Privacy Policy
Effective Date: 18 March 2026
This Privacy Policy explains how the AI Confidence Program ("we", "us", "our"), operated by Gary Chen, collects, uses, and protects your personal information. We are committed to handling your data in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Information We Collect
Information you provide
- Google account information — When you sign in with Google, we receive your name, email address, and profile picture from your Google account.
- Payment information — When you purchase the Program, Stripe processes your payment. We do not store your credit card number, CVV, or full card details. Stripe provides us with a transaction ID, payment status, and the last 4 digits of your card for reference.
- Support communications — If you contact us, we retain your email address and the content of your message.
Information collected automatically
- Program usage data — Module progress, quiz scores, XP earned, badges unlocked, and completion status. This data is stored in Firebase Firestore and is used to deliver the Program experience.
- Purchase records — Stripe customer ID, payment amount, currency, and timestamp. Stored in Firebase Firestore for access verification.
2. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Deliver and grant access to the Program | Contract performance |
| Process payments and verify purchases | Contract performance |
| Track your learning progress and display achievements | Contract performance |
| Respond to support requests | Legitimate interest |
| Prevent fraud and unauthorized access | Legitimate interest |
| Comply with legal obligations (e.g., tax records) | Legal obligation |
We do not use your data for marketing emails, sell your data to third parties, or display advertising within the Program.
3. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Stripe | Payment processing | Email, payment details | stripe.com/privacy |
| Firebase Authentication | User sign-in | Google account info | firebase.google.com/support/privacy |
| Firebase Firestore | Data storage | User progress, purchase records | firebase.google.com/support/privacy |
| Google Sign-In | Authentication | Name, email, profile photo | policies.google.com/privacy |
| Netlify | Website hosting | IP address, access logs | netlify.com/privacy |
4. Data Storage and Security
Your data is stored on Google Cloud infrastructure (Firebase) and Stripe's secure servers. Both services use industry-standard encryption (TLS in transit, AES-256 at rest).
We implement reasonable security measures to protect your data, including:
- Firebase Security Rules restricting data access to authenticated users
- HTTPS encryption on all pages
- No storage of sensitive payment data on our servers
While we take reasonable steps to protect your data, no method of electronic storage is 100% secure. We cannot guarantee absolute security.
5. Data Retention
- Account and progress data — Retained for as long as you have access to the Program, or until you request deletion.
- Purchase records — Retained for 7 years as required by Australian tax law.
- Support communications — Retained for 2 years after the last communication.
6. Your Rights
Under the Australian Privacy Act and applicable law, you have the right to:
- Access your personal information we hold
- Correct inaccurate or outdated information
- Request deletion of your personal information (subject to legal retention requirements)
- Complain to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached
To exercise these rights, contact us via our Contact Support page.
7. International Users
If you are accessing the Program from outside Australia, your data may be transferred to and stored in Australia and the United States (where Google Cloud and Stripe infrastructure is located). By using the Program, you consent to this transfer.
For users in the European Economic Area (EEA) or United Kingdom, we process data based on the legal bases described in Section 2. You may also have additional rights under GDPR, including the right to data portability and the right to withdraw consent.
8. Cookies
The Program website uses only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or analytics cookies.
9. Children's Privacy
The Program is not intended for children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised effective date.
11. Contact
For privacy-related questions or to exercise your rights, contact us via our Contact Support page.
You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: oaic.gov.au
- Phone: 1300 363 992