Privacy Policy

Effective: May 6, 2026

This policy describes how Amc2Aime (operating the website at amc2aime.com, hereafter "Amc2Aime", "we", "our") collects, uses, and protects your personal data. Amc2Aime is currently a small, founder-operated educational product in early access.

1. Information we collect

1.1 Account information

  • Email address, provided directly during sign-up or by Google / Discord OAuth when you choose to use those providers.
  • Display name and avatar URL, when returned by an OAuth provider you have chosen to sign in with.
  • Authentication metadata issued by Supabase Auth (session tokens, sign-in timestamps).

1.2 Practice data

  • Contest attempts and answers: which problems you attempted, the answer you submitted, time spent per question, whether you asked the AI coach for help.
  • Aggregate progress: per-knowledge-point accuracy, streaks, and bookmarks you save for later.
  • AI conversations: the messages you send to the coach, the parsed intent, and the system's response — stored so we can support you and improve coaching quality.

1.3 Technical data

  • Request logs: IP address, User-Agent, request paths and timing, recorded by our infrastructure providers (Vercel and Fly.io) for operational and security purposes. These logs typically rotate within 30 days.
  • Auth cookies: a Supabase session cookie is set in your browser so we know you're signed in. We do not use third-party advertising or marketing cookies.

2. How we use your data

  • To deliver questions, judge answers, and generate the review.
  • To compute your weak knowledge points and surface proactive suggestions from the AI coach.
  • To maintain account security, enforce usage limits, and respond to support inquiries.
  • To monitor service health, debug failures, and budget AI provider spend.

We do not sell your data, and we do not use your practice data to train third-party AI models. Anonymous, aggregated usage statistics may be used internally to improve Amc2Aime.

3. Sub-processors

We rely on the following third parties to operate Amc2Aime. Each is bound by their own privacy policy and is contractually limited to processing data on our behalf.

  • Supabase — authentication and primary database, hosted in Tokyo, Japan (ap-northeast-1).
  • Fly.io — backend application hosting in Tokyo, Japan.
  • Vercel — web frontend hosting and edge delivery, globally distributed.
  • OpenAI— large language model API used by the AI coach. Prompts (which include the question text and your message) are sent to OpenAI for processing in the United States. Per OpenAI's API terms, data sent via the API is not used to train OpenAI's models.
  • Google and Discord — only if you choose to sign in with one of these providers, in which case the provider returns your email and basic profile info to us.

4. Data location and transfers

Most data lives in Tokyo (Supabase + Fly.io). When the AI coach is invoked, the relevant question text and your message are transmitted to OpenAI in the United States. By using Amc2Aime, you consent to this cross-border processing.

5. Children's privacy

Amc2Aime is intended for students preparing for math competitions, including middle-schoolers. We comply with applicable children's privacy laws. In particular:

  • If you are under 13 (or under 16 in some jurisdictions), you may use Amc2Aime only with verifiable consent from a parent or legal guardian.
  • We do not knowingly collect more personal information from children than is necessary to operate the service.
  • A parent or guardian may contact us to review, modify, or delete their child's information at any time.

6. Your rights

You can:

  • Access the personal data we hold about you.
  • Correct inaccurate information (most fields are editable in Settings; for the rest, contact us).
  • Delete your account and associated data — email us using the contact below.
  • Export your data in a machine-readable format — email us.
  • Withdraw consent for processing — by deleting your account.

Depending on your jurisdiction (EU/EEA, UK, California, etc.) you may have additional rights under GDPR / CCPA / equivalent laws. We honor all such requests.

7. Retention

  • Account data: retained while your account is active.
  • After account deletion: removed from primary databases within 30 days.
  • Backups and logs: may persist for up to 90 days for disaster recovery and security investigation, then permanently deleted.
  • Anonymized aggregate statistics: may be retained indefinitely.

8. Security

We use HTTPS for all traffic, encrypted-at-rest databases (Supabase default), least-privilege access controls, and OAuth-based authentication. No system is perfectly secure; report suspected vulnerabilities to the contact below.

9. Changes to this policy

We may update this policy as Amc2Aime evolves. Material changes will be announced on the site and, when feasible, by email to registered users. The "Effective" date above will be updated accordingly. Continued use of Amc2Aime after a change constitutes acceptance.

10. Contact

Questions, requests, or complaints: amc2aime@gmail.com