Privacy Policy

Last Updated: 9 May 2026

This Privacy Policy explains how Cursive Pte. Ltd., the operator of Vector, Vector Learning, and Vector Learning App, collects, uses, discloses, stores, and protects personal data. It also explains important limits that apply when students use artificial intelligence (“AI”)-enabled educational features.

By creating an account, logging in, signing in, subscribing, or using any part of the Services, you confirm that you have read, understood, and agreed to this Privacy Policy and our Terms of Service.

In this Privacy Policy, “we”, “us”, and “our” refer to Cursive Pte. Ltd. and the Vector services we operate.

This Privacy Policy applies to:

vectorlearningapp.com
app.vectorlearningapp.com
api.vectorlearningapp.com
the Vector mobile application
any related websites, apps, application programming interfaces (“APIs”), products, services, features, communications, and support channels we provide, collectively called the “Services”.

By accessing or using our Services, you acknowledge that your personal data may be collected, used, disclosed, stored, and otherwise processed as described in this Privacy Policy.

1. Who We Are

Cursive Pte. Ltd. is the operator of the Vector Services.

The Services may be made available under the following names:

Vector
Vector Learning
Vector Learning App

For questions, requests, or complaints relating to this Privacy Policy or your personal data, please contact our Data Protection Officer:

Data Protection Officer
Cursive Pte. Ltd.
Email: privacy@vectorlearningapp.com

2. What Personal Data We Collect

Depending on how you use our Services, we may collect the following categories of personal data.

2.1 Account and profile information

We may collect:

name
email address
username
password and account credentials
school
school level
subjects taken
account preferences and settings

2.2 Learning, study, and usage information

We may collect learning and usage information, including:

notes viewed
practice history
questions attempted
answers submitted
scores
topic accuracy
study duration
Pomodoro timer usage
exam tracker entries
to-do list items
bookmarked or saved learning content
feature usage and activity needed to operate the Services

2.3 Payment, subscription, and billing information

If you subscribe to paid features or services, payment and subscription information may be collected and processed by payment or subscription providers such as RevenueCat, Stripe, Apple, Google, Apple Pay, or Google Play, depending on the platform used.

We may receive limited information such as:

payment status
subscription status
plan or product purchased
renewal status
billing-related identifiers
transaction identifiers
platform used for purchase
subscription expiry date

We do not directly store your full credit card number, Apple Pay details, Google Pay details, or full payment credentials on our own systems.

Subscriptions must be managed, renewed, cancelled, or otherwise handled through the platform where the subscription was purchased. Deleting your Vector account does not automatically cancel a subscription managed by Apple, Google, Stripe, RevenueCat, or another payment platform.

2.4 Chatbot and user-submitted content

If you use our AI chatbot, we may collect:

messages, prompts, questions, and content you submit
AI-generated responses
timestamps and chatbot usage records
usage limits and quota-related information
diagnostic and service data needed to provide chatbot functionality

Our chatbot may use third-party AI services, including OpenAI and DeepSeek, to process inputs and generate responses. When you use the chatbot, your prompts, messages, and related technical data may be sent to these providers for processing.

You are responsible for the information you choose to submit to the chatbot. Do not submit sensitive, confidential, regulated, or third-party information, including:

passwords, account credentials, access tokens, or security codes
payment card details, bank account details, or full payment credentials
NRIC, FIN, passport, birth certificate, or other government identification numbers
medical, health, counselling, disability, or special educational needs information
private family information, financial information, or information about other people
school confidential materials, unpublished examination papers, copyrighted materials, or content you are not authorised to share
any information that you would not want transmitted to or processed by a third-party AI provider

Important AI processing risks include:

AI providers may process prompts, messages, outputs, metadata, and technical information to provide and secure the chatbot functionality
AI processing may take place outside Singapore, depending on the relevant provider, infrastructure, and service configuration
AI outputs may be inaccurate, incomplete, misleading, outdated, inappropriate, or unsuitable for your circumstances
AI features may be suspended, rate-limited, changed, replaced, or removed without prior notice
we cannot guarantee that a prompt submitted by a user will be confidential once it is transmitted through third-party systems, except to the extent required by applicable law and applicable provider terms

AI-generated responses are provided for educational support only. They may be inaccurate, incomplete, or unsuitable for your specific situation, and should not be treated as professional, medical, legal, financial, mental health, examination, or school disciplinary advice.

2.5 Technical, device, and usage information

We may collect technical and usage information such as:

IP address
device identifiers
device model
operating system
browser type
app version
log data
crash and diagnostic data
session data
feature usage data
account access history
security and fraud-prevention data

We may use this information to:

maintain account security
keep users signed in
detect unusual access
reduce misuse
help enforce account access controls
debug errors and improve app reliability

2.6 Push notification information

If you enable push notifications in the Vector mobile application, we may collect and use device push tokens and related notification settings.

We may use push notifications for:

Pomodoro timer reminders
study-related reminders
exam tracker reminders
to-do reminders
account or service notifications
other app functionality you enable

You can usually manage push notification permissions through your device or app settings.

2.7 Cookies and similar technologies

We may use cookies, local storage, software development kits (“SDKs”), and similar technologies to:

keep you signed in
remember your preferences
improve performance
understand product usage
maintain security
support analytics and troubleshooting

Where required by law, we will request consent before using non-essential cookies or similar technologies.

3. How We Collect Personal Data

We may collect personal data:

directly from you when you create an account, use our Services, fill in forms, make payments, contact us, or interact with the chatbot
automatically through your use of our website, app, API, and other Services
from third-party service providers that support our Services, such as payment, subscription, hosting, analytics, notification, authentication, and AI providers
from your device, browser, or operating system where permitted by law and your settings

4. Backend, Hosting, and Storage

Vector uses a Spring Boot backend to operate the Services, manage accounts, authenticate users, provide learning features, process study analytics, enforce usage limits, and connect with third-party services.

Our backend, databases, logs, backups, files, and related infrastructure are hosted on Amazon Web Services (“AWS”). This may include services for application hosting, database storage, file and media storage, security monitoring, backups, logging, email, and system notifications.

Personal data may be stored and processed on AWS infrastructure in Singapore or other AWS regions, depending on our infrastructure configuration, operational needs, and service availability.

5. Why We Collect, Use, and Disclose Personal Data

We may collect, use, and disclose your personal data for purposes such as:

creating, managing, and securing your account
providing access to our website, web app, API, and mobile app
delivering notes, practice sets, study tools, timers, exam tracking, analytics, and other platform features
personalising your experience based on your school, school level, subjects, and learning activity
tracking practice history, study duration, topic accuracy, and other learning analytics
processing subscriptions, payments, cancellations, billing matters, and entitlement checks
providing chatbot functionality and AI-generated responses
sending push notifications, reminders, and service messages
responding to enquiries, support requests, bug reports, and feedback
improving our Services, features, design, stability, and user experience
conducting analytics, testing, research, and troubleshooting
detecting, preventing, and investigating fraud, misuse, unauthorised access, and security incidents
enforcing our terms, policies, account rules, and intellectual property rights
complying with legal and regulatory obligations
protecting our rights, property, systems, and users

Where required by law, we will collect, use, or disclose your personal data only with valid consent or where another basis under applicable law permits us to do so.

6. Disclosure of Personal Data

We may disclose your personal data to:

our employees, contractors, and authorised personnel who need the information to perform their work
Amazon Web Services (AWS), which hosts our Spring Boot backend, databases, logs, backups, and storage infrastructure
payment and subscription providers, including RevenueCat, Stripe, Apple, Google, Apple Pay, and Google Play, where applicable
AI and technology providers, including OpenAI and DeepSeek
cloud hosting, infrastructure, storage, analytics, messaging, notification, customer support, and security providers
professional advisers such as lawyers, auditors, consultants, and insurers
regulators, public authorities, law enforcement agencies, or courts where required or permitted by law
parties involved in a merger, acquisition, restructuring, financing, or sale of assets
other persons where you have given consent or where disclosure is otherwise permitted by law

Where we engage third-party service providers to process personal data on our behalf, we take reasonable steps to require appropriate protection of that data.

We do not sell your personal data.

7. AI Provider Disclosure

When you use the AI chatbot, your prompts, messages, and related data may be transmitted to third-party AI providers, including OpenAI and DeepSeek, so that they can generate responses and provide related services.

By using the AI chatbot, you consent to this processing. If you do not want your messages processed by third-party AI providers, do not use the AI chatbot feature.

You acknowledge that chatbot submissions may be processed by third-party systems outside our direct technical control. To the fullest extent permitted by law, we are not responsible for any disclosure, loss, misuse, or unauthorised processing that results from information you choose to submit contrary to this Privacy Policy, our in-app warnings, or our Terms of Service.

We do not intentionally use chatbot messages to identify users beyond what is needed to operate accounts, enforce usage limits, provide support, improve safety, secure the Services, or comply with legal obligations.

8. Notes, Diagrams, Practice Sets, and Learning Content

Vector provides notes, diagrams, markdown-rendered learning content, practice questions, practice sets, analytics, focus tools, and other educational materials.

This Privacy Policy explains how we handle personal data. Restrictions on copying, screenshotting, redistributing, selling, or misusing Vector content are set out in our Terms of Service.

We may process usage information relating to learning content to provide progress tracking, topic accuracy, recommendations, troubleshooting, and service improvements.

9. Subscriptions, Cancellations, and Refunds

Subscriptions are managed by the relevant platform or payment provider. Depending on where you subscribe, this may include RevenueCat, Stripe, Apple App Store, Google Play, Apple Pay, Google Pay, or another supported provider.

You may cancel your subscription through the platform where you purchased it. Cancellation stops future renewals but does not automatically delete your Vector account.

Unless required by law or by the applicable platform's own refund rules, subscription payments are non-refundable. Subscription pricing may change from time to time and will be shown in the app or on the relevant payment platform before purchase.

10. Account Deletion

You may delete your account at any time through the app where account deletion is available.

When you request account deletion, we will delete or anonymise personal data associated with your account, unless we are required or permitted to retain certain data for legal, security, tax, accounting, dispute resolution, fraud prevention, service integrity, or legitimate business purposes.

Some data may remain in backups for a limited period before being securely deleted or overwritten.

Deleting your Vector account does not automatically cancel subscriptions managed by Apple, Google, Stripe, RevenueCat, or other payment platforms. You must cancel your subscription through the platform where you purchased it.

11. Overseas Transfers

Vector is operated from Singapore. Our backend and infrastructure are hosted using AWS, and some third-party providers may process data outside Singapore.

Where personal data is transferred outside Singapore, we take reasonable steps to ensure that the receiving organisation provides a standard of protection comparable to the protection required under Singapore's Personal Data Protection Act 2012 (“PDPA”), where applicable.

12. Account Security and Device Access

We may use device, session, and access-related information to protect accounts and maintain service integrity.

To support account security and reduce misuse, one account may be limited to one device at a time. Account sharing is not encouraged. We may use technical measures to detect, prevent, or restrict unauthorised or abusive account access.

13. Accuracy of Personal Data

We generally rely on the personal data you provide to us. You should ensure that the information you provide is accurate, complete, and kept up to date.

If your personal data changes, please update it through your account settings where available or contact us.

14. Protection of Personal Data

We take reasonable security measures to protect personal data in our possession or under our control against unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks.

These measures may include:

authentication and access controls
encryption in transit where appropriate
restricted internal access
logging and monitoring
role-based access controls
vendor and infrastructure controls
secure credential management
security testing and operational safeguards

However, no method of transmission over the internet and no method of electronic storage is completely secure. We therefore cannot guarantee absolute security.

15. Retention of Personal Data

We retain personal data only for as long as it is reasonably necessary for legal or business purposes, or as otherwise required or permitted by law.

Retention reasons may include maintaining your account, providing learning history and analytics, managing subscriptions, supporting customer service, preventing fraud or misuse, meeting legal, tax, accounting, and regulatory obligations, resolving disputes, and enforcing our terms.

When personal data is no longer needed, we will take reasonable steps to delete, destroy, anonymise, or securely dispose of it.

16. Your Rights

Subject to applicable law, you may request:

access to personal data we hold about you
correction of inaccurate or incomplete personal data
information about how your personal data has been used or disclosed by us within the period required by law
withdrawal of consent to our collection, use, or disclosure of your personal data, where consent is the basis relied upon
account deletion through the app, subject to data we are legally required or permitted to retain

If you wish to make such a request, please contact our Data Protection Officer at privacy@vectorlearningapp.com.

We may need to verify your identity before processing a request. We may also decline or limit a request where permitted or required by applicable law.

If you withdraw consent, we may not be able to continue providing some or all parts of the Services to you.

17. Children and Students

Vector is designed for students.

If you are below the age required to consent to data processing in your jurisdiction, you should use Vector only with permission from a parent or guardian. In Singapore, a student aged 13 to 17 may generally provide valid consent where the privacy notice is understandable to the student, but we may still require parent or guardian consent where appropriate.

If we have reason to believe that a user is a child who does not have sufficient understanding to provide valid consent, or that use of the Services creates privacy, safety, legal, school, or welfare concerns, we may require consent from a parent or guardian, restrict features, suspend access, or delete the relevant account. Where a child is below 13 years of age, consent from the child's parent or guardian may be required.

If you are a parent or guardian and believe that a child has provided personal data to us inappropriately, please contact us at privacy@vectorlearningapp.com.

18. Data Breaches

If a data breach occurs, we will assess it and take appropriate steps to contain, investigate, and remediate the issue.

Where required by applicable law, we will notify the Personal Data Protection Commission of Singapore (“PDPC”) and affected individuals. A notifiable breach must be reported to the PDPC as soon as practicable and no later than 3 calendar days after we determine that the breach is notifiable.

Security incidents may still occur despite reasonable safeguards. To the fullest extent permitted by law, we are not responsible for breaches, unauthorised access, data loss, or security incidents caused by your device, your account credentials, your network, your failure to follow security instructions, third-party platforms, third-party service providers, force majeure events, or circumstances outside our reasonable control.

19. Third-Party Services and Links

Our Services may link to or integrate with third-party websites, tools, or services. Those third parties operate under their own terms and privacy policies, and we are not responsible for their privacy practices.

You should review the privacy policies of relevant third parties, including providers such as RevenueCat, Stripe, Apple, Google, OpenAI, DeepSeek, and AWS, before using those parts of the Services.

20. Marketing and Service Communications

We may send service-related communications, such as account, security, subscription, support, and operational messages.

We will only send marketing messages where permitted by law or with your consent where required. You may unsubscribe from marketing communications where an unsubscribe option is provided.

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Any updated version will be posted on our website or app with a revised Last Updated date. Your continued use of the Services after an update takes effect will be subject to the revised Privacy Policy to the extent permitted by law.

22. Contact Us

If you have any questions, requests, or complaints about this Privacy Policy or our handling of personal data, please contact: