Privacy & Cookie Policy

Privacy Policy effective date: 28 March 2026. The Service includes our website at www.owliver.ai, our web application at app.owliver.ai, and related experiences (including distribution via Google Play where applicable).

TL;DR

Data usage: We collect information such as your email, profile and learning interests, and how you use Owliver. We use your prompts, interactions, and behaviour to operate and improve the Service.
Third-party generative AI: We do not send your personal learning content or prompts to third-party generative AI model providers (such as OpenAI or Anthropic) for their model training or inference as part of those providers’ public APIs. This is separate from using Google for Sign-In and Google Analytics, and from other service providers listed in this Policy, which may process limited technical or usage data as described below.
Age: Owliver is for users 13 and older only. If you are between 13 and 17, use the Service only with parental or guardian guidance. The Service is not for anyone under 13, as described in Section 2.

1. Introduction

This Privacy Policy explains how Owliver AI Labs Private Limited (“Owliver”, “Company”, “we”, “us”, or “our”) collects, uses, stores, and protects information when you access www.owliver.ai, app.owliver.ai, and related services (the “Service”), including when you sign in with Google or use our web or Android experience. By using the Service, you agree to these practices.

2. Age eligibility & minors

13 and older only: The Service is intended for users who are at least 13 years old. We do not knowingly offer the Service to children under 13 or knowingly collect personal data from them. If you are under 13, do not use Owliver. If you believe we have collected data from someone under 13, contact us at connect@owliver.ai and we will take steps to delete it.

Ages 13 to 17: If you are at least 13 but not yet 18, you may use the Service only with the knowledge, supervision, and guidance of a parent, guardian, or (where applicable) an educational institution.

3. Information we collect

Depending on how you use the Service, we may process the following categories of information.

3.1 Personal information you provide

Registration & profile: such as name, email address, phone number (if you provide it), username, grade level or course selections, learning interests, and related profile fields.
Account credentials: passwords and password-reset flows where applicable.
Communications: messages you send to us (e.g. support or feedback), which may be logged as communication records.

3.2 AI queries and user content

Learning & chat features: questions and prompts, answers, favourites, uploaded files or media (such as images or audio), and generated or displayed responses, as needed to provide tutoring, practice, study, and related features.

Internal processing: These interactions are processed to deliver the Service. We do not pass your personal data to third-party generative AI infrastructure providers (such as OpenAI, Anthropic, or similar model API providers) in the manner described in our TL;DR above. Processing may occur on our own or contracted secure infrastructure as described in Section 6.

Detailed retention, encryption, and server locations for specific content types depend on our backend configuration. For questions, contact connect@owliver.ai.

3.3 Google Sign-In

When you choose “Continue with Google”, Google authenticates you and provides an identity token to our application. We send that token to our servers to verify it with Google and to create or access your account. Data received typically includes identifiers and profile details Google makes available for sign-in (for example email and name), as permitted by your Google account and Google’s policies.

3.4 Session, cookies & device storage

We use browser local storage and a short-lived cookie (e.g. session token, approximately 24 hours, path /) to keep you signed in and to protect routes. We may use session storage for limited session flags.
See also our Cookie Policy below for how we use cookies and similar technologies.

3.5 Information collected automatically

Device & network: such as IP address, device type, browser type, and general usage patterns (including server and application logs).
Product analytics (PostHog): In production, we use PostHog to understand how the Service is used. This may include event data such as sign-in outcomes, navigation, feature usage (e.g. practice, study, chat metadata such as whether text, audio, or image was present and approximate lengths—not necessarily full message content in every event), and identifiers or profile fields associated with your account for analysis (e.g. email, username, name, country, course identifiers where applicable). Data may be processed in the United States or other regions as configured.
Google Analytics (GA4): We load Google Analytics to measure traffic and engagement. Google may use cookies and similar technologies; see Google’s documentation and privacy policy for how they process data.
Error monitoring & session replay (Sentry): We use Sentry to diagnose crashes and errors. Our configuration may include session replay for a sample of sessions (and more often when an error occurs), which can capture visual playback of interactions and on-screen content. Text and media masking may be limited, so sensitive information you type or display could appear in replay data sent to Sentry. We may also send performance traces, HTTP client diagnostics, console logs, and default personal data elements Sentry associates with error reports (such as IP or user context where enabled).

3.6 Installed web app (PWA)

If you install or use Owliver as a progressive web app, a service worker may cache assets to improve loading. That does not change the categories above but may store app shell files on your device.

4. How we use your information

We process your data for the following purposes, including the “specified purposes” described in applicable law where relevant:

Service delivery: provide, operate, and maintain accounts, personalization, learning features, and AI-assisted tools you request.
Service improvement: use behaviour, interactions, and prompts (subject to Section 3.2) to improve system performance, accuracy, and educational value.
Personalization: tailor the experience to your grade level, course, and stated interests.
Security & integrity: authenticate users, prevent fraud and abuse, debug issues, and protect the Service.
Analytics & diagnostics: measure usage and reliability using the tools described in Section 3.5.
Legal & compliance: comply with law, enforce our terms, and protect rights, safety, and integrity of users and the Service.

We do not sell your personal information. We do not use sensitive categories for discriminatory purposes.

5. Data retention

Account data: retained while your account is active and as needed thereafter to comply with law, resolve disputes, and enforce agreements.
Interaction logs: where we apply routine minimization, anonymized or deleted within 90 days of the session, unless a longer period is required for legal, security, or legitimate business purposes.
Deleted accounts: upon a verified request to delete your account, we aim to delete associated personal data within 30 days, subject to legal retention requirements.
Analytics & diagnostics: retained according to each provider’s settings (PostHog, Google Analytics, Sentry) and our configuration; contact us for more detail on specific categories.

6. Sharing of information

No sale of data: We do not sell your personal information.

Limited sharing: We share data with service providers who process it on our instructions under strict confidentiality, for example:

Google — Sign-In and Google Analytics, subject to Google’s terms and policies (this is separate from sending your chat or study prompts to a third-party generative AI product).
PostHog — product analytics.
Sentry — error reporting and session replay.
Infrastructure & service providers — hosting, databases, email, security, and other services that operate the Service.

As noted in Section 3.2, we do not share user data with external generative AI model API providers (such as OpenAI or Anthropic) in the manner described in our TL;DR.

We may disclose information if required by law, to respond to lawful requests, or to protect Owliver, our users, or the public.

7. Your rights

7.1 India — Digital Personal Data Protection Act, 2023 (DPDP)

Where the DPDP Act applies, you have the right to:

Access: request a summary of the personal data we hold about you.
Correction & erasure: request correction or deletion of your personal data, subject to legal exceptions.
Withdraw consent: where processing is based on consent, you may withdraw consent for future processing (this may affect availability of certain features).
Nominate: designate a person to exercise your data rights in the event of death or incapacity, as permitted by law.

7.2 EEA, UK, and Switzerland

Where GDPR-style laws apply, we rely on: contract (providing the Service you request); legitimate interests (security, analytics, product improvement, balanced against your rights); and, where required, consent (e.g. certain cookies or marketing, if offered). You may withdraw consent where processing is consent-based.

You may also have rights to access, portability, objection, and restriction under local law.

7.3 How to exercise rights

To exercise any applicable rights, email connect@owliver.ai. You may control cookies through your browser and Google’s ad or analytics settings where applicable.

8. International transfers

We and our providers may process data in India, the United States, and other countries. Where required, we use appropriate safeguards (such as Standard Contractual Clauses or equivalent mechanisms) for transfers from the EEA, UK, or Switzerland.

9. Grievance redressal

If you have questions or concerns, contact our Grievance Officer:

Grievance Officer: Priyanka Priya
Address: Brigade Cosmopolis, Whitefield, Bangalore, Karnataka, 560066, India
Email: connect@owliver.ai

Timeline: We will acknowledge your grievance within 72 hours and aim to resolve it within 30 days.

10. Security

We implement commercially reasonable technical and organizational safeguards designed to protect personal data. No method of electronic transmission or storage is completely secure.

11. Third-party links

The Service may link to third-party sites or embed third-party content. Their practices are governed by their own policies.

12. Governing law

This Privacy Policy is governed by the laws of India. Subject to mandatory rights you may have in your own country, disputes shall be subject to the jurisdiction of the courts in New Delhi, India.

13. Changes

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the effective date. For material changes, we may provide additional notice (e.g. in-app or email) where appropriate.

Google APIs & Sign-In. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.