Privacy Policy

1. Scope and who we are

Cue is a student planning app that turns messy school inputs into a practical plan. Cue can help with screenshots, files, voice notes, school deadlines, study goals, calendar constraints, reminders, notifications, and AI-assisted planning. This Privacy Policy applies to Cue, the Cue iOS app, cueplan.app, waitlist and school-code pages, referral pages, support requests, and any other feature that links to this policy.

When this policy says "Cue," "we," "us," or "our," it means the team operating Cue. When it says "you," it means the person using Cue, requesting a school code, joining through a referral, contacting support, or browsing our website. If a parent, guardian, teacher, or school administrator helps a student use Cue, "you" can also include that adult or institution where the context requires.

Cue is not a school, examination board, emergency service, healthcare provider, legal adviser, financial adviser, or mental-health service. The information you add to Cue may be important, but Cue's role is to help organize and plan it. You remain responsible for checking deadlines, instructions, policies, and outcomes with the relevant school, teacher, platform, or authority.

You can contact us about privacy, access, correction, deletion, export, consent withdrawal, or any other data request at hello@cueplan.app.

2. Short summary

The detailed policy below controls, but this summary gives you the practical shape of Cue's privacy model.

Cue collects the information needed to create your account, understand your school workload, process the content you choose to submit, produce plans, send notifications, keep the service secure, and operate school passes, trials, and referrals.
Cue can process highly personal student information because users often submit screenshots, worksheets, timetables, school messages, voice notes, calendar events, reminders, goals, and deadlines. Only submit information you are comfortable using with Cue.
Cue uses AI providers and backend services to extract tasks, plan work, answer questions, summarize information, and generate recommendations. Cue aims to send only the relevant fragments needed for a feature rather than your entire account history.
Cue uses Supabase for authentication, database storage, private file storage, realtime updates, and serverless backend functions. User-owned records are protected with row-level security and private storage paths.
Google sign-in, Google Calendar, Google Tasks, Apple Calendar, Apple Reminders, Apple Photos, camera, microphone, speech recognition, files, notifications, and similar permissions are optional or feature-specific. You can decline permissions, revoke integrations, or change settings, but some features may stop working.
Cue does not sell your personal information, does not use student content for third-party advertising, and does not share private study content with schools for discipline, monitoring, or advertising.
You can request access, correction, export, deletion, or account closure. Some limited backup, security, abuse-prevention, legal, or billing records may be retained where necessary.

3. Information Cue collects

The exact information Cue collects depends on how you use the app, which permissions you grant, which integrations you connect, and whether you use Cue anonymously, with Google sign-in, through a school pass, or through a referral.

Category	Examples	Why Cue uses it
Account and identity information	Supabase user ID, authentication provider, Google account identifiers, email address, display name, username, anonymous account state, account creation and sign-in records.	To create and secure your account, keep you signed in, prevent abuse, recover access, show account state, and apply access plans.
School, pass, trial, and referral information	School name or short code, school membership, school-code request details, referral code, referred/referrer status, successful referral count, plan tier, plan start and expiry dates, usage limits, entitlement status.	To operate anonymous trials, Google free access, school passes, referral rewards, school-code demand tracking, and usage limits.
Planning profile and preferences	Timezone, subjects, commitments, goals, exams, projects, CCAs, tuition, work blocks, preferred work windows, quiet hours, notification settings, planning intensity, buffer preferences, scheduling policy, energy or availability patterns you provide.	To generate realistic plans, protect time blocks, personalize suggestions, avoid bad scheduling, and make future plans more accurate.
Content you submit	Typed notes, pasted text, screenshots, photos, videos, PDFs, documents, file names, worksheets, whiteboard photos, voice captures, audio transcripts, chat messages, Ask Cue prompts, teacher instructions, task lists, and corrections you make during review.	To extract commitments, identify tasks, answer questions, create evidence links, generate plans, and let you review or correct Cue's interpretation.
Generated and derived information	OCR text, transcripts, source fragments, embeddings, extracted commitments, tasks, events, goals, notes, summaries, plan blocks, recommendations, confidence scores, duplicate checks, model outputs, prompt version, source pointers, before-and-after diffs.	To preserve evidence, make AI output reviewable, improve planning, support search and Q&A, audit AI-generated changes, and avoid duplicating or forgetting tasks.
Calendar and reminder data	Calendar list, selected calendars, busy blocks, event IDs, event titles, start and end times, recurrence data, selected write calendar, Google Calendar changes, Google Tasks lists or tasks, Apple Calendar events, Apple Reminders, conflict state, sync jobs.	To avoid scheduling over real commitments, import selected tasks, write planned blocks when you enable writes, reconcile changes, and keep your plan current.
Device permissions and local feature data	Camera access, selected Photos items, Files picker selections, microphone access, speech-recognition state, Apple Calendar and Reminders permissions, notification permission, app version, device type, OS version, locale, timezone.	To power capture, transcription, attachment, local planning, notifications, troubleshooting, and feature compatibility.
Notification data	APNs device token, notification preferences, quiet hours, alert cap, morning brief settings, upcoming block alerts, delivery events, live activity state.	To send reminders, plan-risk alerts, morning digests, live activity updates, and service messages you enable.
Usage, diagnostic, and security information	Feature usage, request timestamps, rate-limit buckets, error logs, crash or non-fatal diagnostics, app flow state, backend function outcomes, IP-derived security signals, abuse indicators.	To keep Cue reliable, debug issues, enforce fair usage, detect abuse, secure accounts, and understand which features need improvement.
Website and support information	School-code form submissions, email address, school, role, campaign/referral parameters, messages to support, basic server logs, contact history.	To respond to you, prioritize school-code requests, measure campaign performance, protect forms from spam, and operate cueplan.app.

Cue does not ask for government identity numbers, payment card numbers, bank details, medical records, or passwords for other services. Do not upload them unless a feature clearly requires them and you intentionally choose to include them. If Cue detects obvious secrets in content, we may try to reduce unnecessary exposure, but automated redaction will not catch everything.

4. Device permissions and integrations

Cue uses platform permissions only for the features you choose to use. Denying a permission may make that feature unavailable, but it should not prevent you from using unrelated parts of Cue.

Permission or integration	What Cue may access	Control
Camera	Images you capture in Cue, such as worksheets, whiteboards, handwritten notes, and printed instructions.	You can deny or revoke camera access in iOS Settings.
Photos and videos	Selected photos or videos you choose through the picker, such as screenshots, worksheets, or reference images.	Use iOS limited-library controls or revoke Photos access in Settings.
Files	Documents you choose through the file picker, including PDFs or school files.	Cue only receives files you select through the picker.
Microphone and speech recognition	Audio you record and live dictated messages you choose to capture.	You can deny or revoke microphone or speech-recognition access in iOS Settings.
Apple Calendar	Selected calendar events and busy blocks, plus write access if you grant a write-capable permission and enable calendar writes.	Manage permissions in iOS Settings and Cue integration settings.
Apple Reminders	Selected reminders that can be reviewed, linked, imported, planned, or reconciled.	Manage permissions in iOS Settings and Cue integration settings.
Google sign-in	Google identity information needed to authenticate you through Supabase Auth.	You can sign out in Cue and revoke access from your Google Account permissions page.
Google Calendar	Calendar lists, selected event data, read scopes, write scopes if you explicitly grant them, sync tokens, webhook state, and Cue-created event identifiers.	You choose whether to connect, which calendars count as constraints, and whether Cue may write plan blocks. You can revoke Google access.
Google Tasks	Selected task lists, tasks, task metadata, import choices, write choices if enabled, and sync/reconciliation records.	You choose whether to connect, import, ignore, link, or write tasks. You can revoke Google access.
Notifications and Live Activities	APNs token, notification settings, alert schedules, and delivery state.	Manage notifications in Cue and iOS Settings.

Cue's use and transfer of information received from Google APIs is intended to comply with the Google API Services User Data Policy, including Limited Use requirements. Cue does not use Google user data for ads, does not sell Google user data, and does not allow humans to read Google user data except where necessary for security, support with your consent, legal compliance, or providing the requested integration.

5. How Cue uses information

Cue uses information for the purposes described below. We try to keep each use tied to the product feature you requested or to a legitimate operational need.

To provide the app: create accounts, keep sessions active, load your profile, store your tasks, show your plan, sync state across devices, and keep your data available.
To process captures: upload selected files to private storage, extract text from screenshots or documents, transcribe voice captures, identify commitments, generate review cards, and preserve evidence links.
To plan your work: create daily plans, protect calendar blocks, estimate durations, split large goals into steps, reschedule missed work, avoid overload, and adjust future plans based on corrections.
To power Ask Cue and memory features: retrieve relevant source fragments, ground answers in your own information, apply a privacy budget to context selection, and avoid including unrelated account history.
To operate integrations: connect Google, read selected calendars or tasks, create or update Cue-owned calendar blocks where enabled, import reminders, reconcile external moves or deletes, and let you revoke connections.
To send notifications: deliver morning briefs, upcoming block alerts, plan-risk alerts, live activities, service messages, and account or security notices within your chosen settings.
To run school passes and referrals: verify school access, apply school codes, generate referral links, extend access, prevent fraud, measure aggregate school demand, and enforce usage limits.
To provide support: respond to emails, investigate bugs, restore account functionality, explain data exports, and resolve integration problems.
To keep Cue safe and reliable: monitor service health, prevent spam or abuse, enforce rate limits, detect suspicious behavior, audit AI-generated mutations, debug crashes, and protect secrets.
To improve Cue: understand which features are used, evaluate extraction and planning quality, identify common failure modes, test new product flows, and improve reliability. We do not need your private school content for advertising.
To comply with law and enforce terms: respond to valid legal requests, protect rights and safety, investigate violations, and preserve evidence if required.

6. AI processing and automated outputs

Cue uses AI-assisted systems to transform messy student input into structured tasks, plan blocks, summaries, answers, and recommendations. These systems may include internal rules, Supabase Edge Functions, embeddings, model prompts, and third-party AI model providers such as Gemini, DeepSeek, or successor providers.

Cue may send selected text, source fragments, transcripts, metadata, current plan context, and related profile settings to AI providers when needed for extraction, Q&A, planning, summarization, or classification.
Cue aims to minimize AI context by sending the smallest useful slice of information rather than your entire account history.
Cue records AI run metadata such as model, prompt version, source entity, confidence, confirmation state, and before-and-after diffs so AI-generated changes can be audited.
Cue may create embeddings from source fragments so that Ask Cue and similar features can retrieve relevant context. Embeddings are derived representations of text used for search; they are still treated as user data.
Where provider controls and contracts allow, Cue configures provider storage or training use off for user content. Cue does not authorize providers to use your private student content for third-party advertising.
AI output can be wrong, incomplete, outdated, or overconfident. You should review extracted tasks, deadlines, calendar writes, and generated plans before relying on them.

Cue is designed to keep the user in the review loop. For example, extracted commitments and external calendar conflicts may require confirmation, and calendar writes are controlled by settings and scopes. You should not use Cue as the only source of truth for exams, school submissions, safety-critical deadlines, medication, legal obligations, financial commitments, or emergency decisions.

7. How Cue shares information

Cue shares information only as needed to provide the service, operate integrations, comply with law, protect users, or complete a business transaction. We do not sell personal information and do not share private student content for cross-context behavioral advertising.

Recipient	What may be shared	Purpose
Supabase	Account data, database records, private storage files, function requests, realtime subscriptions, authentication state.	Authentication, storage, database, private file handling, backend functions, RLS-protected access, and service operation.
AI model providers	Relevant fragments, prompts, transcripts, plan context, source metadata, and model outputs.	Extraction, planning, embeddings, Q&A, summarization, classification, and similar AI-assisted features.
Google	Google identity data, Calendar or Tasks data, OAuth scopes, sync state, Cue-created event metadata, webhook data, depending on what you connect.	Sign-in, Calendar sync, Tasks import/write features, and account revocation.
Apple and iOS services	Permission state, APNs tokens, notification payloads, device-level calendar/reminder/photo/camera/microphone/speech access as mediated by iOS.	Native device features, notifications, Live Activities, capture, transcription, and local integrations.
Diagnostics and error-monitoring providers	Crash logs, non-fatal error reports, app flow state, device and OS metadata, and privacy-safe diagnostic context.	Reliability, debugging, security monitoring, and incident response.
Support and communication providers	Your email address, request content, support history, and school-code request details.	Responding to messages, operating support, and handling school-code requests.
Schools or school communities	Aggregate demand, school pass status, or information you explicitly submit for a school-code program.	Prioritizing school passes and administering access. Cue does not share your private captures, tasks, chats, or plans with schools for monitoring or discipline unless you explicitly ask us to or law requires it.
Legal, safety, and compliance recipients	Information reasonably necessary for a lawful request, fraud investigation, safety issue, rights protection, or terms enforcement.	Compliance, security, safety, and dispute handling.
Successor organizations	Information needed in a merger, acquisition, financing, reorganization, asset sale, or similar transaction.	Continuity of service and business operations, subject to this policy or replacement notice.

If you use a referral link, the link itself may include a referral code. People who receive that link may infer that you use Cue or are connected to a school pass campaign. Avoid sharing referral links where that association would be sensitive.

8. Legal bases for processing

Depending on where you live, privacy law may require Cue to identify a legal basis for processing personal data. Cue may rely on one or more of the following bases.

Consent: when you grant optional permissions, connect Google, enable calendar writes, sign up for school-code communications, or ask Cue to process selected content.
Contract necessity: when processing is needed to provide Cue, maintain your account, apply access plans, store your data, or deliver requested features.
Legitimate interests: when we secure the service, debug issues, prevent fraud, improve product reliability, enforce fair usage, and understand aggregate feature performance in ways that do not override your rights.
Legal obligation: when we must retain or disclose information to comply with applicable law, valid legal process, tax, accounting, consumer protection, or safety obligations.
Vital or public interests: only in rare circumstances where disclosure is necessary to protect someone's life, safety, or legal rights.

In Singapore, Cue treats consent, purpose limitation, notification, access, correction, accuracy, protection, retention limitation, transfer limitation, accountability, and similar Personal Data Protection Act principles as important design constraints. In the EEA, UK, California, and other regions with specific privacy rights, the regional sections below describe additional rights that may apply.

9. Retention, export, and deletion

Cue keeps information for as long as needed to provide the service, maintain your account, preserve evidence for your plan, operate integrations, comply with law, resolve disputes, enforce agreements, and protect Cue and users. The retention period can vary by data type.

Data type	Typical retention approach
Account and profile data	Kept while your account is active and for a limited period after deletion where needed for security, legal, backup, or abuse-prevention purposes.
Source files and raw captures	Kept while you need them as evidence for extracted tasks or until you delete them, delete your account, or Cue no longer needs them to provide the feature.
Derived tasks, plans, commitments, and notes	Kept while your account is active so Cue can maintain continuity, detect duplicates, plan future work, and answer questions grounded in your own data.
Calendar and integration records	Kept while the integration is connected and for a limited period after revocation where needed to reconcile pending jobs, avoid duplicates, or keep audit records.
OAuth tokens and secrets	Stored through protected backend secret handling where applicable and removed or invalidated when no longer needed or when you revoke the integration, subject to provider behavior.
Diagnostics, security logs, and rate-limit records	Kept for limited operational windows needed to investigate bugs, prevent abuse, secure the service, and meet legal obligations.
School-code and support requests	Kept as long as needed to respond, operate the campaign, maintain suppression or audit records, and understand aggregate school demand.

Cue includes profile export and account deletion features. Profile exports are designed to exclude raw captures, private files, auth tokens, OAuth tokens, provider secrets, and exact provider routing details. Account deletion is designed to remove private source storage files before deleting the Auth user. Some copies may remain temporarily in backups, logs, provider systems, or legal records.

If you want a broader export, deletion, correction, or explanation, contact hello@cueplan.app. We may need to verify your account before acting on the request.

10. Security measures

Cue uses technical and organizational safeguards designed for a student-data product, including backend access controls, private storage, least-necessary AI context, audit records, and account-level data isolation.

Supabase row-level security is used for user-owned tables exposed through the app.
Private storage buckets are used for source files, with user-scoped paths and short-lived signed access patterns where appropriate.
Service-role keys, AI provider keys, Google token secrets, APNs secrets, and similar secrets belong in server or protected backend environments, not the public app bundle.
Google refresh tokens and provider secrets are stored through backend secret handling rather than ordinary public user tables.
AI run metadata is recorded without intentionally duplicating broad raw content.
Rate limits, entitlement checks, and diagnostics help protect Cue from abuse and accidental overuse.
Account deletion and export flows are designed to avoid exposing raw private files or secrets in exports.

No system is perfectly secure. You are responsible for keeping your device, email account, Google account, Apple ID, and Cue account access secure. If you believe your account or content has been exposed, contact hello@cueplan.app promptly.

11. Students, children, parents, and schools

Cue is built for students, including students who may be under the age of majority in their country. Students should use Cue with parent, guardian, or school permission where required. If you are under 13, or under the minimum age at which your local law allows you to consent to online services, you may use Cue only with verifiable permission and supervision from a parent, guardian, or authorized school.

Parents or guardians can contact hello@cueplan.app to request access, correction, deletion, or account closure for a child where they have authority to do so.
Schools that promote Cue should make sure their use complies with their own student-data, consent, procurement, safeguarding, and acceptable-use obligations.
Cue does not knowingly use children's personal information for behavioral advertising.
Cue does not intentionally share a student's private captures, plans, tasks, grades, chats, or calendar details with a school for discipline or monitoring unless the student or authorized adult directs us to do so or law requires it.
Cue cannot guarantee that user-submitted content will not include information about classmates, teachers, family members, or other third parties. Do not upload someone else's personal information unless you have a proper reason and permission.

12. Your privacy rights and choices

Depending on your location, account type, and the data involved, you may have the right to access, correct, export, delete, restrict, object to, withdraw consent for, or appeal certain processing of your personal information.

Choice or right	How it works in Cue
Access	You can request a copy or explanation of personal information Cue holds about you. In-app profile export may cover common profile categories.
Correction	You can correct many tasks, profile fields, planning settings, and extracted commitments directly in Cue. You can also contact us.
Deletion	You can request deletion or use account deletion where available. Some limited records may remain where required or reasonably necessary.
Export or portability	Cue may provide structured exports for selected profile data. Raw captures, private files, auth tokens, OAuth tokens, and provider secrets are intentionally excluded from standard profile exports.
Withdraw consent	You can revoke permissions in iOS Settings, disconnect Google integrations, turn off notifications, disable calendar writes, or contact us.
Object or restrict	You can object to certain processing or ask us to restrict processing where applicable law gives you that right.
Appeal	If we deny a privacy request and your local law gives you appeal rights, reply to our decision or contact hello@cueplan.app with "Privacy appeal" in the subject.
Non-discrimination	Cue will not punish you for exercising privacy rights, although deleting data or revoking permissions may make some features unavailable.

For California and similar US state privacy laws, Cue does not sell personal information and does not share personal information for cross-context behavioral advertising. For EEA and UK users, you may also have rights to lodge a complaint with your local data protection authority. For Singapore users, you may contact us about access, correction, withdrawal of consent, or protection concerns before escalating to the Personal Data Protection Commission.

13. International transfers

Cue may process and store information in countries other than where you live, including locations where our backend, cloud, AI, diagnostics, support, or integration providers operate. Those countries may have privacy laws different from your own.

When required, Cue uses reasonable safeguards for international transfers, such as provider contracts, access controls, security measures, and data minimization. If you use Cue from a region with specific transfer requirements, your continued use means you understand that Cue's providers may process data internationally to deliver the service.

14. Changes to this policy

Cue may update this Privacy Policy as the app, providers, laws, or business operations change. If we make material changes, we will take reasonable steps to notify users, such as updating the effective date, posting a notice, sending an email, or showing an in-app message. The updated policy applies from the date stated unless the notice says otherwise.

15. Contact

For privacy questions, data requests, school or parent inquiries, security concerns, or complaints, contact hello@cueplan.app. Please include enough detail for us to understand the request, but do not send passwords, government identity numbers, or unnecessary sensitive information by email.