Privacy Policy

Controller: Tech Solutions d.o.o., address Stefanova ulica 5, Ljubljana 1000, Slovenia. Data requests: support@explain-math.com.

• Account and identity data: email address, username/display name (if provided), auth identifiers, and account credentials handled by our authentication infrastructure.
• Learning content: problems you enter, answers, test results, and generated feedback.
• OCR uploads: image files you upload for recognition and related technical metadata.
• Technical and security data: IP, device/browser info, session cookies, service logs.
• Billing data (when paid plans are enabled): subscription state and payment processor references/tokens. We never store full card numbers on our servers.
• Support and communications data: messages you send to support and related handling records.

• Directly from you (account registration, forms, uploads, support requests).
• From your device/browser during use of the service (technical and security logs).
• From service partners involved in authentication and payments, where needed to operate your account and subscription.

• Account management, login, and core product functionality: contract performance (Art. 6(1)(b)).
• OCR/AI processing requested by you to provide service outputs: contract performance (Art. 6(1)(b)).
• Security, abuse/fraud prevention, rate limiting, and incident response: legitimate interest (Art. 6(1)(f)).
• Service operations, diagnostics, and reliability monitoring: legitimate interest (Art. 6(1)(f)).
• Optional marketing communications (if enabled): consent (Art. 6(1)(a)); you can withdraw consent at any time.
• Tax/accounting and mandatory records (if applicable): legal obligation (Art. 6(1)(c)).

Our legitimate interests include protecting the platform and users, preventing misuse, maintaining service continuity, and defending legal claims where necessary.

• Account and authentication data are required to create and maintain an account; without them, sign-in and user-specific features cannot work.
• If you do not provide content needed for a requested feature (for example, OCR image or task text), that feature cannot return a result.
• Billing data is required only for paid subscriptions; without it, paid plan activation is not possible.

We use a consent management platform to manage cookie choices and publish a cookie declaration. Necessary cookies (for login and settings) are always active. Optional categories are enabled only after valid consent where required.

We use Google Analytics (GA4) to measure product usage and improve the service. Analytics storage remains disabled until statistics consent is granted through our consent banner in jurisdictions where consent is required.

You can change or withdraw cookie consent at any time through the consent preferences interface.

• Cloud infrastructure for application hosting, database, and authentication.
• AI processing providers for math explanations and solution generation.
• OCR processing provider for photo-to-text recognition.
• Object storage provider for temporary upload handling.
• Analytics provider (Google Analytics), only where valid consent applies.
• Payment processor when subscriptions are enabled (cards/Apple Pay/Google Pay and tax handling where applicable).
• Transactional email delivery provider.
• Consent management platform for cookie consent and declaration.

All processors are bound by data processing agreements. The current subprocessor list is available on request.

Primary data storage and core processing are configured in the EEA/EU. Where specific service operations require transfers outside the EEA, we apply appropriate safeguards, including Standard Contractual Clauses where required.

You may request additional information about the safeguards relevant to your data.

• Account and learning data — while your account is active or until you request deletion.
• OCR image uploads in object storage — automatically deleted within 24 hours.
• Payment/tax records — per statutory retention once payments are live.
• Security logs — kept for a reasonable period (typically 12–24 months).
• Secure backup copies may persist for a limited rolling period and are then overwritten.

On account deletion request, we delete or anonymize applicable data without undue delay, except where retention is required by law or needed for legitimate legal defense.

You may request access, rectification, erasure, restriction, portability, objection, and withdrawal of consent (where processing is based on consent).

• Contact: support@explain-math.com.
• We may request reasonable identity verification before fulfilling requests to protect account security.
• We usually respond within one month, with extensions only where legally permitted.
• You may lodge a complaint with the Information Commissioner of the Republic of Slovenia (IP-RS).

We do not perform solely automated decision-making that produces legal or similarly significant effects on users.

Automated anti-abuse controls may temporarily limit requests for security reasons; such controls are used to protect the service and can be reviewed through support.

We implement appropriate technical and organizational measures, including encryption in transit, access controls, logging, and administrative security controls designed to reduce risk.

No system can be guaranteed 100% secure. Where legally required, we will notify competent authorities and affected users about personal data breaches.

We may update this policy from time to time. Material changes will be announced on the site and/or by email. The effective date at the top indicates the latest version.

Where required by law, we will request renewed consent for relevant changes before they take effect.