Privacy
Privacy Policy
Effective May 23, 2026
The short version
We collect the bare minimum to make Compa work: your email (so you can sign in), your tutorial requests, and basic usage stats. Screenshots from "Help with this page" and "Learn a tool" are sent to Google for one-time tutorial generation and aren't stored by us. We don't sell your data. Ever.
1. Who we are
Jesus Aguilera ("Compa," "we," "us," or "our") is a Chrome extension that overlays a tutorial guide on web pages. This policy explains what we collect when you use the extension or visit our website, and what we do with it.
If you have any privacy questions, write us at hello@compa.fyi.
2. What we collect
Account info
- Email address — collected when you sign in via magic-link OTP. We don't use passwords.
- Account ID — an internal identifier generated by our auth provider, Supabase.
- Plan + usage counters — whether you're on the Free or Pro plan, and how many tutorials you've used in the current rolling 7-day window.
Tutorial inputs
- Your queries — whatever you type into Compa (e.g., "teach me how to embed a chart in Figma").
- Mode — which of the three modes you used (Help with this page, Learn a tool, Walk me through).
- The page host — the domain of the page you were on when you asked (e.g., figma.com), not the full URL or page content.
- Screenshots — for "Help with this page" and "Learn a tool," Compa captures the visible portion of your current tab so the AI can see what you're looking at. Screenshots are sent to Google Gemini for one-time tutorial generation and are not stored by us.
Tutorial outputs
- Generated tutorial JSON — the 4–7 step walkthrough Compa generates for you. We store this so you can see your history and so we can improve the product.
Usage events
So we can understand which tutorials are working and which ones aren't, we record anonymous-ish events tied to your account:
- When you advance past a step (and how long you spent on it)
- When you tap "repeat" on a step
- When you go back to a previous step
- When you close a tutorial mid-flow
- When you complete a tutorial
- Feedback you give at the end (thumbs up/down + optional comment)
Payment info
If you upgrade to Pro, Stripe handles your payment. We never see your card number, CVV, or billing address. Stripe sends us a customer ID and subscription status so we know to flip your account to Pro. See Stripe's privacy policy.
Error logs
When something breaks (Gemini timeout, TTS failure, DB write error), we log the technical detail along with your account ID so we can diagnose it. We do not intentionally log tutorial content, however error reports may occasionally contain partial AI-generated output to help diagnose failures.
IP addresses
IP addresses may be retained in platform-level access logs by our infrastructure provider (Supabase) as standard practice.
3. How we use it
- To generate your tutorials — your query and screenshot go to Google Gemini's API, which returns the step JSON.
- To narrate them out loud — the step text is sent to Google Cloud Text-to-Speech, which returns an MP3 audio file.
- To enforce quotas — Free users get 3 tutorials per rolling 7-day window; we count usage against your account.
- To process payments — if you upgrade to Pro, your payment goes through Stripe.
- To improve the product — usage events and feedback help us see what's working. We do this in aggregate, not by reading individual users' queries.
- To fix bugs — error logs help us diagnose breakages.
We do not use your data to train any of our own models, and we don't sell or rent it to anyone.
4. Who we share it with (sub-processors)
To run Compa, we send your data to these third parties. Each operates under their own privacy policy:
- Supabase — database hosting, authentication, edge functions. (policy)
- Google Cloud (Gemini API) — receives your tutorial query + screenshot to generate the step JSON. (policy)
- Google Cloud (Text-to-Speech) — receives the step text and returns audio. (policy)
- Stripe — payment processing for Pro subscriptions. (policy)
That's the full list. If we add a new sub-processor, we'll update this page.
5. Where it's stored and for how long
Your data lives in Supabase (hosted on AWS, US region by default). We keep it as long as your account exists. If you delete your account, we remove your data within 30 days, except where we're legally required to retain something (e.g., payment records for tax purposes).
Screenshots sent to Google for tutorial generation are not retained by Compa. Google's own retention policy for API calls is governed by their terms.
6. Your rights
Regardless of where you live, you can:
- Access the data we hold about you — email us and we'll send it over.
- Correct anything that's wrong.
- Delete your account and all associated data — email hello@compa.fyi and we'll process it within 30 days.
- Export your tutorial history as JSON.
- Opt out of voice narration (mute toggle in the extension).
If you're in the EU/UK, you also have rights under GDPR including the right to object to processing and to lodge a complaint with your local data protection authority. If you're in California, you have rights under CCPA including the right to know what we've collected and to request deletion. Same email address either way.
7. Security
- All connections to our APIs use HTTPS.
- Every database table has Row Level Security enabled — clients can only read their own rows.
- Server-side API keys (Gemini, TTS, Stripe) are stored in Supabase secrets, never sent to the browser.
- Authentication tokens live in your browser's extension storage, accessible only by Compa, and refresh automatically before expiry.
No system is perfectly secure. If we discover a breach affecting your data, we'll notify you promptly.
8. Marketing site
This website (compa.fyi) doesn't currently use analytics, advertising cookies, or third-party trackers. Visiting it doesn't create an account or store anything in your browser beyond what Compa's hosting provider needs to serve the page.
9. Children
Compa isn't designed for children under 13, and we don't knowingly collect data from anyone under that age. If you believe a child has signed up, email us and we'll delete the account.
10. Changes to this policy
We'll update this page if we change how we handle data. If the change is material (new sub-processor, new category of data collected, etc.), we'll email registered users before it takes effect.
11. Contact
Privacy questions, data requests, or anything else: hello@compa.fyi.