses. Prompts are sent to these providers per their respective policies. We do not permit them to train on your inputs where opt-out is available.
  • Stripe Payments Europe, Ltd. and its affiliates ("Stripe") — our Merchant of Record. Stripe handles checkout, subscription management, payments, invoicing, sales tax, and refunds. See Stripe's Privacy Policy.
  • Hosting/CDN providers — to deliver the Service.

3a. Legal Basis for Processing (GDPR/UK GDPR)

If you are in the UK or EEA, we process your personal data under the following legal bases:

  • Performance of a contract — to create and maintain your account, deliver the Service, and process subscriptions.
  • Legitimate interests — to secure the Service, prevent fraud and abuse, and improve our product. These interests are balanced against your rights.
  • Consent — for optional cookies and marketing communications, where required. You may withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, and other applicable laws.

4. We Do Not Sell Your Data

We do not sell your personal information and we do not share it for cross-context behavioral advertising.

5. Children's Privacy (COPPA)

Aced is not directed to children under 13, and we do not knowingly collect personal information from them. If you are a parent or guardian and believe your child under 13 has provided us with information, contact us at privacy@aced.app and we will delete it promptly. Users between 13–18 should have a parent or guardian's permission to use the Service.

6. Student Data & Schools (FERPA)

Aced is intended for individual student use. We are not a "school official" under FERPA unless we have a separate written agreement with a school district. If your school provides Aced to you, that school's privacy policies may also apply.

7. Your Rights (GDPR / CCPA & similar)

Depending on where you live, you may have the right to:

  • Access, correct, or delete your personal information.
  • Export a copy of your data.
  • Object to or restrict certain processing.
  • Withdraw consent at any time.
  • Lodge a complaint with your local data protection authority.

You can delete your account and all associated data at any time from Settings → Delete Account. For other requests, email privacy@aced.app.

8. Data Retention

We retain your information for as long as your account is active. When you delete your account, we delete your User Content and personal information within 30 days, except where we must retain limited records to comply with law (e.g., tax, fraud prevention).

9. Security

We use industry-standard safeguards including encryption in transit (TLS), encrypted storage, and row-level access controls. No system is 100% secure; please use a strong, unique password.

10. International Transfers

Your information may be processed in the United States and other countries where our providers operate. We rely on appropriate safeguards (such as Standard Contractual Clauses) where required.

11. Changes

We may update this Policy from time to time. Material changes will be communicated through the Service.

12. Contact

Questions? Email privacy@aced.app.