Privacy Policy

1. Introduction

Mathemy, operated by Vestra AI ehf. ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our graphing calculator web application and AI features.

Vestra AI ehf. is a company registered in Iceland, based in Reykjavík, and operates under Icelandic and European data protection laws.

By using Mathemy, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account through Clerk (our authentication provider), we collect:

• Email address
• Name (if provided)
• Profile information (if provided)
• Authentication credentials (managed securely by Clerk)
• User ID and session tokens

2.2 Usage Data

We automatically collect certain information when you use the Service:

• Device information (browser type, operating system, device type)
• IP address and general location (country/region)
• Usage patterns and feature interactions
• Performance metrics and error logs
• Time and date of access

2.3 Mathematical Content

Mathematical expressions, functions, and data you input are:

• Client-side calculations: Processed entirely in your browser, never sent to our servers
• AI chat messages: Temporarily processed through our API and OpenAI's API, not permanently stored on our servers
• Graph data: Stored locally in your browser session, not on our servers

2.4 AI Chat Data

When you use AI features:

• Your questions and the AI's responses are sent to OpenAI for processing
• Conversations are not permanently stored in our database
• OpenAI may retain data according to their own data retention policies (typically 30 days)
• We do not use your chat data to train AI models

2.5 Cookies and Local Storage

We use cookies and browser storage for:

• Authentication session management (via Clerk)
• User preferences and settings
• Graph state and calculator history (stored locally)
• Analytics and performance monitoring

3. How We Use Your Information

We use collected information for:

• Service Provision: To operate and maintain the Service
• Authentication: To verify your identity and manage sessions
• AI Features: To process your requests through OpenAI's API
• Improvements: To analyze usage patterns and improve features
• Communication: To send service updates, security alerts, and support messages
• Security: To detect, prevent, and address technical issues and abuse
• Legal Compliance: To comply with legal obligations and protect rights

4. Data Sharing and Third Parties

4.1 Third-Party Service Providers

We share data with trusted third-party services:

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or abuse
• Protect users' safety or rights

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you before your information becomes subject to a different privacy policy.

4.4 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Security

We implement security measures to protect your information:

• Encryption: HTTPS/TLS for all data transmission
• Authentication: Industry-standard auth via Clerk
• Access Control: Strict access controls on our systems
• Sanitization: All user inputs and AI outputs are sanitized
• Monitoring: Continuous security monitoring and updates
• No Password Storage: Passwords managed securely by Clerk, never by us

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain different types of data for varying periods:

• Account data: Retained while your account is active
• AI chat logs: Not permanently stored (OpenAI retains for 30 days)
• Usage analytics: Retained for up to 2 years
• Legal/security logs: Retained as required by law

Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

7.1 Access and Portability

• Request a copy of your personal data
• Export your account information

7.2 Correction and Deletion

• Update or correct your account information via Clerk
• Request deletion of your account and associated data

7.3 Opt-Out Rights

• Opt out of marketing communications (if any)
• Disable cookies (may affect functionality)
• Choose not to use AI features

7.4 Data Portability

You can request an export of your data in a machine-readable format.

To exercise these rights, please contact us through the contact information provided on our website.

8. Regional Privacy Rights

8.1 GDPR (European Union/EEA)

As an Iceland-based company, we comply with GDPR. If you are in the EU/EEA, you have the following rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Legal Basis for Processing: We process your data based on:

• Consent (for AI features and marketing)
• Contractual necessity (to provide the Service)
• Legitimate interests (for improvements and security)
• Legal obligations (for compliance)

8.2 CCPA (California)

California residents have the right to:

• Know what personal information is collected
• Know if personal information is sold or disclosed
• Say no to the sale of personal information (we don't sell data)
• Access their personal information
• Request deletion of personal information
• Not be discriminated against for exercising these rights

8.3 Other Regions

Users in other regions may have additional privacy rights under local laws. Please contact us to exercise your rights.

9. Children's Privacy and Age Requirements

Our Service, particularly the AI chat features, requires user authentication and is subject to age restrictions under various privacy laws including:

• COPPA (USA): Children's Online Privacy Protection Act
• GDPR (EU/EEA): General Data Protection Regulation
• National laws: Other applicable data protection regulations

We do not knowingly collect personal information from children under the applicable age threshold.If we discover that we have inadvertently collected information from a child without proper parental consent, we will delete that information immediately.

9.1 Parental Responsibility

Parents and legal guardians:

• Please monitor your children's online activities
• If you believe your child has created an account without your permission, contact us immediately
• If your child is under the age requirement but you wish them to use the Service, you must create and manage the account on their behalf
• You are responsible for all activities under accounts you create for minors

9.2 Contact for Child Privacy Concerns

If you believe your child under the required age has provided personal information to us, please contact us immediately at:

We will investigate and delete the account and associated data within 72 hours of verification.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws.

When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by relevant authorities
• Privacy Shield certification (where applicable)

11. OpenAI Data Processing

Important Information About AI Chat:

• AI chat messages are sent to OpenAI's API for processing
• OpenAI may store your queries for up to 30 days for trust and safety purposes
• OpenAI does not use customer data to train their models (per their API policy)
• OpenAI's data handling is governed by their Privacy Policy and API Data Usage Policy
• We do not store chat history permanently on our servers

For more information: OpenAI Privacy Policy

12. Analytics and Tracking

We may use analytics services to understand how users interact with the Service:

• Page views and navigation patterns
• Feature usage statistics
• Error rates and performance metrics
• Device and browser information

Analytics data is aggregated and anonymized whenever possible.

13. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours (where required by law)
• Describe the nature of the breach
• Outline steps taken to address the breach
• Provide recommendations to protect your information
• Notify relevant authorities as required by law

14. Do Not Track

We respect Do Not Track (DNT) browser signals. When you enable DNT, we will not track your browsing behavior for advertising purposes. However, essential functionality cookies may still be used.

15. Your Consent

By using our Service, you consent to our Privacy Policy and agree to its terms. For AI features specifically, you provide explicit consent to:

• Send your queries to OpenAI for processing
• Store authentication information with Clerk
• Process your data as described in this policy

You can withdraw consent at any time by deleting your account or ceasing to use the Service.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification for material changes (if you have an account)
• Displaying a prominent notice on the Service

You are advised to review this Privacy Policy periodically for any changes. Continued use of the Service after changes constitutes acceptance of the updated policy.

17. Data Controller and Contact

For GDPR purposes, Vestra AI ehf. is the data controller.

For questions about this Privacy Policy, to exercise your privacy rights, or to request data access, correction, or deletion, please contact us at the email above.

Response Time: We will respond to privacy requests within 30 days (or as required by applicable law).

18. California Shine the Light Law

California residents can request information about personal data we may have shared with third parties for their direct marketing purposes. As stated above, we do not share personal information with third parties for their marketing purposes.

19. Automated Decision Making

The AI chat feature uses automated processing to generate responses. However:

• We do not use automated decision-making that significantly affects you legally
• AI responses are suggestions and assistance, not binding decisions
• You maintain full control over what actions to take based on AI responses

20. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.