Privacy Policy
Effective July 13, 2026
Tummel is a study service, not an advertising business. We use account, study, billing, and usage data to provide the product, keep it secure, and improve it. We do not sell personal information or use it for targeted advertising.
1. Who we are and what this covers
This Privacy Policy describes how Tummel ("Tummel," "we," "us," or "our") handles personal information when you use tummelai.com, Tummel accounts, and the related study, billing, sharing, and email features (the "Service"). It does not cover websites or services that have their own privacy policies.
Questions or privacy requests can be sent to support@tummelai.com.
2. Information we collect
- Account and profile information. Email address, authentication identifiers, account dates and status, education level, field of study, study goals, unit preferences, and accessibility or display preferences.
- Study content. Prompts, conversations, images, uploaded files and extracted text, notes, courses, exam schedules, flashcards, practice sets, tests, answers, scores, feedback, learning patterns, and other material you choose to create or submit.
- Billing information. Plan, trial and renewal dates, subscription status, promotion or referral information, and Stripe customer or subscription identifiers. Stripe collects and processes payment-card details; Tummel does not store full card numbers.
- Email information. Email preferences, consent timestamps, course reminder settings, delivery status, and provider identifiers. Optional product updates and exam reminders default off.
- Usage, device, and security information. A random anonymous browser identifier, hashed IP address, session and request identifiers, pages and features used, timestamps, outcomes, quotas, model and token usage, approximate cost, referral attribution, and security or abuse signals. Our hosting and infrastructure providers may also process ordinary request and log information such as IP address, browser headers, and error data.
- Public shares. If you create a public share link, we store the shared snapshot, its link token, and basic view or referral events. Anyone with an active link may be able to view that snapshot until you revoke it.
3. How we use information
- Provide, personalize, maintain, and troubleshoot the Service.
- Generate tutoring responses, practice material, explanations, study notes, and learning insights.
- Remember your work and learning preferences when you ask us to.
- Authenticate accounts, process subscriptions, apply limits, and prevent fraud or misuse.
- Send required account messages and the optional messages you enable.
- Measure product performance, understand feature use, and improve Tummel without putting prompt or answer text into the product analytics ledger.
- Comply with law, enforce our Terms, and protect users, Tummel, and others.
4. AI processing
Tummel sends the prompts, relevant conversation context, and attachments needed for an AI feature to OpenRouter. OpenRouter routes requests to third-party model providers selected by Tummel. Those providers may process prompts, outputs, images, or extracted document text to produce a response. Provider availability and the models Tummel uses can change.
OpenRouter states that it does not use inputs or outputs to train its own models, but individual model providers have different logging, retention, and training practices. Do not submit information that is highly sensitive, regulated, confidential to someone else, or unnecessary for your study request. See OpenRouter's privacy policy and provider-logging information for more detail.
Anonymous prompts and results are not added to a Tummel account or learning history. Tummel still processes limited anonymous identifiers, quota records, and operational analytics to provide and protect the anonymous preview.
5. When we disclose information
We disclose information only as needed for the purposes above, including to:
- Infrastructure and authentication providers, including Vercel and Supabase.
- AI providers, including OpenRouter and the model provider that handles a request.
- Payment and email providers, including Stripe and Resend.
- Login providers, such as Google or Microsoft, when you choose that login method.
- Other people, when you create a public share or direct us to share information.
- Authorities or transaction parties, when reasonably necessary to comply with law, protect rights and safety, investigate misuse, or complete a financing, sale, merger, or similar business transaction.
We do not sell personal information. We do not disclose personal information for cross-context behavioral advertising or use third-party advertising trackers.
6. Cookies and browser storage
Tummel uses cookies and browser storage that are necessary or useful for authentication, security, anonymous limits, referrals, saved display choices, feature preferences, and first-party campaign attribution. The anonymous browser cookie lasts up to one year. A referral-capture cookie lasts up to 30 days. Authentication cookies have durations set by Supabase and the session configuration.
Because Tummel does not sell personal information or use it for targeted advertising, there is no advertising opt-out to apply when we receive Global Privacy Control. Browser "Do Not Track" signals are not consistently defined, so the Service does not respond differently to them. Third parties do not collect personal information on Tummel for cross-site advertising.
7. Retention and deletion
We generally keep account and study information while your account is active so the Service can remember your work. You can delete individual chats, sets, notes, memories, learning insights, shares, and reminder schedules where the Service provides those controls. You may request account deletion by emailing us from the address connected to your account.
When an account is permanently deleted, user-owned product data is deleted and user-linked analytics are anonymized. We may retain limited records when reasonably necessary for security, fraud prevention, legal claims, tax or accounting duties, payment disputes, and audit integrity. Information may remain temporarily in protected backups, and vendors may retain information under their own policies or legal duties. Referral captures expire after 30 days. The anonymous browser cookie expires after one year, while related security, quota, and analytics records may be retained longer when reasonably necessary for those purposes.
8. Your choices and requests
- Update profile and accessibility choices in Settings.
- Turn optional product updates and exam reminders on or off independently.
- Delete or revoke supported study items and public shares in the Service.
- Ask to access, correct, export, or delete personal information by emailing support@tummelai.com. We may need to verify your identity before acting.
- Cancel a paid subscription through Settings and Stripe's Billing Portal. Account deletion does not by itself cancel an active subscription.
Depending on where you live, local law may provide additional rights. We will not discriminate against you for making a privacy request.
9. Security and international processing
We use technical and organizational safeguards designed to protect personal information, including access controls, encrypted connections, separation of privileged credentials, and row-level database controls. No internet service can promise absolute security. Tummel and its providers may process information in the United States and other countries where they operate.
10. Children
Tummel is not directed to children under 13, and you must be at least 13 to use the Service. If you are under the age of legal majority where you live, you may use Tummel only with permission from a parent or legal guardian. If we learn that we collected personal information from a child under 13, we will take reasonable steps to delete it. A parent or guardian can contact us at support@tummelai.com.
11. Changes to this policy
We may update this policy as Tummel or the law changes. We will change the effective date above and provide additional notice when a change is material. Your continued use after an update means the revised policy applies to future handling of information, subject to applicable law.