This policy explains what data Stella ("we", "us") collects, why, where it goes, and the choices you have. We built Stella for students, and we keep this simple: we don't sell your data, we don't run third-party advertising, and we only collect what the Service needs to work.
1. What We Collect
- Account data — your name, email address, and password (stored only as a bcrypt hash — we cannot see your password).
- Study content — your chats with Stella, flashcards, study plans, uploaded study material, and memory items Stella keeps to personalize your sessions.
- Usage & billing data — plan tier, token/quota usage, payment status and payment IDs. Card, UPI, and bank details never touch our servers — they are handled entirely by Razorpay.
- Technical data — access logs (endpoint, timestamp, status) and the notification subscription of a device if you enable reminders.
2. How We Use It
- To run the Service: generating AI responses, keeping your chats and cards in sync across devices, remembering your context between sessions.
- To meter quotas and process subscription billing.
- To secure the Service: authentication, rate limiting, and abuse prevention.
- To send you things you asked for: verification codes, password resets, and optional study reminders you can switch off at any time.
- To help you when you contact support.
We do not use your study content for advertising, and we do not sell or rent your personal data to anyone.
3. Where Your Data Goes (Third Parties)
AI processing: when you chat with Stella, the content of your conversation is processed by third-party AI model providers and/or models running on our own hardware to generate the response. We send only what is needed for the response — not your password, email, or payment details.
- Razorpay processes payments under its own privacy policy.
- Vercel serves the static website and app files.
- Google — transactional emails are sent via Gmail SMTP; if you install the app and enable reminders, push notifications are delivered through your browser vendor's push service (Google, Apple, or Mozilla).
- Optional web-search features query search providers with your search terms only.
4. Storage & Security
- Your data lives on servers we operate ourselves, with encrypted (HTTPS) transport everywhere.
- Passwords are bcrypt-hashed with per-user salts. Access to accounts requires per-user API credentials.
- We keep daily database backups so your study history survives hardware failure.
- No system is perfectly secure; if we become aware of a breach affecting your data we will notify you without undue delay.
5. Retention & Deletion
- We keep your data for as long as your account is active.
- You can delete individual chats and study items in the app at any time.
- You can request full account deletion by emailing us from your registered address; we will delete your account data within 30 days, except minimal billing records we must retain for tax and accounting law.
6. Your Rights
Email us to access, correct, export, or delete your personal data. We respond to every request. If you are in a jurisdiction with specific data-protection rights (including under India's DPDP Act), we honour those rights.
7. Children
Stella is intended for users 16 and older. We do not knowingly collect data from children under 16; if you believe a child has created an account, contact us and we will remove it.
8. Changes
If we materially change this policy we will announce it in the app or by email and update the date above.
9. Contact & Grievances
Privacy questions, data requests, or grievances: stella.cured.my.amnesia@gmail.com. We aim to acknowledge within 72 hours.