Privacy Policy

Effective Date: March 9, 2026

OpenXLearn (“Company,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website at https://www.openxlearn.com and related services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, password, and optionally a profile photo when you register.
  • Phone Number: When you verify your identity for free trial activation via SMS (processed by Twilio).
  • Payment Information: Credit/debit card details and billing address, processed and stored by Stripe. We do not store your full card number on our servers.
  • User Content: Essay responses, practice answers, and other inputs you submit while using the Service.
  • Communications: Information you provide when contacting our support team.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, practice session activity, time spent, and interaction patterns.
  • Device & Browser Information: IP address, browser type and version, operating system, device type, and screen resolution.
  • Cookies & Similar Technologies: Session cookies for authentication, preference cookies, and analytics cookies (see Section 6).
  • Log Data: Server logs including timestamps, referring URLs, and error logs.
  • Performance Data: Application performance metrics collected via Sentry for error monitoring and diagnostics.

1.3 Information from Third Parties

  • Authentication Providers: If you sign in through a third-party provider (e.g., Google), we receive your name, email, and profile information as permitted by that provider.
  • Payment Processor: Stripe may provide us with transaction confirmations, payment status, and limited card details (last four digits, expiration date).

2. How We Use Your Information

We use the information we collect to:

  • Provide & Operate the Service — Create and manage your account, deliver educational content, process payments, and track learning progress.
  • Personalize Your Experience — Tailor content recommendations, difficulty levels, and practice suggestions based on your performance.
  • AI Features — Process your inputs through AI models (including OpenAI) to provide tutoring, essay feedback, and explanations.
  • Hour Metering — Track active usage time to manage subscription and prepaid hour balances.
  • Communications — Send transactional emails (receipts, account notifications), and, with your consent, marketing communications.
  • Security & Fraud Prevention — Detect, investigate, and prevent fraudulent activity, abuse, and security incidents.
  • Analytics & Improvement — Analyze usage patterns to improve the Service, develop new features, and fix issues.
  • Legal Compliance — Comply with legal obligations, enforce our Terms, and respond to lawful requests.

3. How We Share Your Information

We do not sell your personal information. We may share your information with:

  • Service Providers: Third-party vendors who assist us in operating the Service, including:
    • Stripe — Payment processing and subscription management.
    • OpenAI — AI-powered tutoring, essay evaluation, and content generation.
    • Twilio — SMS phone verification.
    • Sentry — Error monitoring and performance diagnostics.
    • Resend — Transactional email delivery.
    These providers process data on our behalf and are contractually obligated to protect your information.
  • Legal Requirements: When required by law, subpoena, court order, or government regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity.
  • Aggregated & De-identified Data: We may share aggregated or de-identified data that cannot reasonably identify you for analytics, research, or business purposes.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. After account deletion, we may retain certain data for a reasonable period to:

  • Comply with legal obligations (e.g., tax and accounting records).
  • Resolve disputes and enforce our agreements.
  • Prevent fraud and abuse.

Usage data and analytics are retained in aggregated, de-identified form and may be kept indefinitely for product improvement purposes.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Secure authentication with hashed passwords.
  • Role-based access controls for internal systems.
  • Regular security reviews and monitoring.
  • Secure, httpOnly, SameSite session cookies.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Cookies & Tracking Technologies

We use the following types of cookies:

TypePurposeDuration
EssentialAuthentication, session management, CSRF protectionSession / 30 days
FunctionalUser preferences, theme settings1 year
AnalyticsUsage patterns, performance monitoring1 year

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

7. Children's Privacy

The Service is designed for students, including those under 18 years of age. We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and similar regulations.

  • Users under 13 must have a parent or guardian create and manage their account.
  • We only collect information from children that is reasonably necessary to provide the Service.
  • Parents or guardians may review, update, or delete their child's information by contacting us at privacy@openxlearn.com.
  • We do not knowingly collect personal information from children under 13 without verifiable parental consent.

8. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request a machine-readable copy of your data.
  • Opt-Out: Unsubscribe from marketing emails at any time using the link in each email.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@openxlearn.com. We will respond within 30 days, or as required by applicable law.

9. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information collected, the sources, purposes, and third parties with whom it was shared.
  • Right to Delete: Request deletion of personal information collected from you.
  • Right to Opt-Out of Sale: We do not sell personal information. If this changes, we will provide an opt-out mechanism.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

10. International Users

The Service is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to this transfer.

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws, we rely on the following legal bases for processing:

  • Contract Performance: Processing necessary to fulfill our agreement with you.
  • Legitimate Interests: Improving the Service, security, and fraud prevention.
  • Consent: Where you have given explicit consent (e.g., marketing communications).
  • Legal Obligation: Processing required to comply with applicable laws.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised Policy on this page and updating the “Effective Date.” For significant changes, we may also notify you via email. Your continued use of the Service after changes are posted constitutes acceptance of the updated Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us: