Legal

Privacy Policy

Last updated: June 2026

This Privacy Policy explains how LearnByAi collects, uses, discloses, and safeguards your information across our ecosystem of document intelligence applications. We are committed to maintaining document isolation, contextual data sovereignty, and user privacy.

Unlike traditional platforms that force account creation up front, LearnByAi is built with an anonymous-first philosophy, allowing you to interface with our Retrieval-Augmented Generation (RAG) platform securely using a local browser identity.

01

Document Types

This policy governs data handling across LearnByAi's unified document interface, which supports the following document types through a single platform:

  • Document conversation
  • Legal analysis and contracts
  • Study and learning accelerators
  • Medical reports
  • Construction and freelance scopes
  • Human resources workspace
  • Financial statements and ledger indexing
02

Information We Collect

A. Anonymous Identifier and Active Sessions

To use LearnByAi without creating an account, we generate a persistent, unique browser token (anonymous_id) that remains stored securely within your browser local storage and HTTP-only cookies. This token correlates your browser session with your isolated workflows and historical logs securely without capturing your personal identity.

B. Uploaded Document Payloads

We collect the files you explicitly upload to the service (such as PDFs, DOCX, XLSX, PPTX, TXT, or image formats) along with relevant operational metadata purely to parse text and execute semantic transformations.

C. Chat and Interaction History

We log natural language query inputs, prompt strings, and corresponding audio files submitted via Voice capabilities to provide conversational execution, speech-to-text context windows, and real-time interface logging.

03

Data Architecture and Processing Boundaries

Our platform is carefully structured to keep database processes isolated, using containerized and strictly managed environments rather than sprawling public third-party services:

1

Self-Hosted Environment (Oracle Cloud Infrastructure)

The core execution layer, including our application APIs, transactional relational maps, and parsing structures run on isolated cloud clusters hosted inside our self-hosted Oracle Cloud infrastructure.

2

Database and Vector Isolation (Supabase and Qdrant)

Your interaction records and activity logs map to a dedicated Supabase instance. For semantic operations, extracted text structures are compiled into unique vector points inside our self-hosted Qdrant database, completely partitioned from other tenancy vectors using mandatory namespace-level access filtering.

3

Asset Vaulting (Cloudinary)

Raw file payloads are stored and staged safely through Cloudinary Secure Asset Management architecture. Documents are accessed only using signed, expiring tokenized pointers generated securely by our APIs. Cloudinary is fully SOC 2 Type II certified and trusted globally by enterprise groups like Boeing, Nike, and Deloitte.

04

Third-Party Intelligence Processing (OpenAI)

We use OpenAI as our dedicated Large Language Model engine for token parsing, embeddings generation, and contextual chat evaluation.

Zero Data Training

All integrations utilize commercial API routes. By contract, your conversational prompts, extracted document segments, and embedding parameters are never used by OpenAI to train public or foundational models.

Transient Lifespans

Data blocks injected into context variables exist solely during active inferential requests and are flushed instantly from active pipeline sessions after output termination.

05

Complete Purging and Cascading Deletions

We believe you own your data. When you explicitly trigger a document deletion or delete your active workspace configuration, our backend executes a mandatory cascading hard-delete cycle across all storage layers:

01Cloudinary Assets Purged
02Qdrant Vectors Wiped
03Supabase Rows Cleared
04Session Logs Flushed

All system associations, message histories, and parsing objects are completely scrubbed within 30 days of data removal. Only generalized, aggregate analytical counts (which lack any user identifiers) are kept for optimization.

06

Security Commitments

All data traffic traveling between your workstation, our Oracle Cloud environment, Cloudinary storage nodes, and OpenAI APIs uses TLS 1.3 encryption protocols. Static tables and storage structures are encrypted at rest via AES-256 blocks.

Security Notice

As an anonymous-first platform, file payload elements reside temporarily in plain text inside isolated asset vaults during processing. Advanced custom cryptographic key-derivation frameworks tied directly to secure individual accounts will be deployed systematically in future releases as user profiles are linked.

07

Contact and Administration

If you have structural configuration questions, inquiries regarding regional sovereignty boundaries (such as GDPR or CCPA requirements), or wish to initiate file verification audits, reach out to our team at:

Emailsecurity@learnbyai.app

LearnByAi · Privacy Policy · Last updated June 2026