← Back to Dashboard

Privacy Policy

Version 2.0 — Last revised May 2026

1. Who We Are

This Privacy Policy describes how DH Consulting (“Company,” “we,” “us”), the owner of the AI Junkies University brand, collects, uses, shares, and protects personal information about users of aijunkiesuniversity.com (the “Service”). For the purposes of GDPR and equivalent laws, the Company is the data controller of personal information you provide to the Service.

For privacy questions or to exercise your rights, contact us at privacy@aijunkiesuniversity.com.

2. Information We Collect

Information you provide directly:

  • Account details (name, email address, password hash)
  • Profile information (avatar, bio, display name, social links you choose to add)
  • Payment information (collected and processed by Stripe; we receive limited card metadata such as last 4 digits and brand)
  • Communications you send (chat messages, posts, comments, course submissions, support tickets)
  • User-generated content (uploads, attachments, recordings, course materials)

Information we collect automatically:

  • Usage data (pages visited, features used, courses enrolled, RSVPs, time spent)
  • Device and connection data (IP address, browser type, device type, operating system)
  • Session data (login timestamps, geolocation derived from IP, last-active timestamp)
  • Cookies and similar technologies (see Section 8)
  • Fraud and abuse signals (VPN detection via IPQualityScore, Stripe Radar fraud signals, gamification anti-abuse pattern detection)
  • Email engagement (delivery, open, and click events from Resend for transactional emails)

Information from third parties:

  • OAuth provider data if you sign in with Google (your verified email and basic profile)
  • Affiliate referral attribution (the affiliate code that referred you, captured when you visit /join/<CODE>)

3. How We Use Your Information

We process personal information for the following purposes:

  • To provide, maintain, and operate the Service (legitimate interest / contract performance)
  • To process payments, prevent fraud, and manage subscriptions (contract performance / legal obligation)
  • To personalize content recommendations, discovery feeds, and AI coaching responses (legitimate interest)
  • To send transactional emails (welcome, payment receipts, password resets, event reminders) (contract performance)
  • To send marketing emails about new features and platform updates (consent — you may opt out at any time)
  • To enforce our Terms of Service, prevent abuse, detect fraud, and protect the Service and other users (legitimate interest / legal obligation)
  • To respond to legal requests, court orders, and law enforcement requests (legal obligation)
  • To compile aggregate, anonymized statistics about platform usage (legitimate interest)
  • To collect and respond to chargeback evidence under the Refund Policy (legitimate interest / legal obligation)

4. AI Processing

The Service uses third-party AI providers to power features including transcription, content embeddings, search, recommendations, AI coaching, and abuse moderation. Specifically:

  • Anthropic Claude — AI coaching chat completions
  • Google Gemini — content embeddings for search and recommendations
  • OpenAI Whisper — transcription of recorded live classes

Your User Content (posts, comments, chat, course submissions) and Teacher Content (recordings, lessons) may be sent to these providers as input. The providers are bound by their own data processing terms; we do NOT permit any of these providers to use your content to train their general-purpose foundation models. AI coaching conversations are stored within the Service to maintain context across sessions.

You can delete your AI conversation history from Settings at any time. Deleting your account removes all associated AI conversation history within 30 days.

5. How We Share Information

We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.

We share information only as follows:

  • Service providers — vendors who help us operate the Service (listed in Section 6)
  • Other users — your profile, posts, comments, and other contributions are visible to other Service users per your privacy settings and the room you posted in
  • Teachers and room moderators — instructors of rooms you join can see your participation, RSVPs, course progress, and engagement within their rooms
  • Affiliates — affiliates whose referral code attributed your signup may see anonymized commission status (referred email is NOT shown to the affiliate)
  • Legal compliance — we will disclose information when required by law, court order, or to respond to a valid legal process; in chargeback disputes we provide our forensic evidence package to Stripe and the disputing card issuer (per Refund Policy)
  • Business transfers — in connection with a merger, acquisition, sale of assets, or financing, your information may transfer to the acquirer subject to this Privacy Policy
  • With your consent — for any other purpose disclosed at the time of collection

6. Service Providers (Sub-Processors)

We rely on the following sub-processors to operate the Service. All are bound by data processing agreements and are required to maintain reasonable security measures.

  • Supabase — database, authentication, file storage
  • Vercel — web hosting and content delivery
  • Stripe — payment processing, fraud detection (Radar), affiliate payouts (Connect)
  • Cloudflare — CDN, video streaming (Cloudflare Stream), DDoS protection, real-time meeting infrastructure (RealtimeKit)
  • Resend — transactional email delivery
  • Twilio — SMS delivery for communications
  • Anthropic — AI coaching chat completions (Claude)
  • Google — AI embeddings (Gemini), OAuth identity verification
  • OpenAI — transcription (Whisper)
  • IPQualityScore — VPN/proxy/Tor detection at signup and checkout
  • Sentry — error monitoring and performance telemetry

An updated list of sub-processors is maintained at this URL. Material changes will be notified via in-app banner at least 30 days before taking effect.

7. Data Storage, Security, and International Transfers

Storage location. Personal information is stored on cloud infrastructure operated by Supabase, Vercel, and Cloudflare, primarily in the United States. By using the Service from outside the United States, you consent to the transfer of your information to the United States, which may have different data protection laws than your jurisdiction.

Security measures. We use industry-standard encryption in transit (TLS 1.2+) and at rest. Database access uses row-level security policies that scope data access to authorized users. Payment card data is handled exclusively by Stripe (PCI-DSS Level 1 compliant) and never touches our servers. Authentication uses bcrypt-hashed passwords plus optional OAuth and magic-link sign-in.

No security is perfect. Despite reasonable measures, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

Data breach notification.If we discover a security incident that may have compromised your personal information, we will notify you and any required regulatory authorities within the time periods required by applicable law (including GDPR's 72-hour notification rule where applicable).

8. Cookies and Similar Technologies

We use the following categories of cookies and storage:

  • Strictly necessary — session cookies for authentication, CSRF protection, and core platform functionality (cannot be disabled)
  • Functional — preferences such as theme, sidebar collapse state, and notification opt-ins
  • Analytics — aggregate usage data via Sentry and our own first-party analytics; no third-party advertising trackers are used
  • Affiliate attribution — the `aij_ref` cookie (60-day TTL) tracks the affiliate code that referred your signup, used to calculate commissions

You can manage browser cookies via your browser's settings. Blocking strictly necessary cookies will disable login. We respect the Global Privacy Control (GPC) signal where applicable.

9. Data Retention

We retain personal information as follows:

  • Active accounts — data is retained for the lifetime of your account
  • Deleted accounts — personal information is deleted within 30 days of account deletion request, except where retention is required by law (see below)
  • Payment records — retained for 7 years to comply with tax and accounting law
  • Chargeback evidence — retained for the longer of 2 years or the period required by Stripe and card-network rules
  • Backups — deleted data may persist in encrypted, access-restricted backups for up to 90 days before being purged on rotation
  • Logs — system logs (including IP addresses) are retained for up to 90 days for security and operational purposes
  • Aggregated and anonymized data — may be retained indefinitely, as it can no longer identify you

10. Your Privacy Rights

Depending on your jurisdiction, you may have some or all of the following rights:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to correct inaccurate or incomplete data
  • Deletion — ask us to delete your personal information (subject to legal retention requirements)
  • Portability — request a copy of your data in a structured, machine-readable format
  • Restriction — ask us to restrict processing in certain circumstances
  • Objection — object to processing based on legitimate interests, including for direct marketing
  • Withdraw consent — for processing based on consent (e.g., marketing emails)
  • Lodge a complaint — with your local data protection authority

To exercise any of these rights, manage what you can directly from Settings or email privacy@aijunkiesuniversity.com. We respond to verifiable requests within 30 days (extendable to 90 days for complex requests, with notice). We do not charge a fee for reasonable requests.

11. California Residents (CCPA / CPRA)

If you are a California resident, you have the additional rights described below.

Right to know. You may request the categories and specific pieces of personal information we have collected about you, the sources, the business or commercial purposes, and the categories of third parties with whom we share it.

Right to delete. You may request deletion of personal information we have collected from you (subject to legal exceptions).

Right to correct. You may request correction of inaccurate personal information.

Right to opt out of sale or sharing. We do not sell or share personal information for cross-context behavioral advertising. We honor the Global Privacy Control (GPC) signal.

Right to limit use of sensitive personal information. We do not use or disclose sensitive personal information beyond the purposes permitted under the CCPA without your consent.

Non-discrimination. We will not discriminate against you for exercising any of these rights.

To exercise these rights, email privacy@aijunkiesuniversity.com with “California Privacy Request” in the subject line. We will verify your identity using account information before fulfilling the request.

12. European Economic Area, UK, and Switzerland (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the rights described in Section 10 apply to you. The legal bases for our processing are noted alongside each purpose in Section 3.

International transfers. Your personal information is transferred to the United States. Where required by law, we rely on Standard Contractual Clauses (SCCs) and additional safeguards to protect your information during these transfers. Contact us for more details.

Supervisory authority. You have the right to lodge a complaint with your local data protection supervisory authority. A list of EU authorities is available at edpb.europa.eu.

13. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact privacy@aijunkiesuniversity.com and we will delete the information promptly.

14. Marketing Communications

We may send you marketing emails about new features, courses, and platform updates. You can opt out at any time by clicking the “unsubscribe” link in any marketing email or by updating your notification preferences in Settings. Opting out of marketing does not affect transactional emails (welcome, password reset, payment receipts, event reminders), which are part of the Service.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The version date is at the top of this page. Material changes will be communicated via in-app banner and email at least 30 days before taking effect (or immediately for legally required changes). Continued use after the effective date constitutes acceptance of the updated Policy.

16. Contact

For privacy questions, data subject requests, or to report a privacy concern: