← Back to Powskill

Privacy Policy

Last updated: March 18, 2026

1. Who We Are

Powskill ("we", "us", "our") operates the study platform at powskill.com for International Baccalaureate (IB) students. We are the data controller for the personal data described in this policy. For privacy-related questions, contact us at support@powskill.com.

2. Data We Collect

We collect personal data in the following categories:

2.1 Account Information

  • Email address (required for signup via OTP or Google OAuth)
  • Display name and profile picture (user-provided)
  • Full name (if signing in with Google)
  • School name and country (selected during onboarding)
  • Exam session (e.g. May 2026, November 2026)
  • Referral source (how you heard about Powskill)

2.2 Study and Progress Data

  • Subject selections and levels (SL/HL)
  • Study plans, goals, target grades, and preferred study schedule
  • Daily task completion, lesson progress, and practice scores
  • XP, level, streaks, Elo rating, and league division
  • Lightning credits and coin balances
  • Bookmarked content and study notes

2.3 User-Generated Content

  • CAS project reflections, blog posts, and task submissions
  • Feed posts, comments, and likes
  • Direct messages sent to other users
  • Files you upload (images, PDFs, documents — max 10 MB per file)

2.4 AI Interaction Data

  • Questions and prompts you send to AI features (AI Tutor, AI Chat, AI Grading)
  • Documents, images, and answer sheets submitted for AI Grading
  • Subject context provided to generate personalized responses
  • Chat history within each AI session

2.5 Payment Data

  • PayPal subscription ID and billing cycle
  • Subscription renewal date
  • We do not store your credit or debit card details — PayPal handles all payment information directly

2.6 Ambassador and Referral Data

  • Ambassador application details (name, school, social media, PayPal email)
  • Referral codes, referral link clicks, and signup attributions
  • Commission earnings and payout history (Ambassadors only)
  • Referral program opt-in status and friend signup counts

2.7 Device and Usage Data

  • Browser type, operating system, and screen size
  • Pages visited, features used, and session duration
  • IP address (collected automatically in server logs)

3. Legal Basis for Processing

We process your data under the following legal bases:

  • Contract performance: to provide the Powskill service you signed up for, including study plans, progress tracking, and subscription management.
  • Legitimate interest: to improve the platform, fix bugs, prevent abuse, and maintain security.
  • Consent: for optional marketing emails (you can opt out at any time in Settings).
  • Legal obligation: to comply with applicable laws, regulations, or legal processes.

4. How We Use Your Data

  • Provide and personalize the platform (study plans, daily tasks, AI tutoring, recommendations)
  • Generate AI-powered lessons, grading feedback, and tutoring responses via Google Gemini and Anthropic Claude
  • Track your progress, streaks, leaderboard rankings, and achievements
  • Process subscription payments through PayPal
  • Send account notifications (verification, password resets, subscription updates)
  • Send optional marketing emails (only with your consent)
  • Moderate content and enforce our acceptable use rules
  • Track referral attributions and process Ambassador commissions and payouts
  • Improve the platform, diagnose technical issues, and prevent fraud

5. Third-Party Services

We share data only with the following services, and only as needed to operate the platform:

  • Supabase (database and authentication) — stores your account, study data, messages, and files. Provides email OTP and manages authentication tokens.
  • Google Gemini (AI processing) — receives your prompts, subject context, and uploaded files to generate tutoring responses, grading feedback, study content, and practice questions. Google processes data via their API and does not use your inputs for model training.
  • Anthropic Claude (AI processing) — used for AI chat, study plan generation, and content analysis. Anthropic processes data via their API and does not use your inputs for model training.
  • PayPal (payment processing) — processes subscription payments and Ambassador payouts. We send your subscription plan selection; PayPal handles all card and billing details directly. We only store your PayPal subscription ID.
  • Google OAuth (optional sign-in) — if you choose to sign in with Google, we receive your name, email, and profile picture from Google.
  • Vercel (hosting) — serves the application. Requests pass through Vercel servers.
  • Resend (email delivery) — delivers transactional emails (verification codes, account notifications) from hello@powskill.com.

We do not sell your personal data to third parties. We do not use third-party advertising or analytics tracking services.

6. Cookies and Local Storage

Powskill does not use third-party tracking cookies. We use browser local storage to save:

  • Your theme preference (light or dark mode)
  • Navigation layout preference (topbar or sidebar)
  • Notification muting preferences
  • Authentication session tokens (managed by Supabase)

This data stays in your browser and is not transmitted to third parties.

7. Data Storage and Security

Your data is protected by the following measures:

  • All data in transit is encrypted via HTTPS/TLS
  • Data at rest is encrypted by Supabase
  • Row-level security policies restrict database access to authorized users
  • Authentication uses JWT tokens with email OTP verification
  • API endpoints are protected with server-side authentication checks
  • File uploads are validated for type and size (max 10 MB; images, PDFs, and text files only)

While we take reasonable measures to protect your data, no system is 100% secure. We encourage you to use a strong, unique password and keep your login credentials private.

8. Data Retention

  • Account data: retained as long as your account is active.
  • Study progress: retained as long as your account is active.
  • Messages and posts: retained until you delete them or your account is deleted.
  • Payment records: retained for the duration of your subscription plus any period required for billing history and legal compliance.
  • AI interaction data: prompts and responses are stored in our database for your chat history. Our AI providers (Google Gemini, Anthropic Claude) do not retain your data after processing.
  • Ambassador and referral data: retained as long as you participate in the respective program. Payout records are retained for legal and tax compliance.
  • Server logs: retained for up to 30 days for security and debugging purposes.

9. Your Rights

Depending on your location, you may have the following rights under applicable data protection laws (including GDPR and CCPA):

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate data via your account settings or by contacting us.
  • Erasure: request deletion of your account and all associated data.
  • Data portability: request an export of your data in a structured, machine-readable format.
  • Restriction: request that we limit how we process your data in certain circumstances.
  • Objection: object to processing based on legitimate interest.
  • Withdraw consent: withdraw consent for marketing emails at any time via Settings.

To exercise any of these rights, contact us at support@powskill.com. We will respond within 30 days.

For California Residents (CCPA)

You have the right to know what personal information we collect and how it is used. You may request deletion of your data. We do not sell personal information. We do not discriminate against users who exercise their privacy rights.

10. Children's Privacy

Powskill is designed for IB students, who are typically 16–19 years old. You must be at least 13 years old to use the service. If you are between 13 and 18, you confirm that a parent or guardian has consented to your use of Powskill. We do not knowingly collect data from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. Parents or guardians may contact us at support@powskill.com to request review or deletion of their child's data.

11. International Data Transfers

Your data may be processed in countries outside your own, including the United States, where our service providers (Supabase, Google, PayPal, Vercel) operate. When data is transferred internationally, it is protected by the security measures described in this policy and by the data protection commitments of our service providers.

12. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will notify you via email or an in-app notice and update the "Last updated" date at the top. Continued use of Powskill after changes are posted constitutes acceptance of the updated policy.

13. Contact

For privacy-related questions, data requests, or concerns, contact us at support@powskill.com.