Privacy Policy

1. Introduction

QBossAI, operated by Ariel Alcantara, is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our Platform at qbossai.com.

We aim to align our practices with applicable privacy regulations, including Mexico's LFPDPPP, GDPR principles for EEA users, and the CCPA where applicable.

2. Data We Collect

2.1 Information You Provide

• Account data: name, email address, password (stored as a secure hash)
• Payment data: processed entirely by Stripe — we never receive or store card numbers
• Study preferences: topics, language, weak areas
• Communications sent to coach@qbossai.com

2.2 Data Generated by Your Use

• Questions answered, scores, and accuracy per topic and LOS
• AI coach memory summaries (anonymized notes, not full transcripts)
• Session timestamps and study duration
• Estimated performance readiness calculations

2.3 Technical Data

• IP address (for rate limiting only — not stored long-term)
• Browser type and device info (collected by Cloudflare for security)
• Anonymized traffic analytics via Cloudflare

3. How We Use Your Data

• Provide and improve Platform features
• Personalize your study experience and AI coach responses
• Generate fully anonymous, aggregated benchmarking statistics
• Process payments and manage subscriptions via Stripe
• Send important account notifications and updates
• Comply with legal obligations

4. Legal Basis for Processing (GDPR)

For EEA users, we process personal data under the following lawful bases:

• Performance of a contract: to provide the Platform services you subscribed to
• Consent: for optional communications
• Legitimate interests: Platform security, fraud prevention, service improvement
• Legal obligations: tax and regulatory compliance

5. Data Storage and Security

Your data is stored in Supabase with servers in the United States. By using the Platform, you acknowledge this transfer. Security measures include HTTPS/TLS encryption, hashed passwords, rate limiting, origin validation, and Cloudflare DDoS protection.

We retain your data while your account is active plus 3 years for legal compliance. You may request deletion at any time.

6. Third-Party Service Providers

• Supabase (database) — supabase.com/privacy
• Anthropic, PBC (AI provider) — anthropic.com/privacy
• Stripe, Inc. (payments) — stripe.com/privacy
• Cloudflare, Inc. (hosting & security) — cloudflare.com/privacypolicy

7. Your Privacy Rights

Mexico (LFPDPPP) — ARCO Rights

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Cancellation: Request deletion of your data
• Opposition: Object to specific processing

European Users (GDPR)

• Right to data portability
• Right to restrict processing
• Right to withdraw consent
• Right to lodge a complaint with your local Data Protection Authority

California Users (CCPA)

• Right to know what data is collected
• Right to delete personal information
• Right to opt-out of sale (we do not sell data)
• Right to non-discrimination

To exercise any right, email coach@qbossai.com with subject "Privacy Request." We will respond within the timeframes required by applicable law.

8. Cookies

We use minimal browser localStorage for session management and preferences only. No advertising cookies or third-party tracking. Cloudflare may set security cookies strictly necessary for DDoS protection.

9. AI and Automated Processing

AI tools generate study content and performance analytics to support your learning. No automated decisions with legal or significant effects are made solely based on AI processing. Performance readiness indicators are educational approximations only.

10. Children's Privacy

The Platform is not intended for users under 18 or the age of majority in their jurisdiction. We will delete any data from minors immediately upon discovery. Contact coach@qbossai.com if you believe a minor has used the Platform.

11. Changes to This Policy

We will notify registered users by email at least 15 days before significant changes take effect.

12. Contact

Email: coach@qbossai.com
Website: qbossai.com
Data Controller: Ariel Alcantara — Toluca, Estado de México, Mexico