Privacy Policy

Last updated: 20 February 2026

1. Who We Are

TekSpert Ai ("we", "us", "our") provides an AI-powered development tool for Roblox Studio. This privacy policy explains how we collect, use, store, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

TekSpert Ai is the data controller for the personal data described in this policy. If you have any questions about how we handle your data, please contact us at support@tekspert.ai.

3. What Data We Collect

3.1 Account Data

• Email address — used for account creation and login
• Display name — shown in the dashboard
• Password hash — we never store passwords in plain text; they are hashed using bcrypt with 12 salt rounds
• Google account data — if you sign in via Google OAuth, we receive your name, email, and profile picture from Google

3.2 Usage Data

• Token balance and transaction history — records of token purchases, usage, and top-ups
• AI chat messages — messages you send and receive via the AI assistant, stored temporarily during your session for context
• Feedback responses — optional feedback you submit about AI responses

3.3 Payment Data

• We use Stripe as our payment processor. We do not store your card number, CVV, or full card details on our servers.
• Stripe may store payment information in accordance with their own Privacy Policy.
• We store transaction references (Stripe session IDs) to link payments to your token balance.

3.4 Technical Data

• Session tokens (JWT) — used to keep you logged in
• Local storage data — authentication tokens and UI preferences stored in your browser

4. Lawful Basis for Processing

Under UK GDPR Article 6, we process your data on the following legal bases:

• Contract (Art. 6(1)(b)) — processing necessary to provide the TekSpert Ai service you have signed up for
• Legitimate interests (Art. 6(1)(f)) — to improve our service, prevent fraud, and ensure platform security
• Consent (Art. 6(1)(a)) — where we rely on your consent (e.g. optional cookies), you can withdraw it at any time

5. How We Use Your Data

• To create and manage your account
• To process token purchases via Stripe
• To provide AI-assisted development features
• To track your token balance and usage
• To improve our AI service quality using anonymised feedback
• To send important service updates (not marketing)

6. Data Sharing

We do not sell your personal data. We share data only with:

• AI Processing Provider — your AI chat messages are sent to a third-party AI provider for processing.
• Stripe — payment processing. See Stripe's Privacy Policy.
• Google — if you use Google OAuth sign-in. See Google's Privacy Policy.

7. Data Retention

• Account data — retained while your account is active; deleted upon request
• Chat history — stored temporarily during sessions; cleared on server restart or when you click "Clear Chat"
• Transaction records — retained for 6 years for tax and accounting purposes as required by HMRC
• Session tokens — expire after 7 days

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of access — request a copy of your data
• Right to rectification — correct inaccurate data
• Right to erasure — request deletion of your data ("right to be forgotten")
• Right to restrict processing — limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent

To exercise any of these rights, contact support@tekspert.ai. We will respond within one calendar month as required by UK GDPR.

9. Data Security

• Passwords are hashed with bcrypt (12 salt rounds) — we cannot read your password
• Authentication uses JWT tokens with expiry
• Payment card data is handled entirely by Stripe (PCI DSS Level 1 certified)
• All data transmitted over HTTPS in production

10. International Transfers

Your AI chat data is processed by our AI provider (based in the USA). This transfer is covered by standard contractual clauses and data processing agreements. Payment data is processed by Stripe, which maintains UK and EU data centres and complies with UK GDPR.

11. Children's Privacy

TekSpert Ai is not directed at children under 13. If you are under 13, please do not create an account. If we become aware that we have collected data from a child under 13 without parental consent, we will delete it promptly.

12. Cookies

For details about which cookies we use and why, please see our Cookie Policy.

13. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via the dashboard. The "last updated" date at the top reflects when changes were last made.

14. Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113