Privacy Policy

This Privacy Policy ("Policy") describes how Campbell Turner ("we," "us," or "our") collects, uses, processes, and shares personal information when you access or use EarnAI (the "Service"), our AI-powered side hustle coaching application.

This Policy applies to all users of the Service, regardless of how you access it. By using the Service, you agree to the collection and use of information as described in this Policy. If you do not agree with any part of this Policy, please discontinue your use of the Service.

We are committed to:

• Collecting only the information necessary to provide the Service.
• Being transparent about what we collect and how we use it.
• Never selling your personal data to third parties.
• Giving you meaningful control over your data.
• Complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Union and United Kingdom, and the California Consumer Privacy Act (CCPA) for California residents.

We collect the following categories of information:

a) Profile and Onboarding Information

When you complete the onboarding process, you provide us with information including your name (or pseudonym), your current employment situation, age range, income goals, available time, skills, preferred hustle types, and outreach comfort level. This information is used to personalize the AI-generated content you receive.

b) Usage Data

We collect data about how you interact with the Service, including the number of AI generations you have requested, your current subscription plan, usage reset dates, plans you have saved, scripts you have copied, your daily usage streak, and your general activity within the app. This data is currently stored in your browser's local storage and is not transmitted to our servers unless you have an account.

c) Account Information (if applicable)

If account registration is introduced in the future, we may collect your email address, display name, and a hashed (encrypted) version of your password. We will never store passwords in plain text. We will never have access to your plain-text password.

d) Payment Information

All payment processing is handled entirely by Stripe, Inc. When you make a purchase, you enter your payment information directly into Stripe's secure payment interface. We never see, store, process, or have access to your full credit card number, debit card number, CVV/security code, or other sensitive payment credentials. We only receive a confirmation from Stripe indicating the success or failure of a transaction, along with a non-sensitive customer and subscription identifier.

e) AI Interaction Data

The prompts you submit to the AI coach and the responses generated may be logged for the purposes of debugging, quality assurance, and service improvement. We handle such data in accordance with our data sharing practices described in Section 6. We do not use your personal AI conversations for targeted advertising.

f) Device and Technical Data

When you use the Service, we and our third-party service providers (such as hosting providers and analytics tools) may automatically collect certain technical information, including your IP address, browser type and version, operating system, device type, referring URLs, and general geographic region (derived from IP address). This information is used to operate and improve the Service and is not used to identify you personally.

We use the information we collect for the following purposes:

• To provide and operate the Service: Generating personalized AI plans, scripts, and coaching responses based on your profile; tracking your usage against plan limits; storing your saved ideas and streak data.
• To improve the Service: Analyzing aggregated, anonymized usage patterns to understand how users interact with the Service and to identify areas for improvement; improving the quality and relevance of AI-generated outputs.
• To manage your account and subscription: Processing payments through Stripe; managing your subscription status; communicating important account-related information such as payment confirmations, plan changes, and billing notifications.
• To communicate with you: Responding to your support requests or inquiries; sending important notices about changes to the Service, these policies, or your account. We will never send you unsolicited marketing emails (spam).
• To protect the Service and enforce our Terms: Detecting and preventing fraud, abuse, security incidents, and violations of our Terms of Service; enforcing usage limits and access controls.
• To comply with legal obligations: Complying with applicable laws, regulations, legal processes, and lawful governmental requests.

We will not use your personal information for any purpose that is materially different from those described above without first obtaining your consent.

All payment processing for paid subscriptions and one-time purchases is handled exclusively by Stripe, Inc., a PCI-DSS Level 1 compliant payment processor.

When you make a purchase:

• You enter your payment information (credit card, debit card, or other supported payment method) directly into a payment interface hosted and operated by Stripe.
• We never see, receive, store, or process your full card number, CVV/security code, bank account details, or other sensitive financial credentials.
• Stripe provides us with a tokenized representation (a non-reversible identifier) of your payment method and confirmation of transaction outcomes.
• We store your Stripe customer ID and subscription ID to manage your subscription status and billing history.

By making a purchase, you also agree to Stripe's Privacy Policy, available at stripe.com/privacy, and Stripe's Terms of Service. Stripe's privacy practices govern all payment data and are independent of this Policy.

Stripe may collect additional data from you as required by financial regulations, including for fraud prevention, identity verification (KYC), and compliance with anti-money laundering (AML) laws.

We do not sell your personal data to anyone, ever. We do not rent, trade, or share your personal information for third-party marketing purposes.

We share your information only in the following limited circumstances:

• Stripe (payment processing): We share necessary information with Stripe to facilitate payment transactions, manage your subscription, and comply with financial regulations. This sharing is essential to the operation of the paid Service.
• AI providers (content generation): Your prompts and profile data are transmitted to third-party AI model providers (such as Anthropic, PBC) to generate personalized content. We transmit only the information necessary for generation. We do not transmit information that could directly identify you (such as your email address) to AI providers for generation purposes.
• Infrastructure and hosting providers: We use third-party hosting and cloud infrastructure providers to operate the Service. These providers may have access to data as necessary to provide their infrastructure services, and are bound by data processing agreements that restrict their use of your data.
• Legal requirements: We may disclose your information to law enforcement agencies, courts, regulators, or other government authorities if required to do so by applicable law, regulation, legal process, or governmental request, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of us, our users, or the public.
• Business transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and your rights with respect to the transfer.

In all cases where we share data with third parties, we require those parties to maintain appropriate security measures and to use the shared data only for the purposes for which it was shared.

We retain your personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

• Account and profile data: Retained for as long as your account is active or as long as you continue to use the Service. Currently, profile and usage data is stored in your browser's local storage, which persists until you clear your browser data or use the "Reset & start over" feature within the app.
• AI interaction logs: Any server-side logs of AI prompts and responses are retained for a limited period (typically 30–90 days) for debugging and quality assurance purposes, after which they are automatically deleted or anonymized.
• Payment records: Transaction records, invoices, and payment history are retained for as long as required by applicable financial and tax laws, typically a minimum of 7 years.
• Technical and server logs: IP addresses and technical log data are typically retained for 30–90 days for security and operational purposes.

Account Deletion: You may request the deletion of your account and associated personal data at any time by contacting us at supportearn.ai@gmail.com. Upon receiving a verified deletion request, we will remove your personal data from our active systems within 30 days, subject to retention requirements for legal and financial compliance purposes described above. Anonymized or aggregated data derived from your usage that cannot be linked back to you individually will not be deleted.

Depending on where you live, you may have certain rights with respect to your personal information. We are committed to honoring these rights regardless of your location.

Rights Available to All Users

• Right to Access: You have the right to request a copy of the personal information we hold about you.
• Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
• Right to Deletion: You have the right to request that we delete your personal information, subject to certain legal exceptions.
• Right to Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another service.
• Right to Object / Opt Out: You have the right to object to certain processing of your personal data, including for direct marketing purposes (which we do not currently engage in).

Additional Rights for EU/UK Residents (GDPR)

If you are located in the European Union or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR, including:

• The right to withdraw consent to processing where processing is based on consent.
• The right to restriction of processing in certain circumstances.
• The right to lodge a complaint with a supervisory authority (data protection authority) in your country or region.

Our legal basis for processing your personal data is primarily: (i) the performance of a contract (providing the Service you requested); (ii) legitimate interests (improving the Service, preventing fraud); and (iii) compliance with legal obligations.

Additional Rights for California Residents (CCPA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and its amendment the CPRA:

• The right to know what personal information we collect, use, disclose, and sell (we do not sell personal information).
• The right to delete your personal information.
• The right to opt out of the sale or sharing of your personal information (we do not sell or share your personal information for cross-context behavioral advertising).
• The right to non-discrimination for exercising your CCPA rights.
• The right to correct inaccurate personal information.
• The right to limit the use of sensitive personal information (we do not collect sensitive personal information as defined by CCPA).

To exercise any of these rights, please contact us at: supportearn.ai@gmail.com. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before fulfilling certain requests. We will not charge a fee for making a request unless it is excessive or repetitive.

The Service is not directed to, intended for, or designed to attract children under the age of 13. We do not knowingly collect personal information from children under the age of 13 (or under 16 in jurisdictions where a higher age threshold applies under applicable law).

If you are a parent or guardian and you believe that your child under the age of 13 has provided us with personal information, please contact us immediately at supportearn.ai@gmail.com. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take immediate steps to delete that information from our systems and terminate any associated access to the Service.

Users between the ages of 13 and 17 must have the permission of a parent or legal guardian to use EarnAI. By using the Service, users in this age group represent that they have obtained such permission.

We take the security of your personal information seriously and implement a range of technical and organizational measures designed to protect your data against unauthorized access, alteration, disclosure, or destruction.

Our security practices include:

• Encryption in transit: All data transmitted between your device and our servers is encrypted using industry-standard Transport Layer Security (TLS/HTTPS) protocols.
• Password security: If account-based authentication is introduced, passwords will be hashed using a strong, modern hashing algorithm (such as bcrypt or Argon2) before storage. Passwords are never stored in plain text, and we will never have access to your plain-text password.
• Payment security: Payment data is handled entirely by Stripe, which is certified as a PCI Service Provider Level 1 — the highest level of certification available in the payments industry.
• Access controls: Access to systems and data that contain personal information is restricted on a need-to-know basis and protected by authentication controls.
• Regular security reviews: We periodically review our security practices and infrastructure to identify and address potential vulnerabilities.

However, please be aware that no method of data transmission over the internet and no method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Security Breach Notification: In the event of a data security breach that we reasonably believe has exposed your personal information to unauthorized access, we will notify you and relevant regulatory authorities as required by applicable law, typically within 72 hours of becoming aware of the breach (for GDPR-regulated users) or as otherwise required by law.

The Service uses cookies and similar tracking technologies to operate and improve the Service. Here is a breakdown of how we use them:

Essential Cookies

We use essential cookies and local storage data that are strictly necessary for the Service to function. These include:

• Session state and authentication tokens (when account-based login is implemented).
• Theme preference (light/dark mode) stored in your browser's local storage.
• Your profile data, usage data, and saved items stored in your browser's local storage to provide the core functionality of the Service.

Essential cookies cannot be opted out of while using the Service, as the Service cannot function without them.

What We Do NOT Use

• We do not use tracking or behavioral analytics cookies for our own marketing purposes.
• We do not use third-party social media tracking pixels.
• We do not share cookie data with third-party data brokers.

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when new cookies are set. Please note that restricting certain cookies may affect the functionality of the Service.

We reserve the right to update or modify this Privacy Policy at any time. When we make changes, we will revise the "Last Updated" date at the top of this page.

For changes that materially affect your rights or the way we process your personal information, we will provide notice through one or more of the following methods, at least 30 days before the changes take effect:

• A prominent in-app notice displayed within the Service.
• An email notification sent to the address associated with your account (if applicable).

For minor or non-material changes (such as clarifications, corrections, or updates to contact information), we may post the updated Policy without prior notice beyond updating the date.

Your continued use of the Service after the effective date of any revised Policy constitutes your acceptance of the updated Policy. If you do not agree with the changes, you must discontinue your use of the Service and may request deletion of your personal data as described in Section 6.

We encourage you to review this Policy periodically to stay informed of how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise any of your privacy rights, please contact us:

We aim to respond to all privacy-related inquiries within 5–10 business days. For requests related to your rights under GDPR or CCPA, we will respond within the timeframe required by applicable law (typically 30 days, with an extension of up to an additional 30 days for complex requests).