Privacy Policy
Last Updated: February 28, 2026
Table of Contents
- 1. Introduction
- 2. Information We Collect
- 3. How We Use Your Information
- 4. How We Share Your Information
- 5. Children's Privacy (COPPA)
- 6. Teen Users (Ages 13-17)
- 7. Your Privacy Rights
- 8. Cookies and Tracking
- 9. Data Security
- 10. Data Retention
- 11. Third-Party Links
- 12. AI and Automated Decisions
- 13. Changes to This Policy
- 14. Contact Us
- 15. U.S. State Privacy Laws
1Introduction
ACEPATH PTE. LTD. ("Acepath," "we," "us," or "our") operates the Acepath.AI platform at acepath.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.
By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree, please do not use the Service.
2Information We Collect
2.1 Information You Provide Directly
| Category | Examples |
|---|---|
| Account Registration | Name, email address, password, grade level, school name (optional) |
| Profile Information | Profile photo (optional), academic goals |
| Educational Content | Practice exam responses, essay submissions, uploaded photos of handwritten work |
| Payment Information | Billing name, address; we do not store full credit card numbers |
| Communications | Messages you send to our support team |
2.2 Information Collected Automatically
| Category | Examples |
|---|---|
| Usage Data | Pages visited, features used, exam sessions started/completed, time spent |
| Performance Data | Exam scores, answer patterns, error types, diagnostic results |
| Device Information | IP address, browser type and version, operating system, device type |
| Cookies & Tracking | Session cookies, preference cookies, analytics identifiers |
| Log Data | Access times, referring URLs, crash reports |
2.3 Information from Third Parties
- Single Sign-On Providers (e.g., Google, Apple): name and email
- Payment Processors: transaction status and billing information (not full card details)
- Analytics Partners: Aggregated usage statistics
3How We Use Your Information
| Purpose | Basis |
|---|---|
| Provide and operate the Service (AI grading, diagnostics, action plans) | Contract / Service delivery |
| Personalize your study experience | Legitimate interest / Contract |
| Process payments and manage subscriptions | Contract |
| Send service-related communications (receipts, updates, security alerts) | Contract / Legal obligation |
| Respond to support requests | Legitimate interest |
| Monitor and improve Service safety and security | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Analyze aggregate usage trends to improve the Service | Legitimate interest |
We do NOT:
- X Sell your personal information to third parties
- X Use your personal information for targeted behavioral advertising
- X Use your educational data to build advertising profiles
- X Use your personal User Content to train AI models without your separate, explicit consent
4How We Share Your Information
4.1 Service Providers
We share data with trusted third-party vendors who help us operate the Service, including:
- Cloud Infrastructure: For data storage and processing (e.g., AWS, Google Cloud)
- Payment Processors: For subscription billing (e.g., Stripe)
- Analytics: For understanding aggregate usage patterns
- Customer Support Tools: For managing support tickets
All service providers are contractually required to use your data only to perform services for us and to maintain appropriate security standards.
4.2 Legal Requirements
We may disclose your information when required by law, court order, or government authority, or to protect the rights, property, or safety of Acepath, our users, or the public.
4.3 Business Transfers
If Acepath undergoes a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
4.4 With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
4.5 Aggregate / De-identified Data
We may share aggregated or de-identified information (which cannot reasonably be used to identify you) with third parties for research, analytics, or product improvement purposes.
5Children's PrivacyCOPPA Notice
5.1 Children Under 13
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use the Service or provide any information to us.
5.2 If We Learn a Child Under 13 Has Used the Service
If we become aware that we have inadvertently collected personal information from a child under 13 without verified parental consent, we will:
- Promptly delete the account and all associated personal information
- Notify the parent/guardian if contact information is available
5.3 Parents and Guardians
If you are a parent or guardian and believe your child under 13 has created an account or provided us with personal information, please contact us immediately at privacy@acepath.ai. You have the right to:
- Review the personal information we have collected about your child
- Request correction of inaccurate information
- Request deletion of your child's personal information
- Refuse further collection or use of your child's information
We will respond to verifiable parent requests within 30 days.
6Teen Users (Ages 13-17)
For users between 13 and 17 years of age ("Teen Users"):
- We collect only the information necessary to provide the Service
- We do not use Teen Users' data for behavioral advertising
- We do not sell Teen Users' personal information
- Parents/guardians of Teen Users may contact us at privacy@acepath.ai to request access to, correction of, or deletion of their teen's account data
- Teen Users may delete their own accounts at any time through account settings
7Your Privacy Rights
7.1 All Users
Regardless of your location, you have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate personal information
- Deletion: Request deletion of your personal information, subject to certain exceptions
- Portability: Request your data in a machine-readable format
- Withdraw Consent: Where processing is based on consent, withdraw that consent at any time
To exercise these rights, contact us at privacy@acepath.ai.
7.2 California ResidentsCCPA / CPRA
If you are a California resident, you have the following additional rights:
- Right to Know: Disclose what personal information we collect, use, disclose, and sell
- Right to Delete: Request deletion of personal information we have collected
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. You may submit a request via our Do Not Sell or Share My Personal Information page
- Right to Limit Use of Sensitive Personal Information: Limit our use to what is necessary for providing the Service
- Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
To submit a California privacy request, email privacy@acepath.ai with subject line "California Privacy Request."
7.3 Users Outside the United States
Your information will be transferred to and processed in Singapore and potentially other countries where our service providers operate. We take steps to ensure appropriate safeguards are in place for international data transfers.
For users in the European Economic Area (EEA) or United Kingdom, additional rights under GDPR may apply. Please contact us at privacy@acepath.ai for more information.
8Cookies and Tracking Technologies
8.1 Types of Cookies We Use
| Type | Purpose | Can You Opt Out? |
|---|---|---|
| Essential Cookies | Required for the Service to function (login sessions, security) | No (required) |
| Preference Cookies | Remember your settings and preferences | Yes |
| Analytics Cookies | Understand how users interact with the Service (aggregate data) | Yes |
| Performance Cookies | Monitor Service performance and error tracking | Yes |
8.2 Managing Cookies
You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.
8.3 Do Not Track
Some browsers transmit "Do Not Track" signals. Because there is no consistent industry standard for responding to these signals, we do not currently alter our data collection practices based on them.
9Data Security
We implement appropriate technical and organizational security measures to protect your personal information, including:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS
- Encryption at rest: Sensitive data is encrypted in storage
- Access controls: Strict internal access controls limit who can access personal data
- Regular security reviews: We conduct periodic security assessments
- Incident response: We maintain procedures for responding to security incidents
No security system is impenetrable. While we strive to protect your data, we cannot guarantee absolute security.
10Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 3 years after deletion |
| Exam responses and study data | Duration of account + 1 year after deletion |
| Uploaded photos (handwritten work) | 30 days from upload, then automatically deleted |
| Payment records | 7 years (legal/tax requirement) |
| Support communications | 3 years |
| Server logs | 90 days |
When you delete your account, we will delete or anonymize your personal information within 30 days, except where required by law.
11Third-Party Links and Services
The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with.
12AI and Automated Decision-Making
12.1 AI-Assisted Grading
Our Service uses AI to grade exam responses, provide diagnostic feedback, and generate study recommendations. These AI-assisted outputs are based on your submitted content and performance data.
12.2 No Fully Automated Consequential Decisions
We do not make fully automated decisions with significant legal or similarly significant effects on users without human oversight.
12.3 AI Training
13Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Notify you by email at least 14 days before the changes take effect
- Post a prominent notice on our website
- Update the "Last Updated" date at the top of this policy
Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.
14Contact Us
For questions, concerns, or to exercise your privacy rights, please contact our Privacy Team:
15Supplemental Notice for U.S. State Privacy Laws
We comply with applicable U.S. state privacy laws including:
- COPPA (Children's Online Privacy Protection Act) - see Section 5
- CCPA/CPRA (California) - see Section 7.2
- SOPIPA (California Student Online Personal Information Protection Act): We do not use student data for advertising or sell student information
- FERPA (Family Educational Rights and Privacy Act): Where we operate as a service provider to educational institutions, we comply with FERPA's requirements for handling education records
- Virginia CDPA, Colorado CPA, and other state privacy laws: We honor equivalent rights for residents of these states
Privacy Team - Acepath.AI
Privacy: privacy@acepath.ai
Legal: legal@acepath.ai
Website: acepath.ai/privacy-policy
We aim to respond to all privacy requests within 30 days.