Atypical AI Privacy Policy

Last Updated: January 22, 2026

This Privacy Policy describes how Atypical AI Corp. dba ExamJam ("Atypical AI," "we", "us" or "our") handles personal information that we collect through our websites that link to this Privacy Policy and educational services accessible via ExamJam or other websites and applications (collectively, the "Service"), as well as through our marketing and other activities described in this Privacy Policy.

For details regarding data collection through cookies and other technologies, see our Cookie Notice.

Individuals in the EEA/UK: See our Notice to European users for information about your personal information and data protection rights.

If you have any questions or concerns about our use of your personal information, please contact us.

Scope of this Privacy Policy
This Privacy Policy applies when Atypical AI acts as a data controller – for example, when students or parents sign up directly to use our consumer Services. When Atypical provides Services on behalf of a school or other educational institution, we act as a data processor, and the school or institution remains the controller. In those cases, our contracts with the institution govern our processing.

Personal information we collect
The personal information we collect from you, either directly or indirectly, will depend on how you interact with us and with our Service. In general, we collect personal information about you from the following sources:

Information you provide to us
Personal information you may provide to us through the Service, at our events or otherwise includes:

  1. Contact data. Your full name, email address, school or company affiliation, and other contact details.
  2. Account data. Email address and the password for your Service account.
  3. Input data. Any personal information contained in the prompts you submit to our AI assistant  while engaging with our Service.
  4. Questionnaire data. Your responses to pre-onboarding or post-onboarding questionnaires (for example, study goals or subject confidence).
  5. Communications data. Information in your communications with us, including when you communicate with us through the Service, social media, events, or otherwise, including any feedback you provide about the Service and your responses to surveys.

If we collect personal information from you not specifically listed above, we will use it consistent with this Privacy Policy or as otherwise explained at the time of collection.

Information automatically collected
As you navigate the Service, our communications, and other online services, we and our service providers may automatically collect information about you, your computer or device, and your browsing actions and use patterns, such as:

  1. Device data.  Technical information about your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique device identification numbers or other identifiers, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
  2. Usage data.  Page views and searches, log-in information, videos and other content that you view, how long you spent on a page, the website you visited before browsing to the Service, your interactions with a page (e.g. if you “like” content), navigation paths between pages, information about your activity on a page, access times and duration of access, whether you have opened our emails or clicked links within them, and other functional information on Service performance (like diagnostics and crash logs).
  3. Output data. The outputs generated by the AI features of the Service based on your Inputs.

Cookies and similar technologies. Some of the information we collect automatically is captured using cookies and similar technologies as described in our Cookie Notice.

Tracking and analytics software. We use analytics and marketing tools to better understand our users' needs and to optimize our service and experience.

PostHog.
We use PostHog to understand user behavior and improve our services. PostHog may collect:
* Technical data (IP address, browser type, device information, pages visited)
* Usage patterns (clicks, scrolling, time spent on pages, navigation paths)
* Session recordings that capture how users interact with our app/site, with personal information and text inputs automatically masked
* Location data based on IP address (country/city level only)

Meta Pixel.
We use Meta Pixel (operated by Meta Platforms, Inc.) to measure the effectiveness of our advertising campaigns, understand how users interact with our content after viewing our advertisements, and to build audiences for future marketing efforts.

Meta Platforms, Inc. is certified under the EU-U.S. Data Privacy Framework, the UK Extension, and Swiss-U.S. Data Privacy Framework, ensuring adequate protection for personal data transferred to the United States. Meta acts as an independent data controller for information collected through Meta Pixel.

Meta Pixel may automatically collect the following information when you visit our website:
* Device information (IP address, browser type, operating system, device identifiers)
* Usage data (pages visited, time spent on pages, clicks, scrolling behavior)
* Referral information (the website you visited before coming to our site)
* Basic demographic inferences based on your Facebook profile (if you're logged in)

This information is transmitted to Meta's servers in the United States. For users in the European Economic Area, United Kingdom, and Switzerland, Meta Pixel will only be activated after you provide explicit consent through our cookie banner. You can withdraw your consent at any time by adjusting your cookie preferences through the cookie settings link on our website.

Meta acts as an independent data controller for information collected through Meta Pixel. You can learn more about Meta's data practices and exercise your rights regarding data collected by Meta at https://www.facebook.com/privacy/policy/.

Advertising and Marketing Technologies
Cookie-based advertising. We use cookies and similar technologies to deliver relevant advertisements and measure their effectiveness. Some of these technologies may track your browsing activity across different websites and services.

Cross-device tracking. Meta Pixel may associate your activity across different devices if you're logged into Facebook or Instagram, enabling us to understand your interaction with our services across platforms.

Audience building. We may use information collected through Meta Pixel to create "lookalike audiences" – groups of potential users who share similar characteristics with our existing users. This helps us reach people who might be interested in our services.

Advertising effectiveness measurement. We track whether users who see our advertisements later visit our website or sign up for our services, helping us understand which marketing efforts are most successful.If you're located in the European Economic Area, United Kingdom, or Switzerland, these activities require your explicit consent, which you can provide or withdraw through our cookie banner.

If you're located in the European Economic Area, United Kingdom, or Switzerland, these activities require your explicit consent, which you can provide or withdraw through our cookie banner.

Third Party Sources
We combine personal information we receive from you or collect automatically when you use the Service with personal information we obtain from other sources, such as:

  1. Schools. Schools and teachers may share names and other information about students eligible to use the Service, either directly or by inviting them to use it through a unique link associated with the school or class.
  2. Authentication services. When you log into the Service by using your credentials on a third party service, such as Google, Microsoft, or a textbook publisher’s platform, that service may provide us with your name, email address, photo, and other data according to your settings in that service.
  3. Our business contacts.  Our professional contacts share with us contact details about individuals in their networks, including prospective customers and partners. 

Note that some of the output data generated by the Service’s AI features may be generated partly based on third party data sources used to train the model employed by the AI features. Any inclusion of personal information about a Service user in those data sources would be coincidental.

Payment Information
When you purchase a subscription, your payment is processed by our third-party payment providers (such as Stripe, Apple App Store, or Google Play Store). We do not collect or store your payment card information. We receive limited subscription and billing metadata (such as subscription status, plan type, renewal date, and trial eligibility) from these providers. We use this information to manage your account and provide the Services. Your use of the payment providers is subject to their terms and privacy policies.

Links: Stripe Privacy Policy, Apple Privacy Policy, Google Privacy Policy.

How we use your personal information
We use your personal information for the following purposes or as otherwise described in this Privacy Policy or at the time of collection:

Service delivery. We use your personal information to register your account on our Service, to manage and administer your Service account, and to provide the Service, including providing personalized educational experiences based on inferences derived from the personal information we collect, facilitating user interaction, and tracking learning progress. We use your personal information to communicate with you about our Service (including via support and administrative messages).

Personalization. We use questionnaire responses to personalize your study experience and set up your learning plan. If you create an account, your responses are added to your profile. If you do not create an account, we automatically delete them within 30 days. We do not share questionnaire data for advertising.

Business operations.  We use your personal information to administer and maintain our Service and our IT systems (including monitoring, troubleshooting, data analysis, testing, system maintenance, repair and support, reporting and hosting of data) and to operate our business.

Research and development. As permitted by applicable law, we use your personal information for research and development purposes, including to analyze and improve the Service and our educational products and services in an informed way. As part of these activities, we may create aggregated, de-identified and/or anonymized data from personal information we collect. We make personal information into de-identified or anonymized data by removing information that makes the data personally identifiable to you. We may use this aggregated, de-identified or otherwise anonymized data and share it with third parties for our lawful business purposes, including to analyze, improve and promote the Service and our business. We may use students’ or teachers’ input data to improve our Services and train our proprietary machine learning models. We do not use students’ or teachers’ input data to train third-party AI models without consent.

Service Communications. We send essential communications related to your account, service usage, trial status, and billing to help you use our Services effectively. These are sent based on our legitimate interest in providing the service you requested or as necessary to fulfill our contract with you.

Learning Support & Progress Communications. We use your service usage data to send onboarding guidance, educational content, personalized progress reports, activity reminders, and suggestions to help you achieve your goals with our Services. This processing is based on our legitimate interest in helping you succeed with the service you requested, balanced against your privacy rights. You can opt-out of these communications at any time.

Product Updates.
We send notifications about new features, platform improvements, and changes that affect your experience with our Services. This processing is based on our legitimate interest in keeping you informed about developments to the service you use, balanced against your privacy rights. You can opt-out of these communications at any time.

Direct marketing.
We send promotional marketing communications with your consent, including:
* Promotional emails about special offers, discounts, and marketing campaigns
Educational marketing content designed to promote our Services
Cross-selling communications about related services or upgrades

For US users, consent is obtained when you create your account. For EU and UK users, we obtain explicit consent through a separate opt-in process. You can withdraw your consent and opt-out of marketing communications at any time.

Legal Basis by Location
US users: We may send onboarding and conversion emails based on our legitimate interest in helping users succeed with our Services. You can opt-out at any time using the unsubscribe link in any email.
EU/UK users: We obtain explicit consent before sending marketing emails. You can withdraw consent at any time through email unsubscribe links or by contacting us.

We do not send marketing emails to K-12 students who access our Services through school or educational institution accounts, or use their personal information to target them with ads. Individual users who sign up directly with Atypical AI (not through a school account) may receive marketing communications as described above. You may opt-out of our marketing communications as described in the Opt-out of Marketing section below.

Compliance and protection
We use your personal information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities. We also use your personal information to protect our, your or others’ rights, privacy, safety, or property (including by making and defending legal claims), including by conducting internal audits against our policies; enforcing the terms and conditions that govern the Service; and taking steps to prevent, investigate and deter fraud, cyberattacks or other unauthorized, unethical, or illegal activity.

How we share your personal information
We may share your personal information with the following categories of recipients and as otherwise described in this Privacy Policy or at the time of collection. We do not sell teachers’ or students’ personal information, or share it with third parties for their own marketing purposes.

Onward Transfer Accountability: Under the Data Privacy Framework principles, we remain liable if our service providers process your personal data in a manner inconsistent with the DPF principles, unless we can prove we are not responsible for the event giving rise to the damage.

Partners
We license content and collaborate with publishing and educational partners who help us provide educational content and services and who may also assist with business development and marketing activities. We share only aggregated or anonymized usage and analytics data with these partners for purposes such as content improvement, payment reporting, understanding general usage trends, business development, and promotional activities. We do not share identifiable personal data with partners unless you have provided explicit consent. When we do share identifiable data with partners, we ensure they provide adequate protection equivalent to DPF principles.

Educational institution members
If you are in the same educational institution, we share personal information that you authorize us to share with other members of that institution. We share personal information of students, such as communications with a chatbot or assignments, with teachers.

Service providers
Third parties that provide services on our behalf or help us operate the Service or our business, including:
* Business applications and hosting services - for data storage, system operations, and service delivery (with contractual safeguards requiring DPF-equivalent protection)
Content delivery networks and information technology services - for website performance optimization and technical infrastructure (adequate contractual protections)
Customer support services - for user support ticket management, help desk operations, and direct customer service communications (DPF-compliant or adequate safeguards)
Communication and email delivery services - for delivering service-related messages, educational content, progress notifications, marketing communications, and other user communications via email, push notifications, and other messaging channels (DPF-compliant or adequate safeguards)
Analytics, user research, and performance monitoring services - for user behavior analysis, session replay, feedback collection, research surveys, performance monitoring, user experience optimization, and service improvement through tools like PostHog, Google Forms, and similar platforms (EU hosting or adequate safeguards)
Payment processing services - for subscription billing and transaction processing (see payment information section)
Artificial intelligence services - for powering core application functionality, AI tutoring features, text and voice chat capabilities, and other AI-driven educational services (contractual protections)

We ensure all service providers either: (a) are certified under the Data Privacy Framework, (b) are subject to EU adequacy decisions or UK adequacy regulations, or (c) have entered into written agreements with us requiring them to provide at least the same level of protection as required by the DPF principles.

We contractually require our service providers to provide at least the same level of protection as the DPF principles. If they fail to do so and process your personal data in violation of DPF principles, we remain liable unless we can prove we are not responsible for the damage.

Marketing and Advertising Services
Third parties that help us measure advertising effectiveness and reach potential users, including:

Meta Platforms, Inc. (DPF certified) through Meta Pixel for advertising analytics and measurement
* Other advertising and marketing service providers (with adequate contractual safeguards)

These services may involve the transfer of personal information to the United States under DPF protections. We do not permit these service providers to use your personal information for their own marketing purposes without appropriate legal basis.

Authentication services. When you log into the Service by using your credentials on a third party service, such as Google and Microsoft, or a textbook publisher’s platform, that service may collect your credentials and other data to facilitate the authentication. You can read Google’s privacy policy here: https://policies.google.com/privacy and Microsoft's privacy policy here: https://privacy.microsoft.com/en-us/privacystatement.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of professional services, with appropriate contractual protections in place.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for compliance and protection purposes. We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Where legally permitted, we will notify affected individuals of such requests.

Business transferees. In connection with business transactions involving corporate divestiture, merger, acquisition, or asset sales, with appropriate safeguards to ensure continued DPF compliance by any successor entity.

Your choices
This section applies to all users. Some users may also have additional rights under applicable privacy laws, as described in the relevant region-specific sections below. If you do not provide information we identify as required or mandatory, we may not be able to provide features or services that require that information.

Access or update your information. You may review and update certain Service account information by logging into your account.

Opt-out of marketing communications. You may opt-out of marketing emails at any time by following the opt-out or unsubscribe instructions at the bottom of the email, adjusting your email preferences in your account settings (where available), or by contacting us with your request. Please note that if you opt-out of marketing emails, you may continue to receive service-related and other non-marketing emails.

Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. See our Cookie Notice for more information about how to control cookies.

Advertising and Tracking Preferences
You can control whether Meta Pixel tracks your activity on our website through our cookie banner, which appears when you first visit our site. You can also:
* Adjust your cookie preferences at any time by clicking the cookie settings link in our website footer
* Opt-out of Meta's advertising by visiting your Facebook Ad Preferences at https://www.facebook.com/adpreferences/advertisers
* Use browser settings to block or delete cookiesNote that opting out of Meta Pixel may not affect other analytics or advertising services we use.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Other sites and services
The Service may contain links to or integrations of websites and other online services operated by third parties. In addition, the Service and our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or other online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Security
We use technical and organizational safeguards designed to protect the personal information we process. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.

Retention
We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for the compliance and protection purposes described above. Factors determining the appropriate retention period for personal information include the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we process the personal information, whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information, we have collected about you, we will either delete or anonymize it (so that it is no longer personally identifiable with you) or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will isolate your personal information from any further processing, employing security safeguards designed to protect it, until deletion is possible.

International data transfers
We are headquartered in the United States and may use service providers that operate in the United States and other countries. These countries may have data protection laws that differ from those of your country.

For EU, UK, and Swiss Data Subjects
We comply with the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework to ensure adequate protection for personal data transferred from the European Union, United Kingdom, and Switzerland to the United States. Our DPF certification ensures that your personal data receives protections equivalent to those provided under EU/UK data protection law.

Other International Transfers
For transfers to countries not covered by DPF, we rely on:
- European Commission adequacy decisions and UK adequacy regulations where available
- Standard Contractual Clauses approved by the European Commission and UK authorities
- Other appropriate safeguards as recognized under applicable data protection law

Transfers to Meta Platforms, Inc.
When you consent to Meta Pixel, your personal information is transferred to Meta Platforms, Inc. in the United States. Meta is certified under the EU-U.S. Data Privacy Framework, providing adequate protection for this transfer.

You can find more information about Meta's international transfer mechanisms in their privacy policy.You can find more information about our data transfer safeguards by contacting us at privacy@atypicalai.com.

Data Privacy Framework Certification
Atypical AI Corp. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Atypical AI Corp. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Atypical AI Corp. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

DPF Principles We Follow
- Notice: We provide clear information about our data collection, use, and sharing practices
- Choice: We provide meaningful opportunities to opt out of secondary uses and third-party sharing of personal data; To request to limit the use and disclosure of your personal information, you can submit a written request to privacy@atypicalai.com.
   - For purposes of the Choice principle, we do not collect sensitive personal information, but we acknowledge that we would        require opt-in consent before secondary uses or third-party data sharing of such information

- Accountability for Onward Transfer: We ensure third parties who receive your data provide adequate protection and remain liable for their compliance, unless we prove that we are not responsible for the event giving rise to any damage
- Security: We implement reasonable safeguards to protect personal data from loss, misuse, and unauthorized access
- Data Integrity and Purpose Limitation: We process personal data only in ways that are relevant and compatible with the purposes for which it was collected
- Access: We provide individuals with reasonable access to their personal data and opportunities to correct inaccuracies; An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States in reliance on the DPF Program should direct their query to privacy@atypicalai.com
    - If requested to remove data, we will respond within a reasonable timeframe
- Recourse, Enforcement and Liability: We provide independent dispute resolution mechanisms and submit to regulatory oversight (see “Dispute Resolution for EU, UK, and Swiss Data Subjects”)

Regulatory Oversight: Atypical AI is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) regarding compliance with the Data Privacy Framework.

Government Access: Atypical AI may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Where legally permitted, we will notify affected individuals of such requests.

Children
For children between 13 and 18 years of age, see our Privacy Policy for Children.

The Service is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13, and Meta Pixel is configured to exclude users under 13 from data collection and advertising targeting. If you are a parent or guardian of a child under 13 from whom you believe we have collected personal information in a manner prohibited by law, please contact us immediately at privacy@atypicalai.com. If we learn that we have collected personal information through the Service from a child under 13 without the consent of the child's parent or guardian as required by law, we will comply with applicable legal requirements to delete the information and ensure it is also removed from Meta's systems.

Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledgment that the modified Privacy Policy applies to your interactions with the Service and our business.

Dispute Resolution for EU, UK, and Swiss Data Subjects
In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Atypical AI commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact Atypical AI Corp. at privacy@atypicalai.com.

Atypical AI has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction

Regulatory Oversight: As noted in the “DPF Principles We Follow” section, Atypical AI is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) regarding compliance with the Data Privacy Framework.

How to contact us
General Privacy Questions: privacy@atypicalai.com DPF-Related Complaints: privacy@atypicalai.com (Subject: "DPF Complaint") General Support: support@atypicalai.com

Mailing Address: Atypical AI Corp. 608 Upson Street Austin, TX 78703 USAFor EU/UK Data Protection Inquiries: You may also contact your local data protection authority if you have concerns about how we handle your personal data.

Notice to European users
The information provided in this notice applies only to individuals in the United Kingdom (“UK”), the European Economic Area (“EEA”) and Switzerland (we collectively refer these countries as “Europe”).The personal information that we collect from you is identified and described in greater detail in the section of the Privacy Policy entitled Personal information we collect.

Controller. Atypical AI Corp. is the controller of your personal information described in this Privacy Policy. See the How to contact us section above for contact details.

Legal bases for processing. European data protection law requires that we have a “legal basis” for each purpose for which we process your personal information. Depending on the purpose for collecting your information, we may rely on one of the following legal bases:

  1. The processing is necessary to perform a contract that we are about to enter into, or have entered into, with you (“Contractual Necessity”).
  2. The processing is necessary to pursue our legitimate interests or those of a third party and we are confident that your privacy rights will be appropriately protected (“Legitimate Interests”).
  3. We need to comply with laws or to fulfill certain legal obligations (“Compliance with Law”).
  4. We have your specific consent to carry out the processing for the purpose in question (“Consent”), or the consent of a parent, guardian, or school where required by law. Generally, we do not rely on Consent as a legal basis for using your personal information other than in the context of direct marketing communications where required by applicable law.

The table below identifies the legal bases we rely on in respect of the relevant purposes for which we use your personal information. For more information on these purposes and the categories of personal information involved, see the section in the Privacy Policy entitled How we use your personal information.

Processing purpose Types of personal information processed Legal basis
Service delivery

Contact data Account data Input data Communication data Device data Usage data Data inferred from the above ("inferred data")

 Contractual Necessity. If we have not entered a contract with you, we process your personal information based our Legitimate Interests (in providing the Services you access or request)
Business operations

Contact data Account data Input data Communication data Device data Usage data Inferred data

 Contractual Necessity. If we have not entered a contract with you, we process your personal information based our Legitimate Interests (in providing the Services you access or request)
Research and development

Contact data Account data Input data Communication data Device data Usage data Inferred data

 Our Legitimate Interests (in analyzing and improving our educational services and our business).
Marketing

Contact data Account data Input data Communication data Device data Usage data Inferred data

 Our Legitimate Interests (in promoting our products and services through marketing communications). In circumstances or in jurisdictions where consent is required under applicable data protection laws, we rely on your Consent to send direct marketing communications.
Onboarding and conversion emails (US users)

Contact data Account data Usage data

 Our Legitimate Interests (in helping users succeed with our Services and understand available features)
Onboarding and conversion Marketing emails (EU/UK users)

Contact data Account data Usage data

 Consent (explicit opt-in through signup process or separate consent mechanism)
Advertising measurement and audience building

Contact data, Device data, Usage data, Inferred data

 Consent (for Meta Pixel activation and data sharing with Meta Platforms, Inc.).
Sharing your personal information as described in this Privacy Policy

Contact data Account data Input data Communication data Device data Usage data Inferred data

 We use the original legal basis relied upon if the relevant further use is compatible with the initial purpose for which the personal information was collected. Otherwise, we rely on your Consent
Compliance and Protection

All data relevant in the circumstances.

 Compliance with Law (where processing is necessary to comply with our legal obligations). Otherwise, we rely on our Legitimate Interests (in protecting our, your or others' rights, privacy, safety or property)
Partner reporting and aggregated analytics

Aggregated, de-identified, or anonymized data.

 Legitimate Interests (in fulfilling partner obligations). Identifiable data is not shared without Consent.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information. We do not collect sensitive personal information (e.g., government-issued ID numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) and ask that you do not provide us with any such information.

Your rights. European data protection laws give individuals in Europe the following rights regarding their personal information:

  1. Right of access. You can ask us to provide you with information about our processing of your personal information and give you access to your personal information.
  2. Right to rectification. If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.
  3. Right to erasure. You can ask us to delete or remove your personal information where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law.
  4. Right to restrict processing. You can ask us to suspend the processing of your personal information:
    - if you want us to establish the information’s accuracy;
    - where our use of the information proves to be unlawful but you do not want us to erase it;
    - where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    - if you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
  5. Right to object. You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) to do so and you believe it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes.
  6. Right to data portability. You have the right, in certain circumstances, to ask us to provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format.
  7. Right to withdraw consent at any time. Where we are relying on consent to process your personal information you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Exercising Your Rights
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal information or where certain exemptions apply. If we decline your request, we will tell you why, subject to legal restrictions.
To exercise any of the rights described above, you can contact us through the following methods:
* Submit an in-app request: Log into your account and submit a support request, selecting "Account Data Request" as the issue type. This option also allows you to request account deletion.
* Email us directly: Contact us at privacy@atypicalai.com with details about your specific request.When contacting us, please include:
* Your full name and email address associated with your account
* The specific right you wish to exercise (access, correction, deletion, etc.)
* Any additional information that will help us locate your data and verify your identityWe will respond to your request within 30 days and may request additional information to verify your identity before processing your request.

Your Right to Lodge a Complaint with Your Supervisory Authority
If you are not satisfied with our response to a request you make, or how we process your personal information, you can make a complaint to the data protection regulator in your habitual place of residence.

For users in the EEA: The contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en

For users in the UK: The contact information for the UK data protection regulator is below: The Information Commissioner's Office Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF Tel. +44 303 123 1113 Website: https://ico.org.uk/make-a-complaint/

Get Started
Company
Solutions
Resources
Legal
Copyright © 2026 Atypical AI Corp. All rights reserved.