Privacy Policy

Effective date: April 10, 2026

This Privacy Policy explains how reesheh.ai ("Reesheh," "we," "us," or "our") collects, uses, discloses, and protects information when you use our website, web app, and mobile app (collectively, the "Services").

Important: This is a product-specific draft based on our current codebase and infrastructure. It is not legal advice.

1) Information We Collect

Information you provide directly

• Account and profile details: email address, password (handled by Supabase Auth), and optional profile fields like full name.
• Learning content: audio, video, documents, topic names, notes, flashcards, quizzes, and related metadata you create or upload.
• Feedback and support details: messages and, in the iOS app, optional diagnostic fields such as app version, device model, locale, network status, free disk space, and battery level when you submit feedback.
• Billing-related details: transaction and subscription metadata from our payment providers (for example, plan and credit allocations). We do not store full payment card numbers.

Information collected automatically

• Authentication/session data: session cookies and tokens used to keep you signed in and secure your account.
• Device/app events (iOS): usage analytics, diagnostic, and crash data collected through integrated mobile SDKs such as Firebase Analytics and Crashlytics.
• Advertising data (iOS): ad request/load events and related identifiers used by mobile ad services where enabled.
• Server and security logs: technical logs needed to operate, secure, and troubleshoot the Services.

Information from third parties

• Authentication providers: if you sign in with Google, we receive profile/account details necessary for login.
• Infrastructure and payments providers: we receive service metadata from hosting, storage, and payment systems used to deliver the Services.

2) How We Use Information

• Provide and maintain the Services.
• Authenticate users and secure accounts.
• Process uploads and generate outputs such as transcripts, notes, flashcards, and quizzes.
• Manage credits, subscriptions, and billing workflows.
• Improve reliability, performance, and product quality.
• Detect abuse, fraud, and security incidents.
• Comply with legal obligations and enforce our Terms and policies.

3) AI Processing

Some features process user content through third-party AI providers to generate educational outputs (for example, speech-to-text, notes, flashcards, and quizzes). This may include uploaded files and text content you submit through the Services.

Our current backend integrations include providers such as OpenAI and Groq. We may update providers over time; this Policy will be updated if material changes occur.

4) Legal Bases (EEA/UK users)

Where required, we process personal data based on:

• Performance of a contract (providing the Services you request).
• Legitimate interests (security, product improvement, analytics).
• Consent (where legally required, such as certain tracking).
• Compliance with legal obligations.

5) Sharing and Disclosure

We may disclose personal information to:

• Service providers/processors that support authentication, storage, AI processing, analytics, payments, ads, and infrastructure.
• Professional advisors and auditors under confidentiality obligations.
• Authorities where required by law or to protect rights, users, and systems.
• Business transferees in connection with mergers, financing, asset sales, or acquisitions.

We do not sell personal information for money. If we ever engage in sharing that constitutes a "sale" or "targeted advertising" under applicable law, we will provide required notices and controls.

6) Data Retention

We retain personal information for as long as needed to provide the Services, fulfill the purposes described in this Policy, and satisfy legal, accounting, and security obligations.

If you delete your account, all associated user data is permanently deleted.

7) Security

We use reasonable technical and organizational safeguards designed to protect personal information. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

8) International Transfers

Your information may be transferred to and processed in countries other than your own, including where our service providers operate.

9) Children's Privacy

The Services are not directed to children under the minimum age required by applicable law in their jurisdiction. If you believe a child has provided personal data unlawfully, contact us so we can investigate and take appropriate action.

10) Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, port, or object to certain processing of your personal information, and to withdraw consent where processing relies on consent.

To exercise rights, contact us using the details below. We may need to verify your identity before responding.

11) State/Region-Specific Disclosures

If you are in a region with specific privacy laws (for example, California, EEA, UK, or other U.S. states), additional disclosures and rights may apply. We can provide a jurisdiction-specific addendum when needed.

12) Changes to This Policy

We may update this Policy from time to time. If changes are material, we will provide notice through the Services or other appropriate channels.

13) Contact Us

Email: [email protected]
Company: Reesheh LLC
Address: Al Rabyeh, Amman, Jordan