Privacy Policy

This Privacy Policy is also available in Serbian language. The English language version of this Privacy Policy will be the binding and controlling version and will prevail in case of any discrepancy with the Serbian version.

1. Introduction

This Privacy Policy explains how Sofinity Solutions Inc. ("We", "Our", "AI Zdravo") collects, uses, shares, and protects your personal data when you use our AI Zdravo educational platform.

We are committed to protecting your privacy and being transparent about our data collection practices.

2. Data We Collect

2.1 Data You Provide

2.1.1 Account Information

• Email address - for account creation and communication
• Full name - for personalization of experience
• Password - stored in encrypted form (we never see your password in plain text)
• Avatar - optional, if you use Google OAuth or upload an image

2.1.2 Onboarding Quiz

When you complete our initial assessment quiz, we collect your answers to 10 questions, including:

• Your primary goal (business expansion, career advancement, skill learning, entrepreneurship)
• Your current role (manager, developer, marketing, content creator, etc.)
• Which AI tools you currently use (ChatGPT, Claude, Midjourney, etc.)
• Biggest challenge in using AI
• Learning style (preferences on a scale of 1-5)
• Weekly time for learning
• Experience level with AI
• Areas of interest
• Learning motivation
• Specific use case scenarios

Note: We use this data to calculate your professional archetype (INNOVATOR, SPECIALIST, PIONEER, or ARCHITECT) and recommend personalized learning paths. All answers are stored in your profile.

2.1.3 Social Links (Optional)

• X (Twitter) profile
• LinkedIn profile
• GitHub profile
• Personal website

You can add this information at /dashboard/profile/social and it will be displayed on your public community profile.

2.1.4 Affiliate Information

If you participate in our Affiliate program, we collect:

• Bank account details for payouts (IBAN, BIC/SWIFT, account holder name, bank name)
• Your unique referral code

2.1.5 User-Generated Content

• Discussions and comments in the community
• Likes on discussions and replies
• Bookmarks (saved courses, guides, prompts, tools)

2.2 Data We Automatically Collect

2.2.1 Platform Activity

• Completed lessons and courses
• Completed guides
• Time spent on platform
• Learning streaks (daily streaks)
• Last login date

2.2.2 Gamification Data

• Prestige Level - your current level (1-50)
• XP (Experience Points) - total earned points
• Earned badges - achievements you've unlocked
• XP Ledger - complete history of all XP transactions with metadata (which action, when, how much)

2.2.3 Technical Data

• IP address
• Browser type and version
• Operating system
• Pages you visit on the platform
• Referrer URL (where you came from)
• Time and date of visit

2.3 Data from Third Parties

2.3.1 Google OAuth

If you log in via "Continue with Google" option, we collect:

• Name from your Google profile
• Email address
• Profile picture (avatar)

2.3.2 Stripe (Payments)

When you purchase a subscription, Stripe shares with us:

• Stripe Customer ID
• Stripe Subscription ID
• Subscription status
• Invoice history

Note: Stripe directly processes your payment card data. We NEVER see or store your full card numbers.

3. How We Use Your Data

3.1 Providing and Improving Service

• Creating and maintaining your account
• Processing subscriptions and payments
• Enabling access to courses, guides, and content
• Tracking your learning progress
• Awarding XP, levels, and badges
• Enabling community participation

3.2 Personalization

• Archetype-Based Learning Paths: We use your quiz answers to determine your professional archetype and recommend personalized learning paths
• Displaying relevant content based on your level and interests
• Tracking your bookmarks and favorite content

3.3 Marketing and Communication

• MailerLite Email Sequences: We sync your subscription status (Free, Trial, Standard, Premium) and archetype with MailerLite groups for sending targeted email campaigns
• Sending transactional emails (payment confirmations, reminders, notifications)
• Sending newsletters with new courses and content (you can unsubscribe at any time)
• In-app notifications about news and updates

3.4 Analytics and Improvement

• Understanding how users use the platform
• Identifying popular courses and content
• Testing new features
• Troubleshooting and fixing technical issues

3.5 Affiliate Program

• Tracking referrals and conversions
• Calculating commissions
• Processing payouts

3.6 Legal Reasons

• Fulfilling legal obligations
• Resolving disputes
• Enforcing our Terms of Service
• Protecting our rights and safety of our users

4. Sharing Data with Third Parties

We DO NOT sell your personal data to third parties. We only share data with trusted service providers who help us operate the platform.

4.1 Service Providers

Stripe (Payment Processing)

• What we share: Email, name, Customer ID
• Purpose: Processing subscriptions and payments
• Their policy: https://stripe.com/privacy

Supabase (Authentication and Database)

• What we share: Email, encrypted password, session tokens
• Purpose: User authentication and data storage
• Their policy: https://supabase.com/privacy

Resend (Transactional Emails)

• What we share: Email, name
• Purpose: Sending password resets, payment confirmations, welcome emails
• Their policy: https://resend.com/legal/privacy-policy

MailerLite (Marketing Automation)

• What we share: Email, name, subscription status, archetype
• Purpose: Email marketing sequences and newsletters
• Groups: [Status] Free/Trial/Standard/Premium, [Archetype] INNOVATOR/SPECIALIST/PIONEER/ARCHITECT
• Their policy: https://www.mailerlite.com/legal/privacy-policy

Vercel (Hosting and Analytics)

• What we share: IP address, user agent, page paths
• Purpose: Application hosting and basic analytics
• Their policy: https://vercel.com/legal/privacy-policy

Google (OAuth Authentication)

• What we share: Email, name, avatar URL
• Purpose: Social authentication (optional)
• Their policy: https://policies.google.com/privacy

4.2 Legal Requirements

We may disclose your data if necessary:

• To comply with legal obligations (court order, subpoena)
• To protect the rights, property, or safety of AI Zdravo, our users, or the public
• To investigate possible fraud or violations of terms

4.3 Business Transfer

In case of merger, acquisition, or asset sale, your data may be transferred to the new owner. We will notify you via email and platform notification before your data comes under a different privacy policy.

5. Your Rights

5.1 Data Access

You have the right to request a copy of all personal data we hold about you. You can access most of your data directly through your profile at /dashboard/profile.

5.2 Data Correction

You can update your personal information at any time through:

• /dashboard/profile - basic information
• /dashboard/profile/social - social links

5.3 Account Deletion

You can request permanent deletion of your account by contacting hi@aizdravo.com. When we delete your account:

• Your email, name, and access credentials will be permanently deleted
• Your subscription will be canceled
• Your learning progress will be deleted
• Note: Your public community posts (discussions and comments) remain on the platform but will be anonymized (displayed as "Deleted User")

5.4 Unsubscribe from Marketing Emails

You can unsubscribe from marketing emails:

• By clicking the "Unsubscribe" link at the bottom of any email
• By updating your email preferences in your profile
• By contacting support at hi@aizdravo.com

Note: Even if you unsubscribe, we will continue sending transactional emails (payment confirmations, password resets) that are necessary for service operation.

5.5 Data Export

You can request export of your data in machine-readable format (JSON or CSV) by contacting hi@aizdravo.com.

6. Data Retention

6.1 Active Accounts

We retain your data as long as your account remains active or as needed to provide services.

6.2 Retention Periods

• Account data: While account is active + 90 days after deletion
• Transaction data: 7 years (legal obligation)
• Marketing data: Until unsubscribe or account deletion
• Logs and analytics: 12 months
• Notifications: 30 days (automatic deletion)
• Public content: Permanently (discussions and comments remain anonymized after account deletion)

7. Data Security

We use industry standards to protect your data:

7.1 Technical Measures

• Encryption: All data in transit uses TLS/SSL encryption
• Passwords: Stored using bcrypt hashing (we cannot see your password)
• Authentication: Session-based authentication with httpOnly cookies
• Database: Row-Level Security (RLS) policies in Supabase

7.2 Organizational Measures

• Data access limited to key personnel only
• Regular security audits and reviews
• Secure server backups

7.3 Your Responsibility

• Use a strong, unique password
• Do not share access credentials with others
• Log out on public computers
• Immediately notify us of any suspected unauthorized activity

8. Cookies

8.1 What are Cookies?

Cookies are small text files stored on your device when you visit our platform.

8.2 How We Use Cookies

Essential Cookies (Cannot be disabled)

• Session cookies: Keep you logged into the platform
• Supabase auth cookies: Authentication and security

Functional Cookies

• Referral tracking: ref_code cookie stores affiliate referral code for 30 days
• User referral tracking: user_ref_code cookie for user-to-user referral system (30 days)
• Theme preference: Remembers your preferred theme (light/dark)

Analytics Cookies

• Vercel Analytics: Basic page visit analytics

8.3 Managing Cookies

You can control cookies through your browser settings. Disabling cookies may affect platform functionality (you won't be able to stay logged in).

9. Children

Our platform is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will immediately delete that data.

If you are a parent or guardian and believe your child has provided personal data, please contact us at hi@aizdravo.com.

10. International Data Transfer

Your data may be transferred and stored on servers outside your country. Our company is based in the United States (Delaware), but we use service providers with servers worldwide (Supabase, Vercel).

When we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

• We will post the new policy on this page
• We will update the "Last Updated" date
• For significant changes, we will send email notification

We recommend periodically reviewing this Policy to stay informed about how we protect your data.

12. Contact for Privacy Questions

If you have any questions about this Privacy Policy or how we manage your data, please contact us: