Privacy Policy

Last Updated: May 7, 2026

This Privacy Policy describes how Stephen AI collects, uses, and shares information when you use its mobile application, Stephen AI. Stephen AI is deeply committed to protecting your privacy and processing your data in a transparent and responsible manner, particularly for younger users.

We encourage you to read this Privacy Policy carefully. By using the Stephen AI App, you consent to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not use the App.

1. Introduction to Stephen AI

Stephen AI is a mobile application designed to assist users, including primary and lower secondary school students, with their homework. Users can upload images of exercises and ask questions to receive step-by-step solutions and feedback. Stephen AI's goal is to provide a safe, helpful, and engaging learning environment.

2. Information Collected by Stephen AI

Stephen AI collects different types of information to provide and improve its services.

2.1. Information Provided Directly by the User

Upon the first launch of the App and prior to any registration, Stephen AI strictly requires the entry of the Date of Birth and the Country of residence. The collection of this data is strictly limited to the following purposes:

  • Age Verification (Age Wall): We calculate the user's age to verify the attainment of the legal threshold for "digital consent" (e.g., 16 years old in Australia/Ireland/New Zealand, 14 years old in Italy, 13 years old in the USA/UK/Canada). This verification determines whether the user can access the Free Plan (ad-supported) or if access is permitted only through a subscription purchased by a parent/guardian (which serves as verifiable consent).
  • Localization and Compliance: The Country allows us to apply the privacy laws specific to your area, set the correct language, and display prices in the local currency.

Important for Free Plan users (Unregistered): If you use the App without creating an account, your Date of Birth and your Country are stored exclusively locally on your device. No profiles are created on our active databases (Firebase); such data is only transmitted transiently to our servers to calibrate the Artificial Intelligence's responses, without being stored.

If the user decides to create an account or subscribe to a plan, the following information is collected:

  • Account Information:
    • Credentials: Email address and password (securely managed via Google Firebase Authentication) or Social Login identifiers (Google/Apple).
    • Security and Sessions: We monitor the number of active sessions (maximum of 2 simultaneous logins per account) and use local technical indicators to prevent the abusive creation of multiple accounts on the same device.
  • Profile Information (only for subscribed users):
    • Identifying Data: First name, last name, and gender for interface personalization.
    • Educational Personalization: The date of birth is used by the AI to calibrate the complexity of the explanations and the language based on the user's age.
  • Content and Communications:
    • Educational Data: Images of uploaded exercises, text chat messages, and audio recordings from Voice Chat.
    • Feedback: Messages sent through the App settings for reports or suggestions (with the option to provide an optional email address to be contacted back).

2.1.1. Referral Program Information

To manage the invitation system and the allocation of bonuses, Stephen AI operates as follows:

  • Android: Uses the native Google Play Install Referrer API to securely identify and validate the referral code during installation.
  • iOS: To match the invitation to the first opening, Stephen AI temporarily collects the device's public IP address at the time of clicking on the link. This data is technical, is not used for profiling, and is deleted within 48 hours.

2.2. Information Collected Automatically

When you access and use the App, Stephen AI automatically collects certain information about your device and your usage:

  • Device Information:
    • Session Management and Abuse Prevention: in order to ensure account security and compliance with usage limits, Stephen AI monitors the number of active sessions (allowing a maximum of 2 simultaneous logins per account). Furthermore, the App uses technical indicators stored exclusively locally on your device (which are not transmitted to our servers) to prevent the abusive creation of multiple accounts. No persistent hardware identifiers are collected or stored for this purpose.
    • Device type and operating system: information about your mobile device (e.g., iPhone, Android phone, iOS version, Android version) for compatibility, analysis, and debugging.
  • Usage Data:
    • Credits: Stephen AI tracks your credit balance, used to access AI problem-solving features.
    • Timestamps: Stephen AI records timestamps related to account creation (createdAt), and subscription events (start, renewal, cancellation).
    • Backend logs: Stephen AI's backend servers (Firebase Cloud Functions and Python Flask app) automatically record standard operational logs. These logs may include the IP address, request details (e.g., access endpoints, parameters), and timestamps, used for operational monitoring, security, debugging, and performance analysis.
  • Location Information (Inferred):
    • Store Data: subscription prices and currency are handled directly through the integrated services of the Apple App Store or Google Play Store. Stephen AI does not collect, process, or store precise geolocation data or IP addresses for commercial localization purposes.
  • AI-Generated Educational Data:
    • Tutor Notes: Stephen AI generates and stores brief internal notes on progress and topics covered during study sessions, used to personalize future assistance.

2.3. Information from Third Parties

Stephen AI integrates with and receives certain information from third-party services that are essential for the App's operation:

  • Google (via Firebase Authentication and Google Sign-In): when you sign in with Google, Stephen AI receives your Google account ID, your email address, and, potentially, your display name. Firebase also provides the underlying infrastructure for Stephen AI's database (Cloud Firestore) and serverless backend (Cloud Functions).
  • Apple Sign-In: for access via your Apple ID. Apple's standard Terms of Use apply to this service. Apple shares with Stephen AI only the data necessary to identify you as an app user.
  • Google Play Billing and Apple In-App Purchases (for payments and subscriptions): when you subscribe to our premium services, payment is processed securely through the native in-app purchase platforms provided by Google (for Android) and Apple (for iOS). Stephen AI does not directly collect or store sensitive payment method data (such as full credit card numbers) or billing addresses. These platforms may provide us with non-sensitive purchase and subscription information necessary to provide the service, prevent fraud, and manage access rights, including:
    • Identifiers: purchase tokens (Google Play), order/transaction IDs (Google/Apple), and Apple transaction identifiers such as originalTransactionId (used to link a subscription to the correct account).
    • Subscription Status: whether the subscription is active, canceled (auto-renewal disabled), expired, or revoked/refunded, and whether auto-renewal is enabled.
    • Time Information: renewal/expiration timestamps and, where applicable, cancellation timestamps.
    • Receipts / Signed Transaction Data: for subscription verification and purchase restoration, we may store Apple iOS receipts or StoreKit 2 signed data (JWS) and Google Play purchase tokens.

    To maintain an accurate subscription status, we may also receive server-to-server notifications from Apple and real-time developer notifications from Google. These notifications can signal events such as renewals, cancellations, expirations, refunds, or revocations and are used to update your subscription's access rights and usage limits accordingly.

  • Google Analytics for Firebase and Firebase Crashlytics: We use these services to collect anonymized data on App usage (e.g., starting an exercise or reaching the voice credits limit) and crash reports to improve stability and user experience. For demographic analysis, we only transmit the user's calculated age to Analytics and not the exact date of birth, in compliance with data minimization. Statistical collection is automatically disabled in test and development environments.
  • OpenAI (for AI problem solving and chat): uploaded images, chat messages (text or transcribed from audio), and specific profile context data (Country, Language, and Date of Birth) are sent to the OpenAI API (gpt-4o-mini model). Specifically, Country, Language, and Date of Birth are automatically included in the "system prompt" (the core instructions provided to the Artificial Intelligence) so that the AI can align the teaching method and the complexity of explanations with your nation's school curriculum and your age, ensuring responses in the correct language. OpenAI processes this data via APIs to provide the artificial intelligence service. This data is not used by OpenAI to train its language models. Stephen AI does not control OpenAI's data retention practices, but ensures that direct personal identifiers are not included in prompts beyond what is necessary for the AI function (e.g., language preference).
  • Cloudflare (1.1.1.1): your IP address is sent to the routing service https://1.1.1.1/cdn-cgi/trace to infer your country of residence in real time. This allows us to show you prices in your local currency and apply the correct age limits (Age Wall). No persistent personal data is saved by Stephen AI through this operation.
  • Ipify.org (only for iOS devices): if you use an Apple device, upon the first launch the App contacts https://api.ipify.org to obtain your public IP address. This is technically necessary to match your installation with a previously clicked invitation link (Referral). The data is temporarily stored securely and automatically destroyed within 48 hours.
  • Google Cloud Run: Stephen AI's backend is hosted on this container-based serverless platform. This ensures that every request (including mathematical calculations and message processing) occurs in an isolated and secure execution environment. Data is processed exclusively in memory (RAM) during the session and is not persistently stored on the hosting servers, minimizing the risk of data exposure.
  • Google AdMob & User Messaging Platform (UMP): Stephen AI uses Google AdMob to serve ads and Google UMP for consent management. Upon first access, users on the free plan are presented with a form to manage privacy preferences (GDPR/ATT). Data (advertising identifiers, IP, usage data) is processed only if the user provides explicit consent for the specific purposes listed in the form. The user can revoke or limit advertising tracking at any time via their device's system settings (by resetting the advertising ID or limiting ad tracking for the app).

2.4. Voice Chat (Audio Features)

Stephen AI may offer an optional Voice Chat feature that allows you to speak to the App instead of typing. If you choose to use Voice Chat, Stephen AI will process audio data to provide the requested functionality (speech-to-text conversion for your message and, if enabled, text-to-speech conversion for the AI's response).

2.4.1. User-Provided Audio Data (Microphone Input)

  • Voice Recordings: when Voice Chat is enabled and you press the microphone button (or otherwise initiate a voice interaction), the App captures audio from your device's microphone for the purpose of transcribing your request and continuing the conversation.
  • Transcriptions: Audio files are sent to the backend on Google Cloud Run and transcribed into text via OpenAI services.

Original audio files are stored in a temporary folder on the server for the sole purpose of enabling transcription and speech synthesis. These files are automatically deleted by the system immediately after processing and are not used to train artificial intelligence models.

Important: we encourage you to avoid sharing sensitive personal information (such as health data, precise location, or other highly private details) via Voice Chat. If you choose to communicate such information, it may be included in the transcription and will be used exclusively to respond to your request.

2.4.2. Audio Data Generated by Stephen AI (Text-to-Speech Output)

  • AI Voice Responses: if the Voice Chat voice output is enabled, Stephen AI can convert the AI's text response into an audio file so that you can listen to it.

2.4.3. How Voice Chat Data is Processed

  • Speech-to-Text (STT): the audio you send may be transmitted to a third-party provider (OpenAI) for transcription into text, to process your request and provide the AI response. Stephen AI already uses OpenAI for AI inference, and Voice Chat extends this processing to include transcription when you choose to use audio.
  • Text-to-Speech (TTS): if enabled, the conversion of the AI response text into audio occurs exclusively locally on your device using the speech synthesis features integrated into the operating system. The text is not sent to third-party providers for this operation.

2.4.4. Retention and Duration of Voice Data

Stephen AI is designed to minimize the retention of voice-related data. Voice recordings of your microphone input are stored temporarily on Stephen AI's backend servers only for the time strictly necessary to transcribe your message into text. No response audio is generated or stored on our servers, as speech synthesis occurs locally on your device. Stephen AI does not use your voice to identify you, and Voice Chat is not intended for biometric identification.

Operational logs (such as request timestamps, basic request details, and error logs) may still be generated for security, debugging, and performance monitoring purposes, as described elsewhere in this Privacy Policy.

2.4.5. Your Choices and Device Permissions

  • Microphone Permission: Voice Chat requires access to your device's microphone. You can grant or revoke this permission at any time through your device's operating system settings.
  • Optional Feature: Voice Chat is optional. If you do not enable it, you can continue to use Stephen AI via text and other standard features.

2.4.6. Minors and Voice Chat

Since Stephen AI is designed for younger users, Voice Chat (when available) is implemented with a strong focus on data minimization and is used exclusively to provide the requested educational assistance. Stephen AI does not publicly display voice content and does not use voice data for advertising or behavioral profiling.

3. How Stephen AI Uses Your Information

We use the collected information to provide you with a safe and personalized educational experience, based on our Freemium model:

3.1. Service Provision and Management

Your data is necessary for the core functioning of the App:

  • Educational Processing: We analyze the images and text of your assignments to generate explanations and concept maps via AI, facilitating visual learning.
  • Voice Features: We manage "Voice Chat Credits" (e.g., 20 credits included for subscribers) to allow you to interact by voice with the AI tutor.
  • Tutor Notes: The AI generates brief internal notes on your progress to calibrate future responses based on your level.
  • Security and Limits: We monitor active sessions (maximum of 2 simultaneous devices) to protect your account and prevent abusive usage.

3.2. Advertising and Tracking (Only for the Free Plan)

To keep the service free for users who do not subscribe to a plan, Stephen AI includes advertisements:

  • Provider: We use Google AdMob to serve ads within the app.
  • Consent Management (GDPR/ATT): In compliance with privacy laws (GDPR in Europe) and Apple policies (ATT), we use the UMP consent form to explicitly ask if you wish to see personalized ads. If you consent, device identifiers (such as IDFA on iOS or AAID on Android) will be used.
  • Subscriber Privacy: Users who subscribe to a Subscription Plan do not see any third-party advertising, and their identifiers are not used for advertising profiling purposes within the app.
  • Control: You can change your advertising preferences at any time directly from your device settings.

4. How Stephen AI Shares Your Information

Stephen AI does not sell your personal information. Stephen AI may share your information with third parties only in the following limited circumstances:

  • With Service Providers: Stephen AI shares your information with the third-party service providers listed in Section 2.3, solely to enable them to perform services on behalf of Stephen AI (e.g., authentication, database hosting, payment processing, AI model inference, country determination). These providers are contractually obligated to protect your information.
  • For Legal Reasons: Stephen AI may disclose your information if required by law, by a court order, or in response to valid requests by public authorities (e.g., government agencies). Stephen AI may also disclose information to enforce its terms of service, protect its rights, privacy, safety, or property, or those of its users or the public.
  • In Case of Corporate Transactions: if Stephen AI is involved in a merger, acquisition, or sale of all or part of its assets, your information may be transferred as part of that transaction. Stephen AI will notify you via email and/or with a prominent notice in the App of any changes in ownership or use of personal information, as well as any choices you may have.
  • When You Share Content: if you use the App's features to share content (such as your referral code) with others, you will be using your device's native sharing features. Information will be shared with the selected application or service, and such sharing will be governed by that service's privacy policy.

5. Data Retention

Stephen AI retains your personal information for as long as your account is active or as needed to provide you with services. Stephen AI also retains and uses information to the extent necessary to comply with its legal obligations, resolve disputes, and enforce its agreements.

  • Account Information (email): retained for as long as your account remains active.
  • Profile Information (first and last name, country, date of birth, gender, language): stored on our servers and retained for the duration of the account only if you decide to register or subscribe. For unregistered users (Free Plan), Country and Date of Birth remain saved exclusively in the device's local memory, ensuring the highest level of privacy.
  • Images: images uploaded for problem solving are stored temporarily on Stephen AI's Python backend during processing and are deleted immediately after the AI response has been generated and sent to the App. They are not kept for long-term storage.
  • Chat History: messages are sent to Stephen AI's Python backend for processing via OpenAI but are not persistently stored on our backend servers. For registered users, a History feature is available: in this case, the history of conversations and exercises is saved exclusively locally on the user's device memory. Feedback messages, however, are stored in Stephen AI's Firestore database.
  • Payment-Related Data (customer ID, subscription ID, renewal dates): retained for the time necessary for subscription management, financial record-keeping, and regulatory compliance.
  • Tutor Notes: retained for the duration of the account to ensure educational continuity.
  • Referral Data (iOS): IP addresses collected for referral matching on iOS devices are stored in a Firestore database with an automatic deletion mechanism (TTL - Time-To-Live) set to 48 hours. At the end of this period, the document containing the IP and the referral reference is removed from the active database and permanently deleted from the systems, generally within a further 72 hours from the expiration of the TTL.

6. Your Rights and Choices

Depending on your geographic location and applicable data protection laws, you may have certain rights in relation to your personal information:

  • Access and Correction: you can access and update most of your profile information directly from the App settings (for subscribed users).
  • Deletion: you can request the deletion of your account and associated personal data by contacting Stephen AI directly. Please note that some information may be retained for legal or operational purposes (e.g., financial records or aggregated usage data).
  • Marketing Opt-out: Stephen AI does not send promotional marketing emails. Stephen AI only sends essential service-related communications.
  • Device Permissions: you can manage permissions related to the camera and photo gallery through your device's operating system settings.
  • Consent: registration requires consent to this Privacy Policy. For users who subscribe to a plan, the payment and explicit acceptance of the Privacy Policy on the subscription screen constitute the method used to obtain a verifiable consent.

7. Data Security

Stephen AI implements appropriate technical and organizational security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • the use of secure communication protocols (HTTPS) for all data transmissions between the App, Firebase, and the Stephen AI Python backend;
  • data storage in secure Firebase services (Firebase Authentication, Cloud Firestore, Cloud Functions), managed by Google and compliant with industry-standard security practices;
  • the use of Google Play Billing and Apple In-App Purchase systems for processing all payments, ensuring that sensitive financial data is handled by the platforms' native and secure services;
  • limiting access to personal data exclusively to authorized personnel;
  • the temporary storage and immediate deletion of image files on the Stephen AI Python backend after processing.

However, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, while Stephen AI strives to use commercially acceptable means to protect your personal information, it cannot guarantee its absolute security.

8. International Data Transfers

Your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. Stephen AI's primary service providers (Google, Apple, OpenAI) operate globally. By using the App, you consent to such transfers. Stephen AI ensures that such transfers comply with applicable data protection laws by relying on appropriate safeguards (e.g., Standard Contractual Clauses, the EU-US Data Privacy Framework where applicable, and supplementary measures, if relevant).

9. Children's Privacy

Stephen AI is designed and intended for primary and lower secondary school students. Stephen AI is committed to protecting children's privacy and complies with applicable laws, including, where relevant, the Children’s Online Privacy Protection Act (COPPA) in the United States.

  • User Age: Stephen AI collects the Date of Birth (DOB) during profile completion for subscribed users. This helps Stephen AI identify users who may be subject to additional privacy protections.
  • Verifiable Parental Consent via Subscription Payment:
    • for users who choose to subscribe, Stephen AI implements a payment-based verifiable parental consent mechanism. The act of making a payment through the Google Play Store or Apple App Store, combined with an explicit checkbox on the subscription screen indicating acceptance of this Privacy Policy, constitutes the method used to obtain a verifiable consent from a parent or legal guardian;
    • Stephen AI assumes that the person making the payment is the parent or legal guardian and therefore provides consent for the collection of profile information for a minor associated with that subscription.
  • Access and Digital Consent: Stephen AI adopts an "Age Wall" system to verify the user's age at the first launch. Use of the free plan (ad-supported) is permitted exclusively to users who have reached the minimum age for digital consent in their country of residence (e.g., 14 years old in Italy, 13 years old in the USA, Canada, and the UK, 16 in Australia, New Zealand, and Ireland). Users below this threshold can access Stephen AI's services exclusively through a subscription purchased by a parent or legal guardian, which acts as a verifiable consent method.
  • Advertising in the Free Plan: Users on the free plan will see advertisements delivered via Google AdMob. The nature of these ads (personalized or non-personalized) depends on the consent provided by the user via the IAB-standard Consent Management Platform (CMP) presented at the app's launch.
  • User-Generated Content: images uploaded for problem solving and chat messages are processed exclusively for the purpose of providing the AI functionality. Stephen AI does not publicly display user-generated content nor share it with third parties for purposes other than providing the stated service (i.e., transmission to OpenAI for AI inference).
  • Parental Rights: parents and legal guardians have the right to:
    • review the personal information collected from their child;
    • request the deletion of their child's personal information;
    • refuse further collection or use of their child's information.
    To exercise these rights, please contact Stephen AI using the information provided in the “Contact Us” section below. Stephen AI may require identity verification before fulfilling such requests.

10. Account and Data Deletion

If you no longer wish to use Stephen AI and want to delete your account and all associated personal data, you can do so completely autonomously and at any time directly from the App (navigating to Settings > Delete Account). This action is irreversible; it will instantly delete your profile, log out your session, and remove your data from our active databases.

Alternatively, or if you no longer have access to the application, you can send a formal request via email to info@stephenai.it. Include the email address associated with your Stephen AI account for verification.

Steps to request deletion via email:

  1. send an email to info@stephenai.it with the subject: “Account Deletion Request”;
  2. in the message, confirm your request and include the email used to register your Stephen AI account;
  3. our team will verify the request and complete the deletion process within 7 days.

Data that will be permanently deleted from the server:

Email address, profile data (first name, last name, date of birth, gender, country, and language), consent verification status, educational tutor notes (Tutor Notes), submitted feedback, voice usage statistics, credit balance, referral codes, and account creation timestamps. Technical links to transaction identifiers (Order ID and purchase tokens) will also be removed.

Important note regarding History:

Because the History of chats and exercises is saved exclusively locally on your device's memory, deleting your account from the server (whether via the App or via email request) cannot automatically remove this data from your phone. To delete your local history, you must use the App's data clearing feature or uninstall the application entirely.

Data that may be retained:

  • Google and Apple payment logs: necessary for financial, accounting, and legal obligations;
  • Aggregated or anonymized usage statistics: retained for operational analysis and not traceable to a specific individual.

Stephen AI does not directly store credit card data or billing addresses. All payments are securely processed through the native billing systems of Google or Apple, depending on the operating system.

For subscription verification, subscription management, and purchase restoration, we may store certain non-sensitive purchase data in Firestore, such as Google Play purchase tokens, Google Order IDs, Apple receipts, or StoreKit 2 signed data (JWS), as well as subscription metadata (e.g., originalTransactionId, product ID, renewal/expiration timestamps, and, where applicable, cancellation timestamps). This data is stored securely and is accessible only to authorized services for providing and maintaining subscription access rights.

We may also process Apple server-to-server notifications and Google real-time notifications (e.g., renewals, cancellations, expirations, refunds, or revocations) to maintain accurate subscription status and access rights.

11. Changes to this Privacy Policy

Stephen AI may periodically update its Privacy Policy. Stephen AI will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date at the beginning of the document. You are encouraged to review this Privacy Policy regularly for any changes. Changes become effective when they are posted on this page.

12. Contact Us

For any questions or concerns regarding this Privacy Policy, Stephen AI's data processing practices, or to exercise your rights, you can contact Stephen AI at the following details:

Company Name: DCNT SRLs
Email: info@stephenai.it
Website: stephenai.it