1. Introduction
Chalk ("we", "our", or "us") is an AI-powered educational application designed for Bangladeshi students. We are committed to protecting the privacy of our users, especially given that many of our users are minors (students in Classes 6 through 12).
This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data. By using the Chalk mobile application ("App"), you consent to the practices described in this policy.
Our commitment: We collect only the data necessary to provide educational services. We do not sell your personal data to third parties. We take extra care to protect the data of minor users.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Phone number — used for account verification via SMS OTP (one-time password).
- Name — displayed in your profile.
- Class level — your current grade (Classes 6 through 12).
- Medium — your medium of instruction (Bangla or English).
- Academic stream — Science, Commerce, or Humanities (for Classes 9-10 only).
- Profile photo (optional) — stored securely if you choose to upload one.
2.2 Chat and Usage Data
When you use the App, we collect:
- Chat messages — your questions and the AI-generated responses, stored per-book to maintain conversation context.
- Uploaded images — photographs of textbook pages, handwritten problems, or other educational materials that you submit for AI analysis.
- Search queries — the queries generated when the AI searches your textbook content for relevant answers.
- Daily usage metrics — the number of messages and photo uploads you use each day, used to enforce free and premium tier limits.
2.3 Payment Information
If you subscribe to a premium plan, we collect:
- Subscription plan and status — which plan you are on and its expiry date.
- Transaction records — transaction IDs, amounts, payment status, and payment method type.
We do not directly collect or store your credit/debit card numbers, bKash PINs, or other sensitive payment credentials. All payment processing is handled by SSLCommerz, our licensed payment gateway.
2.4 Device and Technical Data
- Push notification token — a device identifier used to deliver push notifications (e.g., subscription renewal reminders).
- Device platform — whether you are using iOS or Android.
- Theme preference — your light/dark mode setting, stored locally on your device.
2.5 Analytics Data
For service quality and cost management, we log:
- AI model used per request and token counts (for cost optimization).
- Response latency and performance metrics.
- Search result quality metrics.
This data is used in aggregate and is not used to build individual user profiles for advertising purposes.
3. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide AI-powered study assistance | Chat messages, images, class level, book selection |
| Authenticate your account | Phone number, OTP |
| Personalize your bookshelf | Class, medium, stream |
| Manage subscriptions and billing | Payment records, subscription status |
| Enforce usage limits | Daily message and image counts |
| Send important notifications | Push token, subscription status |
| Improve AI response quality | Anonymized and aggregated chat patterns |
| Monitor costs and performance | Analytics data (token usage, latency) |
| Display advertisements (free tier) | Non-personalized ad requests only |
4. How We Share Your Information
We share your data only with the following categories of service providers, and only to the extent necessary to operate the App:
4.1 AI Providers
OpenAI and Anthropic (Claude) receive your chat messages, conversation context, and uploaded images to generate educational responses. These providers process data according to their own privacy policies and data processing agreements. We do not send your name, phone number, or other personal identifiers to AI providers — only the content of your educational queries.
4.2 Infrastructure Provider
Supabase provides our database, authentication, and file storage services. Your account data, chat history, and uploaded images are stored on Supabase's infrastructure with encryption at rest and in transit.
4.3 Payment Processor
SSLCommerz handles all payment transactions. When you make a payment, SSLCommerz receives your name, phone number, and payment details. SSLCommerz is a licensed payment gateway regulated by Bangladesh Bank and maintains its own security and compliance standards.
4.4 Push Notifications
Expo Push Service delivers push notifications to your device. We share your device push token and notification content (e.g., subscription renewal reminders) with Expo's notification service.
4.5 Advertising
Google AdMob displays advertisements to free-tier users only. We have configured AdMob to serve non-personalized ads only, meaning no personal data or behavioral profile is used for ad targeting. Premium subscribers do not see any advertisements.
4.6 We Do Not Sell Your Data
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
5. Data Storage and Security
5.1 Where Data is Stored
- Server-side: Your data is stored on Supabase's cloud infrastructure with encryption at rest.
- On your device: Authentication tokens are stored in your device's secure storage (iOS Keychain / Android Keystore via Expo SecureStore). Chat history (up to 50 messages per book) is cached locally using AsyncStorage for offline access.
5.2 Security Measures
We implement the following security measures:
- All data transmitted between your device and our servers uses HTTPS encryption (TLS).
- Authentication tokens are stored in platform-native secure storage, not in plain text.
- JWT-based authentication with automatic token refresh.
- Database access is controlled through role-based permissions and row-level security.
- Payment data is handled entirely by SSLCommerz and never touches our servers.
5.3 Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Chat messages | Until you delete your account (free tier: 7 days of history accessible in-app) |
| Uploaded images | 90 days from upload, then automatically deleted |
| Transaction records | 3 years (legal and financial compliance requirements) |
| Analytics data | 12 months, then aggregated and anonymized |
| Push notification tokens | Until you uninstall the App or revoke permissions |
| Locally cached data | Until you clear app data or uninstall the App |
6. Children's Privacy
Chalk is designed for students in Classes 6 through 12, which includes minors (typically ages 11 to 17). We take the following additional measures to protect younger users:
- Minimal data collection: We collect only the data necessary to provide educational services. We do not collect email addresses, physical addresses, or unnecessary demographic information.
- No behavioral advertising: We serve only non-personalized advertisements. We do not create behavioral profiles of users for advertising purposes.
- No social features: The App does not include social networking, public profiles, or user-to-user communication features.
- Parental consent: Users under 18 must have permission from a parent or guardian to use the App. By permitting a minor to use Chalk, the parent or guardian consents to the collection and use of data as described in this policy.
- Data deletion: Parents or guardians may request deletion of their child's data at any time by contacting us.
For parents: If you believe your child has provided personal information without your consent, please contact us at support@chalk.bd and we will promptly delete the information.
7. Your Rights
You have the following rights regarding your personal data:
- Access: You can view your profile information and chat history within the App at any time.
- Correction: You can update your name, profile photo, and other profile details through the App's settings.
- Deletion: You can request complete deletion of your account and all associated data by contacting our support team. Upon receiving a deletion request, we will delete your data within 30 days, except where retention is required by law (e.g., transaction records).
- Data portability: You may request a copy of your data in a machine-readable format by contacting support.
- Withdraw consent: You can withdraw consent at any time by discontinuing use of the App and requesting account deletion.
- Notification opt-out: You can disable push notifications through your device's settings at any time.
8. Local Storage and Cookies
The Chalk mobile App does not use browser cookies. However, we use the following local storage mechanisms on your device:
- AsyncStorage: Used to cache chat history (up to 50 messages per book) for offline access, and to store your theme preference (light/dark mode). This data remains on your device and is not transmitted unless you sync your chat history.
- SecureStore: Used to store authentication tokens (access and refresh tokens) in your device's encrypted secure storage (iOS Keychain / Android Keystore). These tokens are never exposed to other apps.
9. International Data Transfers
While Chalk is designed for users in Bangladesh, some of our service providers (AI providers, cloud infrastructure) may process data in servers located outside Bangladesh. We ensure that all such transfers are subject to appropriate safeguards, including:
- Data processing agreements with our service providers.
- Encryption of all data in transit.
- Minimization of personally identifiable information shared with international providers (e.g., AI providers receive only educational query content, not personal identifiers).
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will:
- Update the "Effective Date" at the top of this page.
- Notify you through the App or via push notification for material changes.
Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: support@chalk.bd
We will respond to all privacy-related inquiries within 15 business days.