Privacy Policy
Effective 2 July 2026
Who we are
Maia (“we”, “us”) operates maia.study, an AI-powered learning and training platform. For any privacy question or request, contact dan@maia.study.
What we collect
- Account data: your name and email address, provided directly or via Google sign-in. We never store passwords; authentication uses Google SSO or single-use email links.
- Learning data: the courses you create, your conversations with the tutor, exercise answers, self-assessments, and progress. This is the core of the service.
- Organization content: when an organization uploads training documents, we extract and store the text needed to generate courses. Original uploaded files are not retained. They are parsed during upload and discarded.
- Billing data: handled entirely by Stripe. We never see or store card numbers; we store only your Stripe customer reference and subscription status.
- Technical data: server logs (IP address, timestamps, requests) used for security, rate limiting, and debugging.
How we use it
- To provide the service: generate courses, run tutoring conversations, track progress, and report outcomes to your organization's instructors (for organization-assigned courses).
- To send transactional email: sign-in links, course assignments, reminders, and billing notices. We do not send marketing email without consent.
- To secure the service: rate limiting, abuse prevention, and audit logging of administrative actions.
We do not sell your data. We do not use your conversations, documents, or learning data to train AI models, and our AI providers are contractually restricted from doing so.
AI processing
Lessons, courses, and supporting materials are generated by sending relevant content (your prompts, extracted document text, conversation context) to our AI subprocessors via API. Content is isolated per user and per organization: one organization's material is never used in another's courses.
Subprocessors
We share data only with the providers required to run the service:
- Vercel: application hosting and compute
- Managed PostgreSQL provider: database hosting (encrypted at rest)
- xAI: AI language models for course generation and tutoring
- ElevenLabs: text-to-speech for podcasts and lectures
- Amazon Web Services (SES): transactional email delivery
- Stripe: payment processing
- Google: sign-in (when you choose Google SSO)
Data is processed and stored in the United States. A detailed subprocessor list with locations is available on request.
Retention and deletion
We keep your data while your account is active. You (or your organization's administrator, for organization accounts) can request export or deletion of your data at any time by emailing dan@maia.study. We delete or anonymize the data within 30 days of a verified request, except records we must keep for legal or billing reasons.
Your rights
Depending on where you live (including under GDPR and UK GDPR), you may have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. Email us to exercise any of these; we respond within 30 days. You may also lodge a complaint with your local data protection authority.
Security
Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). See our security page for details on infrastructure, access control, and responsible disclosure.
Changes
If we make material changes to this policy, we will update the effective date above and, for significant changes, notify account holders by email.