Privacy Policy

Last updated: 2026-05-26

1. Controller and Scope

OnePersonAI is operated from Japan as a paid digital research product. For privacy requests, contact legal@ailearngo.com. If a transaction is subject to Japan's Specified Commercial Transactions Act, operator details are handled through the legal disclosure page.

This policy covers OnePersonAI accounts, Google-only sign-in, Stripe payments, Supabase membership records, support email, refund requests, and legal disclosure requests. It is a practical privacy notice for the launch product, not legal advice.

2. Information We Collect

Account and sign-in data

Google OAuth email, Supabase user identifier, authentication session status, and the timestamps needed to keep your account working.

Payment and access records

Stripe customer, checkout session, payment status, amount, currency, refund status, and membership records needed to grant, remove, or correct paid access.

Support and legal requests

Messages you send to our support or legal email addresses, including refund requests, correction requests, disclosure requests, and attachments or receipts you choose to provide.

Security and technical logs

Limited server, hosting, authentication, webhook, and request logs such as timestamps, route paths, error states, IP address, browser or device metadata where processed by hosting, payment, or auth providers.

Analytics data when enabled

Google Analytics 4 page-view, referrer, device, browser, approximate location, and engagement metadata used to understand aggregate product usage.

We do not store full card numbers on OnePersonAI servers. Card details are handled by Stripe. When analytics is enabled, public page-view data is handled by Google Analytics 4 for aggregate product measurement.

3. How We Use Information

Provide the product

Authenticate users, attach paid access to the purchasing Google email, show the correct free or paid content, and maintain account status.

Process payments and refunds

Create Stripe Checkout sessions, verify successful payments, handle duplicate charges, process refunds, and keep records needed for disputes, accounting, and legal obligations.

Support and corrections

Reply to account, refund, legal disclosure, privacy, and research-correction requests, and keep a support history so the same issue can be resolved consistently.

Security and abuse prevention

Detect suspicious checkout, webhook, scraping, resale, account-sharing, or unauthorized-access behavior and maintain the integrity of the paid research database.

Product analytics

Measure aggregate traffic, page discovery, and conversion paths so we can improve the paid research database without selling personal information or running cross-context behavioral advertising.

Where a privacy law requires a legal basis, the main bases are contract performance, legitimate interests in operating and securing the product, legal obligations for payment, tax, dispute, and accounting records, and consent where a specific consent is requested.

4. Processors and Sharing

Stripe

Checkout, payment processing, receipts, refunds, card-network records, tax or billing features if enabled, and payment dispute handling.

Supabase

Google OAuth handling, authentication sessions, user identifiers, and membership database storage.

Google

Google sign-in, including the verified email returned through OAuth. Google is the only supported login provider for the MVP.

Google Analytics, when enabled

Aggregate traffic measurement, page-view analytics, referrer reporting, and basic engagement reporting for the public website.

Vercel and infrastructure providers

Hosting, deployment, security headers, serverless functions, request logs, and operational error logs.

Email provider

Receiving and replying to support, refund, privacy, and legal disclosure requests sent to OnePersonAI email addresses.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We may disclose limited information if required to comply with law, payment-network rules, chargeback or fraud processes, tax/accounting obligations, or a valid legal request.

5. Cookies

We use an essential HTTP-only session cookie for authentication so the site can keep you signed in and decide whether premium content should be shown. If analytics is enabled, Google Analytics 4 may use cookies or similar technologies to measure public page usage. Stripe Checkout, Google, Supabase, and hosting providers may use cookies or similar technologies on their own services. If OnePersonAI later adds advertising, remarketing, or broader non-essential tracking, the cookie notice and consent flow must be updated before launch in affected regions.

6. International Processing

OnePersonAI is operated from Japan and uses international providers. Your information may be processed in Japan, the United States, the EU/EEA, the United Kingdom, or other locations where our providers operate. For EU/EEA, UK, or similar transfer rules, we rely on the transfer mechanisms and data-processing terms offered by the relevant providers where required.

7. Retention

We keep membership and payment-reference records as long as needed to provide access, handle refunds, resolve disputes, maintain security, and satisfy accounting, tax, or legal obligations. Support messages are kept as long as needed to resolve the request and maintain a reasonable record of what was decided. Some provider logs are retained according to the provider's own security and operational schedules.

8. Your Privacy Rights

You can request access, correction, deletion, or a copy of account records by email. Depending on your country or region, you may also have rights to object, restrict processing, withdraw consent, request portability, or complain to a local data-protection authority. California privacy thresholds may not apply to this early launch product, but California users may still contact us with privacy requests. We will not discriminate against a user for making a privacy request.

We may need to verify the requesting email before changing or deleting records. We may retain limited payment, tax, dispute, fraud-prevention, or legal records when deletion is not legally or operationally appropriate.

9. Children

OnePersonAI is a business research product and is not directed to children. Do not use the service or purchase access if you are not old enough to enter into a digital-services contract in your location.

10. Security

We use provider-managed authentication, server-side membership checks, Stripe-hosted checkout, webhook signature verification, HTTP-only session cookies, and access controls around service-role credentials. No internet service can be guaranteed perfectly secure, but payment card numbers are not stored on OnePersonAI servers.

11. Contact

For privacy-related questions, access requests, correction requests, or deletion requests, email legal@ailearngo.com. For payment access or refund issues, email support@ailearngo.com.