Privacy & security
EdxAI is built to see as little as possible.
This notice describes how EdxAI handles data today. It is being finalized with legal counsel before public launch; the wording may change, but the practices below are accurate.
What it reads
Only the single problem you choose to analyze, at the moment you click Analyze, in your own authenticated session. It does not run in the background, scan pages continuously, read hidden answers, or look at other questions. EdxAI never fills in or submits anything for you.
What leaves your device
When you click Analyze, the visible problem — or a cropped screenshot of it when the page can’t be read directly — is sent to EdxAI’s service and to Anthropic (Claude), the AI provider that generates the answer, work, and explanation. It is processed transiently to produce your result and is not stored as coursework content. Under Anthropic’s commercial terms the data is not used to train models by default; Anthropic may retain it briefly (up to about 30 days) for trust-and-safety purposes. Zero-data-retention is not enabled.
Who processes your data
We use a small set of service providers, each for a specific purpose:
- Anthropic — generates the answer/explanation (transient processing, as above).
- Supabase — your account, sign-in, and billing/entitlement records.
- Stripe — payment processing for paid plans. EdxAI never sees your card details.
- Error monitoring — content-free error reports (an error code, status, and request id only; never your coursework).
- Hosting — the website and API run on our hosting providers.
We do not sell or share your personal data, and we use no advertising or tracking cookies.
What we keep
We keep operational metadata needed to run the service and prevent abuse — request ids, timings, token counts and cost, and your usage counters and billing history. This metadata is content-free: it never contains the problem you analyzed, your answer, or a screenshot.
Cookies
EdxAI uses only strictly-necessary cookies: your sign-in session, a short-lived security (CSRF) cookie during the one-time extension connection, and a referral-attribution cookie (edxai_ref) if you arrive through a referral link. No advertising or analytics cookies.
Your account
Authentication is handled by Supabase. Access tokens are short-lived and refreshed under your control. You can sign out or delete your account at any time.
Account deletion
Deleting your account permanently removes your profile and associated data from our systems and revokes your sessions. A small number of records may be retained only where a provider or the law requires it — for example, Stripe keeps payment records under its own obligations. You can delete your account from your dashboard.
Contact
Questions about privacy or a data request? See Support. Our full Terms of Service are published alongside this notice.