Skip to content
Square1 Ai
Back to home

Legal

Privacy Policy

Last updated: June 2026

1. Who we are

Square 1 AI ("we", "us", "our") operates the Square 1 AI learning platform available at square1.ai. We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and applicable privacy laws.

For privacy matters, contact us at: privacy@square1.ai

2. What data we collect

  • Email address — used to authenticate you via magic link (OTP). Required to use the platform.
  • Name — optional, used to personalise your experience and reports.
  • Assessment responses — your answers to assessment questions, used to generate your skill report and personalised learning plan.
  • Lesson progress — which lessons, exercises, and projects you have completed, used to track and adapt your curriculum.
  • Consent timestamp — the date and time you agreed to this policy, stored for our GDPR records.

3. How we use your data

  • To authenticate you and keep your account secure.
  • To personalise your learning experience and generate skill reports.
  • To track your progress and adapt the curriculum to your level.
  • To provide AI-powered grading and feedback on your exercises and projects (responses are processed by Claude AI; no data is used to train AI models).
  • To comply with our legal obligations.

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in section 5.

4. Legal basis (GDPR)

We process your data under the following legal bases:

  • Contract performance — processing necessary to provide the service you signed up for.
  • Consent — where you have given explicit consent (e.g., at account creation).
  • Legitimate interests — for security monitoring and platform improvements, balanced against your rights.

5. Data storage and security

  • Data is stored on Supabase, a PostgreSQL-based platform with encryption at rest and TLS in transit.
  • EU server regions are available. Contact us to request EU-only hosting.
  • We use row-level security (RLS) policies so each user can only access their own data.
  • AI grading is performed via the Anthropic API. Responses are not stored by Anthropic or used to train models under their API terms.

6. Your rights (GDPR)

You have the following rights regarding your personal data:

  • Right of access — request a copy of all data we hold about you.
  • Right to rectification — correct inaccurate data.
  • Right to erasure ("right to be forgotten") — request deletion of your account and all associated data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — withdraw consent at any time without affecting prior processing.

To exercise any of these rights, email privacy@square1.ai. We will respond within 30 days.

7. Cookies

We use essential cookies only. These are required for authentication (keeping you signed in) and are set by Supabase's authentication library.

We do not use:

  • Analytics cookies (no Google Analytics, no Mixpanel)
  • Advertising or tracking cookies
  • Third-party cookies

8. Data retention

We retain your data for as long as your account is active. If you request deletion, we will remove all personal data within 30 days, except where retention is required by law.

9. Changes to this policy

We may update this policy from time to time. We will notify you by email of any material changes. Continued use of the platform after notification constitutes acceptance of the updated policy.

10. Contact

For privacy questions or to exercise your rights: privacy@square1.ai

You also have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or your national DPA in the EU).