MATHRA AI

Privacy Policy

TwentyThree Labs  ·  Android & iOS  ·  Effective: 8 March 2025

GDPR COPPA CCPA LGPD PIPEDA Australia Privacy Act
Operated By
Mirza Ahmad Baig  ·  TwentyThree Labs
Ringstr. 3, 76689 Karlsdorf-Neuthard, Germany  ·  legal@mathraai.com

Table of Contents

  1. 1 Who We Are
  2. 2 Data We Collect
  3. 3 How We Use Your Data
  4. 4 AI Providers & Sub-Processors
  5. 5 Data Storage & Security
  6. 6 International Data Transfers
  7. 7 Children's Privacy
  8. 8 Your Privacy Rights
  9. 9 Account & Data Deletion
  10. 10 Data Retention
  11. 11 Regional Compliance
  12. 12 Contact & Complaints
  13. 13 Policy Changes
This Privacy Policy explains how Mathra AI, operated by Mirza Ahmad Baig trading as TwentyThree Labs, collects, uses, stores, and protects your personal data when you use our mobile application on Android and iOS. By using Mathra AI, you agree to the practices described herein.
1

Who We Are — Data Controller

FieldDetails
Operator (Individual)Mirza Ahmad Baig
Trading NameTwentyThree Labs
Registered AddressRingstr. 3, 76689 Karlsdorf-Neuthard, Germany
Legal Contact Emaillegal@mathraai.com
App / Service NameMathra AI
PlatformsAndroid and iOS
2

Data We Collect

We collect the following categories of personal data:

CategoryData PointsPurposeLegal Basis (GDPR)
Account IdentityName, email, profile photoAccount creation & loginArt. 6(1)(b) — Contract
AuthenticationGoogle / Apple Sign-In tokenSecure third-party loginArt. 6(1)(b) — Contract
App ContentMath problems, AI solutions, session historyCore functionality & historyArt. 6(1)(b) — Contract
Camera / ImagesPhotos to scan math problemsOCR processing; not stored permanentlyArt. 6(1)(a) — Consent
Voice DataAudio of spoken problemsSpeech-to-text; transient processing onlyArt. 6(1)(a) — Consent
Device & TechnicalDevice model, OS, crash logsPerformance & bug fixingArt. 6(1)(f) — Legitimate Interest
Usage AnalyticsFeatures used, session durationApp improvementArt. 6(1)(f) — Legitimate Interest
Payment / BillingSubscription status (via Google Play / App Store)Subscription management; no card data stored by usArt. 6(1)(b) — Contract
3

How We Use Your Data

4

Third-Party AI Providers & Sub-Processors

Important: Your math problems are transmitted to third-party AI services for processing: Anthropic (Claude) and Google Gemini. We have Data Processing Agreements (DPAs) in place with each provider as required by GDPR Art. 28.
ProviderPurposePrivacy PolicyLocation
Anthropic (Claude)AI math processing (primary)anthropic.com/privacyUSA
Google (Gemini)AI math processing (fallback)policies.google.com/privacyUSA / EU
Firebase AuthenticationUser authenticationfirebase.google.com/support/privacyGlobal
Firebase AnalyticsUsage analytics & app improvementfirebase.google.com/support/privacyGlobal
Firebase CrashlyticsCrash reporting & diagnosticsfirebase.google.com/support/privacyGlobal
Firebase Cloud MessagingPush notificationsfirebase.google.com/support/privacyGlobal
RevenueCatSubscription managementrevenuecat.com/privacyUSA
Google Sign-InAuthenticationpolicies.google.com/privacyGlobal
Apple Sign-InAuthenticationapple.com/legal/privacyGlobal
Google Play BillingSubscriptions (Android)policies.google.com/privacyGlobal
Apple App StoreSubscriptions (iOS)apple.com/legal/privacyGlobal
5

Data Storage & Security

Your problem history and solutions are stored on our secure cloud servers to enable the History and Progress features. We implement the following safeguards:

6

International Data Transfers

As our AI providers are primarily based in the United States, your data may be transferred outside the EEA. We ensure such transfers comply with GDPR Chapter V through:

7

Children's Privacy — COPPA & GDPR Art. 8

Mathra AI is available to users of all ages, including children under 13. We comply with the U.S. Children's Online Privacy Protection Act (COPPA), EU GDPR Article 8, and equivalent global laws protecting minors.
8

Your Privacy Rights

RightDescriptionApplicable Law(s)
AccessRequest a copy of all personal data we hold about you.GDPR, CCPA, PIPEDA, LGPD
RectificationCorrect inaccurate or incomplete personal data.GDPR, LGPD, PIPEDA
ErasureDelete your account and all associated data within 30 days.GDPR, CCPA, LGPD
Data PortabilityReceive your data in a machine-readable format.GDPR, LGPD
RestrictionRestrict processing in certain circumstances.GDPR
ObjectionObject to processing based on legitimate interest.GDPR, LGPD
Withdraw ConsentWithdraw consent (camera, voice) at any time without affecting prior lawful processing.All Laws
Non-DiscriminationNot be discriminated against for exercising your privacy rights.CCPA (California)
Delete Account & DataIn-app one-tap deletion of your account and all associated data.All Jurisdictions

To exercise any right: legal@mathraai.com. We respond within 30 days (GDPR: up to 3 months for complex requests).

9

Account and Data Deletion

You can delete your account and all data at any time. In the app: Settings → Account → Delete Account. All personal data, problem history, and solutions will be permanently erased within 30 days. Anonymised analytics may be retained up to 90 days. You may also email legal@mathraai.com to request deletion.
10

Data Retention

Data TypeRetention PeriodReason
Account & profile dataDuration of account + 30 days after deletionService provision
Problem & solution historyDuration of account + 30 days after deletionCore feature
Camera / voice dataNot stored — transient processing onlyPrivacy by design
Usage analyticsUp to 24 months (anonymised)Service improvement
Crash / error logsUp to 12 monthsSecurity & bug fixing
Financial / subscription records7 yearsGerman tax law HGB §257
Legal hold dataAs required by applicable lawLegal compliance
11

Regional-Specific Compliance

EU & EEA — GDPR
  • Data Controller: Mirza Ahmad Baig, Ringstr. 3, 76689 Karlsdorf-Neuthard, Germany.
  • Supervisory Authority: Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW), or your local EU data protection authority.
  • As the operator is based in Germany, no separate EU representative is required.
  • Legal bases: Contract, Consent, Legitimate Interest, Legal Obligation — as detailed in Section 2.
USA — California (CCPA/CPRA)
  • We do not sell or share personal information for cross-context behavioural advertising.
  • California residents may request disclosure, deletion, and correction of personal data.
  • We do not discriminate against users for exercising CCPA rights.
  • Contact: legal@mathraai.com or use in-app Delete Account.
USA — COPPA (Children Under 13)
  • We obtain verifiable parental consent before collecting data from users under 13.
  • Parents may review, correct, and delete their child's data at any time.
  • We do not condition use of the app on disclosure of more data than necessary.
Brazil — LGPD (Lei 13.709/2018)
  • Brazilian users have all rights listed in Section 8 under LGPD.
  • Processing is based on consent, contract, and legitimate interest.
  • Contact: legal@mathraai.com for all LGPD requests.
Canada — PIPEDA
  • We collect only data necessary for stated purposes.
  • Canadian users may access and correct their personal information.
  • Unresolved complaints may be referred to the Office of the Privacy Commissioner of Canada.
Australia — Privacy Act 1988
  • We comply with the Australian Privacy Principles (APPs).
  • Complaints may be directed to the Office of the Australian Information Commissioner (OAIC).
12

Contact & Complaints

Contact MethodDetails
Email (primary)legal@mathraai.com
Postal AddressMirza Ahmad Baig, Ringstr. 3, 76689 Karlsdorf-Neuthard, Germany
In-AppSettings → Privacy → Contact Us
Response TimeWithin 30 days (GDPR: up to 3 months for complex requests)
13

Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via in-app notification and/or email at least 30 days before changes take effect. Continued use of the app after the effective date constitutes acceptance. The current policy is always available in the app under Settings → Privacy Policy.