Privacy Policy
Last updated: January 13, 2026
1. Introduction
HistorIQly ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our AI-powered educational platform.
2. Data Controller
Contact: HistorIQly
Email: privacy@historiqly.com
3. Data We Collect
3.1 Information You Provide
- Account Information: Email address, name (optional), password
- Payment Information: Processed securely by Stripe; we do not store card details
- Conversation Data: Messages you send to our AI characters
- Preferences: Theme, notification settings, accessibility options
3.2 Information Collected Automatically
- Usage Data: Message counts, feature usage
- Technical Data: IP address (hashed), browser type, device information
- Performance Data: Page load times, error reports
4. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide our educational AI service | Contract performance |
| Process payments | Contract performance |
| Send service notifications | Legitimate interest |
| Improve our services | Legitimate interest |
| Send marketing (if opted in) | Consent |
| Prevent fraud and abuse | Legitimate interest |
5. AI Data Processing
Important Notice About AI Processing
When you use our chat features, your messages are sent to third-party AI providers (including OpenRouter, Google, and DeepSeek) to generate responses. These providers process your messages to provide the service but do not use your data for training purposes.
We do not make automated decisions that significantly affect you based solely on AI processing. Our AI provides educational content only.
6. Data Sharing
We share your data with:
- Stripe: Payment processing (PCI DSS compliant)
- OpenRouter/AI Providers: Conversation processing
- Resend: Email delivery
- Neon: Database hosting (AWS US-East-1)
- Google: OAuth authentication (if you choose to sign in with Google)
We do not sell your personal data. We do not share your data with advertisers.
7. Data Retention
- Account data: Until you delete your account
- Conversations: 90 days by default (configurable in settings)
- Payment records: As required by law (typically 7 years)
- Security logs: 2 years for compliance
8. Your Rights
Under GDPR and CCPA, you have the right to:
- Access: Request a copy of your data
- Rectification: Correct inaccurate data
- Erasure: Delete your account and data
- Portability: Export your data in a common format
- Object: Opt out of certain processing
- Restrict: Limit how we use your data
To exercise these rights, go to Settings > Account or email privacy@historiqly.com.
10. Security
We protect your data using:
- AES-256-GCM encryption for sensitive fields
- Argon2id password hashing
- TLS encryption for data in transit
- Multi-factor authentication (optional)
- Rate limiting and fraud prevention
11. International Transfers
Your data may be processed in the United States. We ensure appropriate safeguards through Standard Contractual Clauses with our processors.
12. California Residents (CCPA)
California residents have additional rights:
- Know what personal information is collected
- Know if personal information is sold or disclosed
- Say no to the sale of personal information (we do not sell PI)
- Access your personal information
- Equal service regardless of privacy choices
13. Changes to This Policy
We may update this policy periodically. We will notify you of material changes via email or in-app notification.
14. Contact Us
For privacy questions or to exercise your rights:
Email: privacy@historiqly.com
For EU residents, you have the right to lodge a complaint with your local supervisory authority.