Privacy Policy
Last updated: 13 May 2026
1. Who we are
Starh AI is a product of Starh Academy, registered in Dubai, UAE. This Privacy Policy explains how we collect, use, share, and protect personal data when you use the Starh AI platform (the “Service”). For data submitted by an organisation’s members, the organisation is the data controller and Starh AI acts as a processor on its behalf.
2. Data we collect
- Account data — name, email, organisation, role, password hash.
- Voice data — audio you record during roleplay and assessment sessions, and the text transcripts produced from it.
- Learning data — courses, lessons, quiz attempts, scores, skill records, certificates, survey responses.
- Content you upload — scenarios, SCORM packages, videos, documents, images.
- Usage data — log data, device and browser information, feature usage, and error reports.
- Billing data — subscription plan, seat count, and billing identifiers. Card details are handled by our payment processor; we do not store full card numbers.
3. How we use data
- To provide, operate, and secure the Service.
- To generate AI scenarios, coaching responses, scoring, and design suggestions.
- To transcribe and score voice sessions.
- To produce reports and analytics for organisation administrators.
- To process payments and manage subscriptions.
- To communicate with you about your account, security, and product updates.
- To detect, prevent, and respond to fraud, abuse, and security incidents.
We do not sell personal data, and we do not use Customer Content to train third-party AI models.
4. AI and voice processing
To deliver core features, we send certain data to third-party providers:
- AI model providers — scenario text, lesson content, and conversation context are sent to large-language-model providers to generate responses and scoring.
- Voice providers — audio is sent to speech-to-text and text-to-speech providers to transcribe what you say and to voice the AI character.
These providers process the data on our instructions and under their own security and privacy commitments. We choose providers that do not use submitted data to train their public models, where that option is available.
5. How we share data
- Within your organisation — administrators and instructors can see learning records, scores, and session data for members of their organisation.
- Service providers — hosting, database, authentication, AI, voice, video hosting, payments, error monitoring, and customer-support tools.
- Legal — where required by law, regulation, or valid legal process, or to protect rights, safety, and property.
- Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Policy.
6. International transfers
Starh AI operates from the UAE and uses service providers that may process data in other countries. Where data is transferred across borders, we rely on appropriate safeguards consistent with applicable data-protection law.
7. Data retention
- Account and learning data are retained for as long as your organisation’s subscription is active.
- Voice recordings and transcripts are retained to provide session history and scoring; an organisation administrator can request earlier deletion.
- After account closure, we retain data for a limited wind-down period to allow export, then delete or anonymise it, except where longer retention is required by law (for example, financial records).
8. Your rights
Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. If your data was submitted through an organisation, please contact that organisation’s administrator first; we will support them in fulfilling your request. You can also contact us directly using the details below.
9. Security
We use industry-standard measures to protect personal data, including encryption in transit, row-level access controls in our database, scoped API keys, rate limiting, and least-privilege access for staff. No system is perfectly secure; we will notify affected users and organisations of a material data breach as required by law.
10. Cookies
We use a small number of essential cookies and similar technologies for authentication, security, and preferences (such as theme). We do not use advertising cookies.
11. Children
The Service is not directed to children. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.
12. Changes to this Policy
We may update this Policy from time to time. Material changes will be notified by email or in-product notice. The “last updated” date above always reflects the current version.
13. Contact
Privacy questions or requests: samid@starhacademy.com.