Privacy Policy

Last updated: April 13, 2026

Ten Thousand AI ("the App") is an education app designed for teens and students ages 9 and older. Your privacy — and especially the privacy of young users — is extremely important to us. This policy explains what data we collect, why, and how we protect it.

1. Who We Are

Ten Thousand AI is developed by James Deng. For questions, contact us at tenthousandai@gmail.com.

2. Data We Collect

We collect: Email address (for sign-in and safety alerts), Display name & age (for personalization), Chat messages (for tutoring history), Photos of homework (sent to OpenAI for analysis), Subscription status (via Apple StoreKit), and Device ID (for session management).

3. Content Moderation & Safety

All messages and images are screened by OpenAI's moderation API (omni-moderation-latest) before being processed by the AI tutor. If content is flagged as inappropriate, it is blocked immediately. Flagged text messages are retained in our backend database solely for audit, moderation review, and debugging purposes. Flagged images are not stored. Guardian safety alert emails include only the flag category and timestamp — never the original text or image.

4. How We Use Your Data

• AI Tutoring: Messages and photos are sent to OpenAI's GPT-4o mini for educational responses.
• Safety: All content is screened via OpenAI's moderation API.
• Guardian Alerts: Email is used only for safety notifications.
• Personalization: Name and age adapt the tutor's language.

We do NOT use your data for advertising, profiling, or selling to third parties.

5. Third-Party Services

• Apple: Sign In with Apple and StoreKit for subscriptions
• Google: Google Sign-In for authentication
• Supabase: Backend database with encryption at rest
• OpenAI: AI tutoring and moderation
• Resend: Guardian safety alert emails

6. Young Users' Privacy (COPPA)

The App is designed for teens ages 9 and older. We take young users' privacy seriously: We collect only minimum necessary data. We do not serve ads or track users. We do not share data with third parties except for core functionality. Guardians can request data deletion. Content moderation protects young users. Parental consent is required for users under 18.

7. Data Retention & Deletion

• Chat history is retained as long as the account is active.
• Users can delete individual messages in the app.
• To request full account deletion, email tenthousandai@gmail.com. We will process within 30 days.

8. Data Security

• All communication uses HTTPS/TLS encryption.
• No API keys are stored in the app binary.
• Authentication tokens are managed by Supabase.
• Database storage uses encryption at rest.

9. No Tracking

The App does NOT use analytics, advertising, or tracking frameworks. We do not track users across other apps or websites.

10. Changes to This Policy

We may update this policy. The "Last updated" date will change. Continued use constitutes acceptance.

11. Contact Us

Email: tenthousandai@gmail.com