Skip to main content
← Back to home

Privacy Policy

Last updated: April 30, 2026 · Almida Labs LLC

1. What We Collect

When you use Askiras, we collect:

  • Account information — email address, date of birth (for age verification), and name if you choose to provide one
  • Learning data — your answers, scores, session history, spaced-repetition progress, and drill preferences
  • Billing data — Stripe customer and subscription identifiers, plan status, renewal/cancellation status, and receipt metadata. Full card numbers and CVV are processed by Stripe and do not touch our servers.
  • Usage data — pages visited, features used, session duration, and device/browser type
  • Interest-list data — if you join a roadmap-domain interest list, we store your email address and selected exam domain

We collect date of birth solely to verify age eligibility. We do not use it for any other purpose.

2. Why We Collect It

We use your information to:

  • Provide and operate the service (deliver questions, track progress, run spaced repetition)
  • Personalize your learning experience (adaptive question selection, AI coaching)
  • Communicate with you (account notifications, product updates, and receipts)
  • Improve the platform (aggregate usage analytics, fixing bugs)
  • Enforce our terms and prevent abuse

We do not use your data for advertising, profiling, or sale to third parties.

3. Children and Minors

Askiras is available to users age 13 and older.

  • Users under 13 are not permitted to create an account. If we learn that we have collected information from a child under 13, we will delete it promptly.
  • Users ages 13-17 may use the service. By creating an account in this age range, you represent that a parent or legal guardian has given permission. We collect date of birth solely for age verification and do not require or collect a parent or guardian email address.
  • We do not knowingly sell or share the personal information of users under 16 (as required by CCPA/CPRA).
  • We comply with applicable state and federal laws regarding the privacy of minors.

Parents and guardians: If you believe your child under 13 has created an account, please contact us at legal@askiras.com and we will delete the account and associated data.

4. Third-Party Services

We use the following third-party services to operate and improve our platform:

  • Supabase (authentication, database) — processes your account data under their privacy policy
  • Cloudflare (hosting, CDN, security) — processes request metadata under their privacy policy
  • Stripe (payments) — processes payment information for Askiras subscriptions under their privacy policy. Card numbers and CVV are handled by Stripe and do not touch our servers.
  • Anthropic (AI coaching) — when you request a coached explanation, your question, answer choices, and recent progress context are sent to Anthropic's Claude API to generate personalized explanations. Anthropic processes this data under their [privacy policy](https://www.anthropic.com/privacy). We are working with Anthropic on a formal Data Processing Agreement and will update this notice when finalized.
  • PostHog (product analytics) — we use privacy-respecting product analytics to understand how the platform is used and to fix bugs. PostHog processes pseudonymous usage events (linked to your account by an opaque user ID, not by name or email) under their [privacy policy](https://posthog.com/privacy). PostHog retains event data (page views, clicks, feature usage) for up to approximately 12 months. Session replays — if enabled — are retained for up to approximately 30 days. We honor browser Do Not Track signals and do not use this data for advertising. You can opt out at any time via Cookie Settings in the site footer, or by visiting Privacy & Data in your trainer dashboard.
  • Sentry (error monitoring + feedback widget) — we use Sentry to capture runtime errors and to power the in-app Send feedback button. When you are signed in, every automatic error event sent to Sentry includes your account user ID and your email (so we can correlate a "this is broken" report with the actual error), plus the stack trace, the request path/method, and the trainer (`sat`/`lsat`/`ap`/`law`/`poker`). We configure the Sentry SDK to suppress IP and request-body capture at the event level, but Sentry's ingest infrastructure may still observe connection-level metadata as part of receiving the request. When you submit feedback through the Send feedback widget, Sentry receives what you type into the form: your message, your email (pre-filled when you are signed in — you can clear or change it before submitting), an optional name, and an optional screenshot if you take one. Sentry processes this data under their [privacy policy](https://sentry.io/privacy/) and [DPA](https://sentry.io/legal/dpa/). Default retention is 90 days.

We do not sell your personal information to anyone. We do not share your data with advertisers.

A full list of sub-processors is maintained at `docs/sub-processors.md` in our source repository and updated with any change.

5. Cookies and Local Storage

We use minimal cookies and local storage, and ask for your consent before any non-essential cookies are set:

  • Essential cookies — authentication, CSRF, and load balancing. Required for the site to work; cannot be disabled.
  • Preferences (optional) — theme, last-used tab, and UI settings stored on your device.
  • Analytics (optional) — privacy-respecting product analytics (PostHog) to help us fix bugs and improve features. See the Third-Party Services section above for retention windows and opt-out details.

You can review and change your choices any time via Cookie Settings in the site footer. Users whose browser signals Do Not Track are automatically opted out of analytics.

We do not use advertising cookies, third-party tracking pixels, or marketing-attribution cookies.

6. Your Choices and Controls

You control how your data is used:

  • Cookie Settings — reopen the consent banner from the link in the site footer on any page. Your choices are stored on your device and can be changed at any time.
  • Delete my account — available in Privacy & Data in your trainer dashboard. Initiates a 30-day deletion of your profile, sessions, answers, cards, achievements, journal entries, and coaching history.
  • Export my data — available in Privacy & Data in your trainer dashboard. Generates a JSON archive of your profile and learning history, then shows an authenticated download button when the archive is ready (access expires after 7 days).
  • Do Not Track — if your browser sends the DNT signal, we treat it as an automatic opt-out from analytics cookies. You can still enable analytics explicitly via Cookie Settings if you want to share anonymized usage data with us.
  • Email us — for any other privacy request, reach legal@askiras.com.

7. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Encrypted data storage
  • Row-level security policies on database tables
  • Regular security reviews

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to legal@askiras.com.

8. Your California Privacy Rights (CCPA/CPRA)

California residents have the right under the California Consumer Privacy Act (CCPA/CPRA) to:

  • Know what personal information we collect and why
  • Request deletion of your personal information
  • Opt out of the sale or sharing of personal information — we do not sell or share your data
  • Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at legal@askiras.com.

9. Your European Privacy Rights (GDPR)

EU/EEA residents have the right under the General Data Protection Regulation (GDPR) to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

Our legal basis for processing is contract performance (providing the service you signed up for) and legitimate interest (improving our platform). To exercise these rights, contact us at legal@askiras.com.

10. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. When you delete your account, we delete your personal data within 30 days, except where we are required by law to retain it (e.g., tax/billing records) or where limited billing/anti-abuse records are necessary to enforce one no-card free pass per email per trainer. Free-pass records may include lowercased email, trainer, grant status, and grant dates.

You can request deletion of your account and all associated data at any time by contacting support@askiras.com.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this privacy policy or your data, contact us at:

  • Email: legal@askiras.com
  • Company: Almida Labs LLC

© 2026 Almida Labs LLC. All rights reserved.