Privacy Policy

Effective Date: May 27, 2026  ·  Last Updated: May 27, 2026

FirellySAT ("FirellySAT", "we", "us", "our") operates the Platform at firelly.in. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights as a user.

By using FirellySAT, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Platform.

Contact: firellysat@gmail.com  · Subject: Use "Privacy Request" in the subject line for any data rights requests.

1. Data Controller

The data controller for personal information collected through FirellySAT is the individual creator and operator of FirellySAT, reachable at firellysat@gmail.com. FirellySAT is operated from India. For users in the EU/EEA, this entity acts as the data controller within the meaning of the GDPR.

2. Personal Data We Collect

A. Account and Authentication Data (Server-Side)

When you sign in using Google Sign-In, Google provides us with the following information:

  • Your email address
  • Your full name (as registered with Google)
  • Your Google profile picture URL

This data is stored in a secure, server-side session (JWT token managed by NextAuth.js) and is used to identify your account and verify your Pro subscription status. We collect the minimum data necessary from Google and comply with the Google API Services User Data Policy. We do not use Google user data for advertising, profiling, or any purpose beyond authentication and service delivery.

B. Subscription and Payment Data (Server-Side)

If you subscribe to FirellySAT Pro, your payment is processed entirely by LemonSqueezy. We do not receive or store your credit card, debit card, or banking details. We receive from LemonSqueezy only: your email address, subscription status (active/cancelled), and subscription ID. This data is used to verify and maintain your Pro access. LemonSqueezy processes payment data under their own Privacy Policy.

C. Practice and Study Data (Browser Only — localStorage)

All practice data — including questions attempted, correct/incorrect answers, scores, notes, study plans, streak data, XP, and logbook entries — is stored exclusively in your browser's localStorage. This data never leaves your device unless you explicitly use an AI feature (see D below). We do not operate a practice data database. If you clear your browser storage or switch devices, this data is lost.

D. AI Feature Request Content (Transmitted to Third-Party AI)

When you use AI features (Mitra, AI explanations, AI study plan generation, or test image analysis), the content of your request — which may include practice question text, your answer, your performance data, and uploaded images — is transmitted to our AI service providers to generate a response. This content is processed by:

ProviderUsed ForTheir Privacy Policy
NVIDIA (integrate.api.nvidia.com)AI explanations, study plans, mentor, question generationNVIDIA Privacy
Hugging Face (router.huggingface.co)Fallback AI for all AI featuresHF Privacy

These providers process your request data under their own terms. Hugging Face does not retain inference payloads beyond the processing period. NVIDIA retains data per their Data Processing Addendum. We have Data Processing Agreements with both providers restricting use of your data to service delivery only.

E. Cookies and Session Data

FirellySAT uses session cookies managed by NextAuth.js for authentication. These cookies:

  • Are strictly necessary to keep you signed in
  • Do not track you across third-party websites
  • Do not contain advertising identifiers
  • Are deleted when you sign out or your session expires

We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.

F. Server Logs

Our hosting infrastructure may automatically collect standard server logs including IP addresses, browser type, pages accessed, and access timestamps. These logs are used solely for security, error diagnosis, and abuse prevention. They are not linked to your identity and are retained for a maximum of 90 days.

3. How We Use Your Data

We use your personal data only for the following purposes:

  • To create and maintain your account and verify your identity
  • To verify and deliver your Pro subscription features
  • To generate AI responses to your study questions and requests
  • To provide personalized study recommendations through Mitra
  • To process and manage your subscription billing through LemonSqueezy
  • To respond to your support requests and communications
  • To maintain security, detect fraud, and prevent abuse
  • To comply with legal obligations

We do not: sell your data, use it for behavioral advertising, build advertising profiles, share it with data brokers, or use it to train AI models.

4. Legal Basis for Processing (GDPR)

For users in the European Union/EEA, our legal bases for processing personal data are:

  • Contract performance (Art. 6(1)(b)): Processing your email and subscription status is necessary to provide the FirellySAT service you signed up for.
  • Legitimate interests (Art. 6(1)(f)): Server log data and security monitoring are processed based on our legitimate interest in maintaining a secure, functional service.
  • Legal obligation (Art. 6(1)(c)): Certain data may be retained to comply with applicable tax, legal, or regulatory obligations.

5. Data Retention

Data TypeRetention Period
Account data (email, name)While account is active + 90 days after deletion request
Subscription/Pro statusWhile subscription is active + 90 days (for billing disputes)
Practice data (scores, notes, plans)Browser only — deleted when you clear localStorage
AI request contentNot retained by us after response is delivered
Server logs / IP dataMaximum 90 days, then automatically deleted
Session cookiesUntil sign-out or session expiry

6. Data Sharing and Disclosure

We share personal data only in the following limited circumstances:

  • Service Providers: With LemonSqueezy (billing), NVIDIA (AI), and Hugging Face (AI) as described in Section 2, under Data Processing Agreements that restrict further use.
  • Legal Requirements: If required by law, court order, or valid government request, we may disclose data to comply with our legal obligations.
  • Safety: To protect the safety, rights, or property of FirellySAT, its users, or the public when we believe disclosure is reasonably necessary.

We do not sell your personal data. We do not share your data with advertisers, data brokers, or marketing platforms.

7. International Data Transfers

FirellySAT is operated from India. Our AI service providers (NVIDIA, Hugging Face) may process data on servers located in the United States or other countries outside your home jurisdiction. For users in the EU/EEA, such transfers are made under Standard Contractual Clauses or equivalent safeguards as required by GDPR Chapter V. For users in India, data may be transferred internationally in accordance with the Digital Personal Data Protection Act 2023.

8. Data Security

We implement appropriate technical and organizational security measures, including:

  • HTTPS encryption for all data transmitted between your browser and our servers
  • Secure JWT-based session management via NextAuth.js
  • API key authentication for all third-party service access
  • Server-side Pro status verification (cannot be bypassed by browser manipulation)
  • No storage of payment card data on our servers

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but commit to addressing identified vulnerabilities promptly.

9. Children's Privacy (COPPA)

FirellySAT is designed for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has registered, please contact us immediately at firellysat@gmail.com and we will delete the account and associated data promptly.

For users aged 13–17:

  • We collect only the minimum necessary data
  • We do not use behavioral profiling or targeted advertising for users under 18
  • We do not collect geolocation data or biometric data from minors
  • Parental consent is required for users under 13; use by 13–17 year olds requires parental review per our Terms

10. Your Data Rights (All Users)

Regardless of where you are located, you may:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we correct inaccurate data
  • Deletion: Request that we delete your account and personal data
  • Portability: Request your data in a commonly used format

To exercise any of these rights, email us at firellysat@gmail.com with the subject line "Privacy Request". We will respond within 30 days.

To delete practice data: Since all practice data is stored in your browser, you can delete it at any time by clearing localStorage. In your browser DevTools → Application → Local Storage — clear all entries prefixed with firellysat_.

11. EU/EEA Users — GDPR Rights

If you are in the European Union or EEA, you have the following additional rights under the General Data Protection Regulation (GDPR):

  • Right to restrict processing — request we limit how we use your data
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — where processing is consent-based, withdraw at any time
  • Right to lodge a complaint — with your national data protection authority

You also have the right to lodge a complaint with your national supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.

12. California Residents — CCPA/CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you the following rights:

  • Right to Know: What personal information we collect, use, disclose, and retain. Categories collected: identifiers (email, name), commercial information (subscription status), and internet activity (server logs).
  • Right to Delete: Request deletion of your personal information.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out: We do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Sensitive Personal Information: We do not collect sensitive personal information as defined by CPRA.

To submit a CCPA rights request, email firellysat@gmail.com. We will respond within 45 days.

13. India Residents — DPDP Act 2023

If you are a user in India, the Digital Personal Data Protection Act 2023 (DPDP Act) provides you with the following rights:

  • Right to access information about the personal data we process
  • Right to correction and erasure of inaccurate or outdated data
  • Right to grievance redressal — contact us at firellysat@gmail.com
  • Right to nominate another individual to exercise rights on your behalf

We process your personal data based on your free, specific, informed, and unambiguous consent provided at account creation. You may withdraw consent by deleting your account.

In the event of a personal data breach, we will notify affected users and the Data Protection Board of India (DPBI) within 72 hours of becoming aware of the breach.

14. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify affected users by email (to your registered address) and, where legally required, notify the relevant supervisory authority:

  • Within 72 hours of becoming aware of the breach (GDPR/India DPDP)
  • Without undue delay for US users where applicable state law requires notification
  • Notifications will describe the nature of the breach, data affected, and steps we are taking

15. College Board Questions — Important Note

Some practice questions on the Platform originate from College Board's publicly accessible SAT Suite Question Bank. These questions remain College Board's intellectual property. We do not transmit College Board copyrighted question content to AI systems. AI explanations, AI-generated questions, and AI mentor responses use only FirellySAT Original questions or paraphrased content — not verbatim College Board materials. College Board content is shown locally in your browser only.

16. AI-Generated Content Transparency

In compliance with applicable transparency regulations (including the EU AI Act, effective August 2, 2026, and FTC guidelines):

  • AI-generated explanations, study plans, and mentor responses are identified as AI-generated within the Platform
  • We do not represent AI-generated content as authored by human SAT experts unless explicitly reviewed by a qualified instructor
  • AI-generated content may contain errors and should not be the sole basis for academic decisions

17. Changes to This Privacy Policy

We may update this Privacy Policy as our Platform evolves or as required by law. Material changes will be communicated by updating the "Last Updated" date above and, where appropriate, by email to your registered address. Your continued use of FirellySAT after the effective date constitutes acceptance of the updated policy.

18. Contact Us

For any privacy-related questions, rights requests, or concerns:

Email: firellysat@gmail.com

Subject line: "Privacy Request"

Response time: Within 30 days (GDPR) / 45 days (CCPA) / 30 days (DPDP)

← Back to FirellySAT·Terms of Service