Privacy Policy

Last updated: 01/06/2026

The short version

• We only collect what we need to be your tutor: your sign-in info, the textbooks and syllabi you upload, your chats, and the skill map the app builds from them.
• On most plans you bring your own API key. Your key is encrypted at rest, and your chats are sent to the provider you chose — we don't wrap a markup layer around them.
• We don't sell your data. We don't run advertising. We don't train models on it.
• You can delete your account and everything with it. We're 18+ only.

1. Who we are

Professor Otto is an independently operated service, run by its owner as an independent sole proprietor. We are the controller of the personal data described here. To reach us about privacy — or anything else — email support@professor.ac; that inbox is the way to contact the operator.

2. What this policy covers

This policy applies to the Professor Otto web app and the data that flows through it. It does not cover what Anthropic, OpenAI, Google, or any other third party does with your data once your AI provider receives it — that falls under their own privacy policies.

3. What we collect and store

Account info

• A Clerk-managed user ID (our authentication provider)
• Your email address (optional, stored only if you provide one)
• Account creation and last-activity timestamps

We never see or store your password. Clerk handles sign-in.

Your uploaded materials

• Textbook PDFs you upload
• Supplemental files you attach to a book (problem sets, notes, etc.)

Files are stored in object storage (Cloudflare R2 in production, local disk in development), organized by your user ID so no one else can see them.

Data we derive from your materials

• Extracted text and chapter structure (so the tutor can reason about what's on page 47)
• Vector embeddings of that text (so the tutor can search it semantically)
• Your skill map, learner profile, observations, and aptitude signals (so the tutor learns how you learn)

Your study sessions

• Full chat transcripts between you and the AI tutor
• Session metadata (what chapter, what mode, progress indices)
• Silent behavioral signals the AI uses to adapt — e.g., "asked for a hint," "solved without help"

Your provider credentials (BYOK)

• Your API keys (Anthropic, OpenAI, Google, or Voyage) or OAuth tokens when you connect a provider
• These are encrypted at rest using symmetric encryption (Fernet). They are decrypted only to make your API call.

Technical logs

• If error reporting is enabled (Sentry), errors and stack traces may be reported with personally identifiable information stripped
• Standard server logs (timestamps, request paths, status codes)

What we don't collect

• Analytics SDKs — none (no PostHog, Amplitude, Google Analytics, Mixpanel, etc.)
• Advertising cookies or trackers — none
• Location beyond what's implicit in an IP address — none

4. How we use what we collect

• Your materials and derived data are used exclusively to run Professor Otto for you: indexing, search, chat context, and your skill map.
• Your chat transcripts are stored so you can return to a session; they also update your learner profile so the tutor adapts to you.
• Your credentials are used only to make AI calls on your behalf.
• We do not sell data, run advertising, train third-party models on your data, or use your uploads for anyone else's benefit.

5. Who processes your data on our behalf

These services receive some of your data so the product can function:

• Clerk — handles sign-in and session management. Sees your email and sign-in events.
• Lemon Squeezy — our reseller and merchant of record for paid plans. When you subscribe, they process the payment and handle billing, receipts and invoices, and applicable tax. They receive the payment and billing details you enter at checkout (we never see or store your full card number). Governed by their own privacy policy.
• Cloudflare R2 — stores your uploaded files.
• Your chosen AI provider (Anthropic, OpenAI, or Google) — receives your chat messages, recent history, and retrieved textbook excerpts during a session. Governed by your agreement with them, not by this policy.
• Your embeddings provider (Google Gemini, OpenAI, or Voyage AI) — receives text chunks from your uploaded materials to generate semantic embeddings. Gemini is the default, but you can choose another. On bring-your-own-key plans the call uses your own credential; on managed plans (Enrolled, Honors) and the free trial it uses our platform credential.
• Sentry (optional, if error reporting is enabled) — receives error reports for debugging, with PII sending disabled.

We do not share your data with anyone outside this list for any other purpose.

6. What actually goes where

How your study data reaches an AI provider depends on your plan.

Bring-your-own-key plans (Auditor, Scholar). When you chat:

1. We assemble a prompt from your message, recent chat history, retrieved excerpts from your textbook, and a summary of your learner profile.
2. We send that prompt to the provider whose key you gave us, using your key, not ours.
3. The provider returns a response. We store it in your session history and show it to you.

Your key is stored encrypted on our servers so you don't have to re-paste it. It's decrypted in memory only at the moment we make the call.

Managed plans (Enrolled, Honors) and the free trial. We provide the AI compute. The same prompt is assembled, but we send it using our platform credentials rather than a key from you. Your messages still go to the underlying AI provider (Google, Anthropic, or OpenAI) to generate the response.

7. How long we keep it

By default, we keep your data as long as your account exists:

• Uploaded files, derived text and embeddings, skill map, learner profile, and chat transcripts — retained until you delete them or close your account.
• Usage events (for cost tracking and the Usage page) — retained indefinitely.

When you delete a book, its files, text, embeddings, and related learner data are removed from our database and object storage. When you delete your account, the same applies to everything tied to it.

If you want us to accelerate any of that, email us.

8. Security

• In transit: HTTPS/TLS for all traffic between your browser, our servers, and third parties.
• At rest: your API keys and OAuth tokens are encrypted with Fernet before being written to the database.
• Access: only you can read your own books, chats, and learner data; requests are authorized against your Clerk user ID on every call.
• We are a small team and don't claim perfect security. If you suspect a vulnerability, email support@professor.ac and we will respond quickly.

9. Your data protection rights

We handle your data in line with applicable data protection law. You have the right to:

• Access the data we hold about you
• Correct it if it's wrong
• Delete your account and associated data
• Complain to your local data protection authority if you think we've handled your data improperly

To exercise any of these rights, email support@professor.ac.

10. Your rights under the GDPR (EU/EEA, UK, and Swiss users)

If you use Professor Otto from the European Economic Area, the United Kingdom, or Switzerland, the GDPR (and UK GDPR) applies to our processing of your personal data. The operator described in Section 1 is the data controller.

Legal bases for processing. We rely on:

• Performance of a contract — to provide the tutor you signed up for: your account, uploaded materials, study sessions, and skill map.
• Legitimate interests — to keep the service secure, debug errors, and prevent abuse, balanced against your rights and freedoms.
• Consent — for anything optional you choose to enable; you can withdraw it at any time without affecting processing already carried out.
• Legal obligation — where we must retain records, such as tax and accounting records tied to payments.

Your rights. In addition to the rights in Section 9, you can: access your data; have it rectified or erased; restrict or object to its processing; receive it in a portable, machine-readable format; and withdraw any consent you gave. To exercise any of these, email support@professor.ac. We aim to respond within one month.

International transfers. We and some of the processors listed in Section 5 (for example, your chosen AI provider, Clerk, Cloudflare, and Lemon Squeezy) are located outside the EEA. Where personal data is transferred outside the EEA, it is protected by an appropriate safeguard — such as a European Commission adequacy decision for the country where it is processed, the EU Standard Contractual Clauses, or the EU–US Data Privacy Framework where applicable.

Automated decision-making. Professor Otto personalizes your learning — your skill map and learner profile adapt to how you study — but we do not make automated decisions that produce legal or similarly significant effects about you.

Complaints. You have the right to lodge a complaint with your local data protection authority in the EEA, the UK, or Switzerland.

11. Your rights under US state privacy laws (California and similar states)

If you use Professor Otto from California — or another US state with a comprehensive consumer privacy law — you have rights over your personal information in addition to those in Section 9.

• What we collect is described in Section 3: account info, your uploaded materials and the data we derive from them, your study sessions, your provider credentials, and technical logs.
• We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising — in the specific senses those terms have under California law and other US state privacy laws. We never have, and we run no advertising.
• We don't offer financial incentives in exchange for your data.

Your rights include the right to know what we collect, to access and delete it, to correct it, and to not be discriminated against for exercising any of these. Because we don't sell or share your data, there's no opt-out to exercise — but you can still make any of these requests by emailing support@professor.ac. We'll verify the request against your account before acting on it.

12. Age

Professor Otto is for adults — 18 and over only. We don't knowingly collect data from anyone under 18. If you're a parent or guardian and believe your under-18 dependent has created an account, email us and we will delete it.

13. Changes to this policy

We'll post updates on this page and revise the "last updated" date at the top. Material changes — meaning real changes to what we collect, who we share it with, or how long we keep it — will also be surfaced in the app.

14. Contact

• General: support@professor.ac