Privacy Policy

Robitaille Programmation Inc. (“Company”, “we”, “us”, or “our”) operates AI 101 (“Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

1. Information We Collect

We collect information from you in the following categories:

1.1 Account Information

• Email address (used for authentication and communication)
• Password (cryptographically hashed; we never store or have access to your plaintext password)
• Full name (if provided during signup)
• Account creation timestamp

1.2 Professional Profile Information

During the onboarding process, we collect detailed professional information to personalize your learning experience:

• Job title and job description
• Industry
• Work tasks and responsibilities (specific tasks you want to automate or improve)
• Software and tools you use (e.g., Gmail, Slack, Excel, etc.)
• Professional goals
• AI experience level (beginner, intermediate, advanced)
• AI tools previously used
• Work categories
• Weekly schedule and learning pace preferences
• Onboarding conversation transcript (full text of your interaction with the AI coach)
• Onboarding duration

1.3 Uploaded Documents and Files

You may upload documents during onboarding or while using AI tools, including:

• PDF documents
• Microsoft Office files (Word, Excel, PowerPoint)
• Images (JPEG, PNG, GIF, WEBP)
• Text files, CSV, and JSON files

Important: Uploaded files are transmitted directly to third-party AI providers (Anthropic, OpenAI, Google) for processing. We do not permanently store your uploaded files on our own servers. Once transmitted to a third-party provider, file retention is governed by that provider’s data policies.

1.4 Course and Learning Data

• Course progress (lesson completion status, timestamps, current lesson)
• Time spent per lesson (in seconds)
• AI-generated course materials (personalized lesson content, slides, tutorials)
• Post-lesson feedback (ratings for relevance and difficulty, written comments)
• AI-generated adjustment notes (insights derived from your feedback to improve future lessons)

1.5 Conversation and Chat Data

When you use AI chat interfaces (ChatGPT, Claude, Gemini, Grok, Perplexity, Magic Tools):

• Full conversation histories (all messages sent and received)
• Conversation titles
• AI model used per conversation
• Timestamps
• Any files or images shared within conversations

1.6 Third-Party Account Connection Data (OAuth)

If you connect third-party accounts for AI Agent automations:

• Provider name (Google, Microsoft, Slack)
• Access and refresh tokens (encrypted at rest using AES-256-GCM encryption)
• Token expiration timestamps
• Scopes granted (specific permissions you authorized, such as email, drive, calendar access)
• Connection status

1.6.1 Google Scope-to-Feature Mapping and Data Use Commitments

If you connect Google, we request and use Google OAuth scopes as follows:

• https://www.googleapis.com/auth/gmail.readonly: Read message metadata/snippets so agents can summarize or triage inbox items you ask them to process.
• https://www.googleapis.com/auth/gmail.send: Send email drafts/actions you explicitly approve or configure.
• https://www.googleapis.com/auth/calendar.readonly: Read calendar events to check schedule context and availability.
• https://www.googleapis.com/auth/calendar.events: Create calendar events requested by your workflows.
• https://www.googleapis.com/auth/drive.readonly: List/read Drive file metadata or selected files used in your workflow steps.
• https://www.googleapis.com/auth/drive.file: Upload files your workflows create to your Google Drive.
• https://www.googleapis.com/auth/userinfo.email: Identify the connected Google account for routing and account safety checks.
• https://www.googleapis.com/auth/documents.readonly: Read Google Docs document content for workflow steps that analyze or summarize documents.
• https://www.googleapis.com/auth/documents: Create or append content to Google Docs documents in workflows you configure.
• https://www.googleapis.com/auth/spreadsheets.readonly: Read Google Sheets data for workflow steps that process spreadsheet content.
• https://www.googleapis.com/auth/spreadsheets: Create or update Google Sheets spreadsheets in workflows you configure.
• https://www.googleapis.com/auth/presentations.readonly: Read Google Slides presentations for workflow steps that process slide content.
• https://www.googleapis.com/auth/presentations: Create or update Google Slides presentations in workflows you configure.
• https://www.googleapis.com/auth/meetings.space.readonly: Read Google Meet conference history, participants, recordings, and transcript metadata for workflow steps.
• https://www.googleapis.com/auth/meetings.space.created: Create new Google Meet meeting spaces in workflows you configure.

Google API data is used only to provide user-facing features that you request inside the Service. We do not sell Google API data, and we do not use Google API data for advertising or retargeting.

Human access to Gmail/Drive/Calendar/Docs/Sheets/Slides/Meet content is restricted to narrowly scoped support or security troubleshooting, and only with your explicit request or consent when reasonably possible.

1.7 AI Agent Data

If you create and configure AI Agents:

• Agent name and instructions
• Execution schedule (cron expressions for recurring automations)
• Execution history and logs
• Agent status

1.8 Contact and Support Data

If you contact us through our support form, we collect:

• Name and email address
• Subject and message content
• IP address (for rate limiting and abuse prevention)

Support messages are delivered via email and are not stored in our database.

1.9 Automatically Collected Information

• Browser cookies (session tokens for authentication; see Section 6)
• Local storage data (UI preferences, temporary form data)

1.10 Analytics and Error Monitoring Data

We use the following third-party services for analytics, error monitoring, and advertising measurement:

• PostHog — Product analytics to understand how users interact with the Service. PostHog collects page views, feature usage events, and conversion events. Data is proxied through our servers.
• Sentry — Error monitoring and performance tracking. Sentry collects error reports, stack traces, browser metadata, and may collect IP addresses server-side for error correlation.
• Meta Pixel and Meta Conversions API — Advertising measurement and conversion tracking. These services collect hashed email addresses, IP addresses, browser user agent strings, and Meta-specific cookies (_fbc, _fbp) to measure advertising effectiveness. These tools may be used for remarketing purposes.

You may opt out of Meta tracking by using browser privacy settings or ad-blocking extensions. PostHog and Sentry are used for operational purposes and cannot be individually opted out of without discontinuing use of the Service.

2. How We Use Your Information

We use your information for the following purposes:

2.1 Service Delivery

• To create and manage your account
• To authenticate your identity and maintain session security
• To personalize your AI course based on your professional profile
• To generate customized lesson content, slides, and tutorials
• To provide AI chat and tool functionality
• To execute AI Agent automations on your behalf
• To track your course progress and learning outcomes

2.2 AI Processing

• To transmit your prompts, files, and context to third-party AI providers for processing
• To generate personalized course materials using AI models
• To analyze your feedback and adjust future lesson content
• To generate AI profile reports based on your onboarding data

2.3 Communication

• To respond to your inquiries and support requests
• To send service-related notifications (e.g., account security, Terms changes)

2.4 Service Improvement

• To improve the quality and functionality of the Service
• To identify and fix technical issues
• To develop new features

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share your information only in the following circumstances:

3.1 Third-Party AI Providers (Data Processors)

Your content is transmitted to the following AI providers for processing as an essential function of the Service. Each provider processes your data according to their own privacy policies:

3.2 Infrastructure and Service Providers

• Supabase, Inc. — Database hosting, user authentication, and file storage. All user data stored in our database is hosted by Supabase on cloud infrastructure.
• Vercel, Inc. — Application hosting and content delivery.
• Stripe, Inc. — Payment processing. Stripe receives your email address, subscription details, and payment method information to process transactions. Stripe’s handling of payment data is governed by its own privacy policy.
• Resend, Inc. — Transactional email delivery. Used to deliver support form responses and service-related notifications. Receives email addresses and message content.

3.3 Analytics and Monitoring Providers

• PostHog, Inc. — Product analytics. Receives page view events, feature usage events, and conversion-related data.
• Functional Software, Inc. (Sentry) — Error monitoring and performance tracking. Receives error reports, stack traces, and browser/server metadata for debugging.
• Meta Platforms, Inc. — Advertising measurement via Meta Pixel (browser-side) and Meta Conversions API (server-side). Receives hashed email addresses, IP addresses, user agent strings, and conversion events for ad performance measurement.

3.4 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request, or when we believe in good faith that disclosure is necessary to:

• Comply with applicable law or legal process
• Protect the rights, property, or safety of Robitaille Programmation Inc., our users, or the public
• Detect, prevent, or address fraud, security, or technical issues

3.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our Service of any such change in ownership or use of your personal information.

4. Data Storage and Security

4.1 Where Your Data Is Stored

• Primary database: Supabase cloud infrastructure (data centers located in the United States)
• Application hosting: Vercel global edge network
• Third-party AI providers: Data transmitted to AI providers is processed on their respective infrastructure, which may be located in multiple countries worldwide

By using the Service, you consent to the transfer of your data to the United States and other jurisdictions where our service providers operate.

4.2 Security Measures

We implement the following security measures to protect your data:

• Encryption in transit: All data transmitted between your browser and our servers uses HTTPS/TLS encryption
• Password security: Passwords are cryptographically hashed by Supabase using bcrypt; we never store or access plaintext passwords
• OAuth token encryption: Third-party access tokens and refresh tokens are encrypted at rest using AES-256-GCM encryption
• API key security: All third-party API keys are stored as server-side environment variables and are never exposed to the client
• Row-Level Security (RLS): Database policies ensure users can only access their own data
• Rate limiting: API rate limiting to prevent abuse
• Server-side authentication: All API routes verify user authentication before processing requests

4.3 Security Limitations

While we implement commercially reasonable security measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data. You acknowledge and accept the inherent security risks of providing information online and agree not to hold us responsible for any breach of security unless it is due to our gross negligence or willful misconduct.

5. Data Retention

5.1 Retention Periods

• Account data: Retained for the duration of your account and for a reasonable period thereafter for legal and business purposes
• Course data: Retained for the duration of your account. You may reset your course progress at any time, which deletes all course-related data (outline, lessons, progress, feedback)
• Conversation data: Retained for the duration of your account
• OAuth connection data: Retained until you disconnect the integration or delete your account
• Files uploaded to AI providers: Retention is governed by the respective AI provider’s data policies; we have no control over third-party retention

5.2 Data Deletion

You may delete your account directly from your account settings page, which will immediately initiate deletion of your account and associated data. Alternatively, you may request deletion by contacting us through our contact page. Upon deletion, we will:

• Delete your account and authentication credentials
• Delete your course data, progress, and feedback
• Delete your conversation histories
• Delete your professional profile information
• Revoke and delete stored OAuth tokens

Please note: We cannot delete data that has already been transmitted to and stored by third-party AI providers. You may need to contact each provider directly regarding their data deletion procedures. Additionally, we may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance).

If you disconnect Google from account settings, we attempt to revoke Google tokens upstream and remove locally stored Google OAuth tokens immediately during the same request (subject to temporary network/provider failures). On account deletion, token revocation/deletion is initiated immediately as part of the deletion workflow.

6. Cookies and Local Storage

6.1 Cookies

We use the following cookies, all of which are strictly necessary for the functioning of the Service:

In addition to the strictly necessary authentication cookies above, we use advertising and analytics cookies as described in Section 1.10. You can manage or block these cookies through your browser settings or ad-blocking tools.

6.2 Local Storage

We use browser local storage for the following purposes:

• UI preferences: Sidebar state, display settings
• Temporary form data: Form data stored temporarily before account creation
• User name: Stored locally for display purposes

Local storage data remains on your device and is not transmitted to our servers. You can clear local storage at any time through your browser settings.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

7.1 General Rights

• Access: You may request a copy of the personal information we hold about you
• Correction: You may request that we correct inaccurate or incomplete personal information
• Deletion: You may request deletion of your personal information, subject to legal retention requirements
• Portability: You may request your data in a structured, machine-readable format
• Withdrawal of consent: You may withdraw consent for data processing at any time by discontinuing use of the Service

7.2 Canadian Privacy Rights (PIPEDA)

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation (including Quebec’s Act respecting the protection of personal information in the private sector). You may:

• Access your personal information held by us
• Challenge the accuracy and completeness of your information
• Withdraw consent for the collection, use, or disclosure of your information (subject to legal or contractual restrictions)
• File a complaint with the Office of the Privacy Commissioner of Canada or the Commission d’accès à l’information du Québec

7.3 European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you may have additional rights under the General Data Protection Regulation (GDPR), including the right to:

• Object to processing of your personal data
• Restrict processing of your personal data
• Lodge a complaint with your local data protection authority

Our legal basis for processing your information is: (a) your consent, (b) performance of our contract with you (these Terms), and (c) our legitimate business interests.

7.4 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt out of the “sale” or “sharing” of your personal information (note: we do not sell your personal information)
• Non-discrimination for exercising your privacy rights

7.5 Exercising Your Rights

To exercise any of these rights, please contact us through our contact page. We will respond to verified requests within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

8. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information promptly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our infrastructure providers and AI service providers operate. These countries may have data protection laws that differ from the laws of your jurisdiction.

By using the Service, you explicitly consent to the transfer of your data to these jurisdictions. Where required by applicable law, we will ensure appropriate safeguards are in place for such transfers.

10. Do Not Track Signals

We do not track users across third-party websites beyond the advertising measurement tools described in Section 1.10. We do not currently respond to Do Not Track (DNT) browser signals.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party website or service you visit through links on our Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective upon posting the updated policy with a new “Effective Date.” We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

For material changes that significantly affect how we process your personal information, we will make reasonable efforts to notify you via email or a prominent notice on the Service.

13. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Robitaille Programmation Inc.
Privacy Inquiries
Email: Contact Form
Website: ai-101.com

For complaints regarding our privacy practices, Canadian residents may also contact:

Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: www.priv.gc.ca

Commission d’accès à l’information du Québec
525, boul. René-Lévesque Est, bureau 2.36, Québec (Québec) G1R 5S9
Telephone: 418 528-7741
Website: www.cai.gouv.qc.ca