Privacy and data handling

Review Your AI is currently operated as an early-stage individual project from Poland. If a registered business entity is created or becomes the operator, this policy will be updated.

For GDPR purposes, the Review Your AI operator is the data controller for personal data processed through Review Your AI, unless stated otherwise.

• General/support: support@reviewyour.ai

Review Your AI is a web service that helps developers practice reviewing, debugging, and improving AI-generated code. Users complete review challenges, submit findings, receive scores, and view explanations and feedback.

• Account data: email address, name, avatar, profile information, and authentication provider identifiers.
• Usage and progress data: completed challenges, scores, streaks, submissions, findings, timestamps, attempts, and product interactions.
• User submissions: review findings, explanations, comments, and other content you submit.
• Billing data: subscription plan, billing status, customer ID, invoices, and payment metadata. Payment card details are handled by providers such as Paddle or another checkout provider.
• Support data: emails, messages, support requests, and related communication.
• Technical and security data: IP address, device/browser data, session identifiers, logs, error reports, and security events.
• Cookies and local/session storage: data needed for login, security, preferences, and product functionality.
• Analytics data: only if analytics are enabled, and subject to any consent requirements.

• To create and manage accounts: performance of a contract.
• To provide the product: performance of a contract.
• To track progress, submissions, scores, and feedback: performance of a contract and legitimate interests in operating the service.
• To provide AI-assisted critique, semantic matching, hints, and feedback: performance of a contract where AI-assisted feedback is a core part of the service. For optional features, we may rely on consent or legitimate interests where appropriate.
• To process subscriptions and billing: performance of a contract, legal obligations, and legitimate interests in fraud prevention.
• To respond to support requests: performance of a contract, pre-contractual steps, or legitimate interests.
• To maintain security and prevent abuse: legitimate interests and, where applicable, legal obligations.
• To improve the product: legitimate interests, or consent where required for optional analytics/tracking.
• To comply with law and defend legal claims: legal obligations and legitimate interests.

Review Your AI may use OpenAI or similar AI providers to help generate post-submission critique, semantic matching, hints, scoring assistance, and feedback.

Data sent to AI providers may include challenge content, your submitted findings/explanations, scoring context, and related metadata. Do not submit secrets, passwords, confidential company code, or sensitive personal data.

AI feedback may be incomplete or incorrect. Human-authored challenge rubrics remain the intended source of truth for scoring and explanations.

We do not use your data for automated decision-making that produces legal or similarly significant effects about you. Scores are educational/training outputs.

We may share data with service providers needed to operate Review Your AI, including:

• Authentication: Clerk or a similar authentication provider
• Payments: Paddle or another checkout provider
• Hosting/database: cloud hosting and database providers
• Email and workspace tools: Google Workspace or similar tools
• AI providers: OpenAI or similar AI providers
• Analytics, if enabled: privacy-conscious analytics providers
• Legal, accounting, security, and support providers

Some providers may act as processors. Others, such as payment providers, may also act as independent controllers for parts of their services.

Where required, we enter into data processing agreements with our service providers.

We do not sell personal data.

Some providers may process data outside Poland, the EU, or the EEA. Where required, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses (SCCs), or equivalent mechanisms. For transfers to countries without an adequacy decision, we rely on SCCs or equivalent safeguards where required.

We keep data only as long as reasonably needed:

• Account, progress, and submission data: while your account is active, unless deletion is requested or longer retention is needed.
• Billing and tax records: for periods required by applicable accounting and tax law.
• Support messages: for a reasonable support/history period, such as up to 24 months, unless a longer period is needed.
• Security and technical logs: typically 30-180 days, unless needed for security, abuse prevention, or legal reasons.
• Backups: deleted according to backup rotation schedules.
• Aggregated or anonymized data: may be kept longer.

Subject to legal limits, you may have the right to:

• Access your personal data.
• Correct inaccurate data.
• Delete your data.
• Restrict processing.
• Object to processing based on legitimate interests.
• Receive a portable copy of your data.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a supervisory authority.

If the operator is established in Poland, the relevant supervisory authority is the Polish Personal Data Protection Office, UODO: https://uodo.gov.pl.

We may refuse or limit requests where permitted by law, including where requests are excessive or unfounded.

We use cookies and similar technologies, including session storage, that are necessary for login, authentication, security, preferences, and product functionality.

If we enable optional analytics, marketing cookies, or similar tracking, we will provide appropriate notice and consent controls where required.

We do not use non-essential cookies or tracking technologies without obtaining consent where required.

We use reasonable technical and organizational measures to protect personal data, including access controls, secure hosting practices, and monitoring. No online service can guarantee complete security.

Review Your AI is intended for developers and is not directed to children. We do not knowingly collect personal data from children under 16. Users under 16 should not use the service unless permitted by applicable law and, where required, with parent or guardian consent.

We may update this Privacy Policy as the product, providers, or legal requirements change. The updated version will show a new effective date.

For privacy questions or requests, contact the Review Your AI operator at support@reviewyour.ai.