Privacy Policy
Last updated: June 9, 2026
This Privacy Policy explains how [Company Legal Name] ("Vestl", "we", "us")
collects, uses, and protects information when you use the Vestl mobile and web
application (the "App"). By using the App you agree to this Policy. If you do not
agree, please do not use the App.
We designed Vestl to be private by default: it runs fully on your device in
guest mode with no account, and only sends data to our servers when you sign in
or turn on a feature that needs them.
1. Who we are
Vestl is an educational app that turns a goal you type into an AI-generated,
gamified course. The data controller responsible for your information is:
> [Company Legal Name]
> [Registered Address]
> Contact: privacy@learnwithvestl.com
If you are in the EEA/UK and we are required to have a representative or Data
Protection Officer, their contact is [DPO / EU Representative contact].
2. Information we collect
We collect only what the App needs to work. What we collect depends on how you
use it.
a. Information you provide
- Account details (registered users only): your email address and a password,
handled by our authentication provider. Guests have no account and provide
no email.
- Profile details: a display name and avatar you choose, and your daily goal.
- Learning goals you type: the topics and goals you enter to generate a
course (e.g. "real estate investing", "Chinese for a business trip"). This text
is sent to our AI provider to create your course (see Section 4).
- Family / child profiles (Family plan): if you are a parent, the profiles you
create for your children — a nickname, an avatar, and an age band only. See
Section 7.
b. Information created as you learn
- Progress and gamification: lessons completed, scores, XP, streaks, levels,
skill mastery, certificates, and your spaced-review schedule.
- Generated content: the courses and lessons created for you.
- Referrals: a referral code and, if you invite someone, a record linking the
invite to your account.
c. Information collected automatically
- Purchases: if you subscribe, our payments provider and the app store process
the transaction. We receive your subscription status and a transaction ID —
never your full card number.
- Diagnostics (adults only, when enabled): if a crash or error occurs we may
collect technical data (device model, OS version, error details) through our
monitoring provider to fix bugs. **We do not collect diagnostics during Kids
mode** (see Section 7).
- Push token: if you enable notifications, a device push token so we can send
reminders.
We do not collect precise location, contacts, photos, or browsing history,
and we do not use third-party advertising or tracking SDKs.
3. How we use information
We use information to:
- provide and operate the App (generate courses, save progress, sync across your
devices);
- personalize your learning (difficulty, focus, language);
- process subscriptions and prevent fraud/abuse;
- send notifications you have asked for;
- fix bugs and improve reliability (adults only);
- comply with law and enforce our Terms.
Legal bases (EEA/UK). Where GDPR applies, we rely on: **performance of a
contract (to provide the App and your account), consent** (notifications,
diagnostics, and any optional features — withdrawable at any time), **legitimate
interests** (securing the App, preventing abuse, basic product improvement), and
legal obligation where applicable.
We do not sell your personal information, and we do not use it for
behavioral advertising.
4. AI-generated content
Vestl creates courses and lessons using third-party AI models. When you generate
a course, the topic and context you type (and the course structure) are sent
to our AI provider through our own secure server function to produce the content.
- We instruct our AI provider not to use your inputs to train their models,
to the extent their service offers that option.
- AI output can be inaccurate or incomplete. It is provided for education only
and is not professional, medical, legal, or financial advice. See the Terms.
- Please do not enter sensitive personal information into the goal field.
5. How we share information
We share information only with service providers ("sub-processors") who help us
run the App, under contracts that require them to protect it. These include:
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Database, authentication, hosting, server functions | Account, profile, progress, family data |
| OpenAI | Generating course/lesson content | The goal/topic text and course context you submit |
| RevenueCat | Subscription management | Subscription status, transaction IDs |
| Apple / Google | App stores & payments | Purchase processing, push delivery |
| Expo | Push notification delivery | Push token, notification content |
| Sentry | Crash/error diagnostics (adults only) | Technical error data — never for child sessions |
We may also disclose information if required by law, to protect rights and safety,
or in connection with a merger or acquisition (with notice where required).
A current list of sub-processors is available on request at privacy@learnwithvestl.com.
6. Data retention, security, and international transfers
- Retention. We keep your data while your account is active. If you delete your
account, or a guest reinstalls the App, the associated data is deleted or
irreversibly de-identified, except where we must retain records by law (e.g.
transaction records, proof of parental consent).
- Security. We use encryption in transit, access controls, and row-level
security so each account can only reach its own data. No system is perfectly
secure, but we work to protect your information.
- International transfers. Our providers may process data in the United States
and other countries. Where required, we use appropriate safeguards (e.g. EU
Standard Contractual Clauses) for cross-border transfers.
7. Children's privacy (please read — for parents)
Vestl is built so that children's data stays minimal and private. Vestl is
not directed to children under 13 for independent use. A child may use Vestl
only through a child profile created and controlled by a parent or guardian
on the Family plan.
What we collect for a child: only a nickname, an avatar, and an age band
that the parent chooses, plus the child's learning progress (XP, lessons,
streaks, current course). We do not collect a child's real name, email,
birth date, photo, precise location, or contacts.
Verifiable parental consent. Before a child profile is active, the parent
must create it from their own verified account and consent to it. We treat the
parent's account and paid subscription as the verifiable-consent mechanism and
keep a record of that consent.
How we use a child's data: only to provide the learning experience and to
let the parent monitor progress. We do not:
- show third-party advertising to children;
- use behavioral or cross-app tracking;
- send child-session diagnostics to any third party (monitoring is disabled in
Kids mode);
- sell or share children's personal information.
Parental rights. A parent can, at any time, from the Family dashboard:
- review the information in their child's profile;
- delete the child profile and its data; and
- revoke consent, which stops further collection.
To exercise these rights or ask questions about a child's data, contact
privacy@learnwithvestl.com. We respond to verified parental requests promptly.
If you believe a child has provided us personal information without parental
consent, contact us and we will delete it.
*This section is intended to align with the U.S. Children's Online Privacy
Protection Act (COPPA) and the UK/EU children's data rules. It must be confirmed
by counsel before launch.*
8. Your rights and choices
Depending on where you live, you may have the right to **access, correct, delete,
or export your personal information, to object to or restrict** certain
processing, and to withdraw consent.
- In-app controls: you can edit your profile, reset your progress, manage
notifications, and (parents) delete child profiles directly in the App.
- California (CCPA/CPRA): we do not "sell" or "share" personal information as
those terms are defined. You may request to know, delete, or correct your data,
and we will not discriminate against you for exercising these rights.
- Requests: email privacy@learnwithvestl.com. We will verify your identity before
acting and respond within the timeframe required by law.
9. Changes to this Policy
We may update this Policy as the App evolves. If we make material changes, we will
update the "Last updated" date and, where appropriate, notify you in the App. Your
continued use after a change means you accept the updated Policy.
10. Contact us
Questions or requests? Contact us at privacy@learnwithvestl.com or by mail at
[Company Legal Name], [Registered Address].