Privacy Policy

Effective: 2026-05-21 · Back to Summit

Validation-phase draft. Summit is in an early validation phase with a small group of testers. This policy is honest about what we do today; it will be reviewed by a lawyer before broader pilot launch. Updates will be posted here with a new effective date.

Who we are

Summit is an AI tutoring service operated by Taylor Christensen (sole proprietor, based in Utah, USA). Contact for privacy questions or data requests: christensenharkerlearning@gmail.com.

What we collect

Account email — when you sign up via magic link.
Session content — the transcripts of your tutoring sessions (your messages and the AI's responses), plus any documents you upload as source material.
Usage data — token counts, session timestamps, system performance metrics. Used for cost tracking and debugging.
Server logs — IP address, request paths, error messages. Standard web hosting logs.
Credit balance and purchase history — how many credits you have, when you bought them, refund status.

What we do NOT collect

Payment card details. Card numbers, CVV, and expiry never touch Summit's servers. Stripe handles payment processing entirely on their PCI-DSS Level 1 certified infrastructure.
Identifiers we don't need. We don't ask for legal names, addresses, phone numbers, or government IDs.

Why we collect it

To provide the tutoring service, bill you for credits you purchase, debug problems when they arise, and improve the pedagogy through anonymized review of session patterns. Validation-phase research may include reading session transcripts to improve the AI's behavior. If you'd prefer your transcripts not be used for research, email the address above and we'll mark your account.

Third parties we share data with

Summit is a small operation built on a few standard providers. We share the minimum necessary data with each:

Stripe — payment processing. Receives your email + payment details you enter on their checkout page. We receive only their customer_id and payment_intent_id back. Stripe privacy policy.
Supabase — database hosting for accounts and session transcripts. Data is stored in the United States. Supabase privacy policy.
Anthropic — the AI inference provider (Claude). Session content is sent to Anthropic for the tutoring AI to respond. Anthropic does not use API content for training by default. Anthropic privacy policy.
Render — application hosting. Standard server logs (IP, request paths) are visible to Render's infrastructure. Render privacy policy.

How long we keep it

Account data and session transcripts are retained while your account is active. Server logs are retained for up to 30 days. Stripe retains payment records per their own policy (typically 7 years for compliance). If you delete your account, we delete your session content and credit balance from our database; Stripe payment records persist per their compliance requirements.

Your rights

Access — email us and we'll send you a copy of your data.
Deletion — email us and we'll delete your account, transcripts, and credit balance. Stripe payment records persist per their policy.
Correction — email us if any of your account data is wrong.
Opt-out of research — email us to mark your account "research opt-out" — transcripts will not be reviewed for pedagogy improvement.

Children

Summit is not designed for users under 13. We don't knowingly collect data from children. If you believe a child has signed up, email us and we'll remove the account.

Updates

We'll update this policy when our practices change. The effective date at the top will reflect the most recent update. Material changes (e.g. new third-party processors, broader data collection) will be communicated by email to active users.