PRIVACY NOTICE

Last updated April 22, 2026

Academikx ("Academikx", "we", "us", "our") is built on zero-knowledge principles. Your messages, assignments, grades, and chats are encrypted in your browser before they reach our servers. Our servers store only ciphertext. Even our own engineers, with full database access, cannot read your content. Your password never reaches us. If you have any questions, contact us at contact@academikx.com.


This notice describes, in detail, what we do collect, how we protect it, what we cannot see, and your rights. If any term below conflicts with the zero-knowledge architecture described on our security page, the zero-knowledge architecture governs in practice and this policy will be updated to match.


TABLE OF CONTENTS


1. WHAT INFORMATION WE COLLECT

2. HOW WE USE INFORMATION

3. WHEN WE SHARE INFORMATION

4. COOKIES AND TRACKING

5. HOW LONG WE KEEP YOUR DATA

6. HOW WE KEEP YOUR DATA SAFE

7. CHILDREN'S DATA

8. YOUR PRIVACY RIGHTS

9. RECOVERY AND DATA LOSS

10. UPDATES TO THIS NOTICE

11. HOW TO CONTACT US


1. WHAT INFORMATION WE COLLECT


In Short: We collect the minimum needed to run the platform. Most of your content is encrypted in your browser and we cannot read it.


Information you give us directly

  • Account: full name, email address, chosen username.
  • Authentication material: a password-derived verifier produced in your browser. Your actual password never reaches our servers.
  • A public portion of a cryptographic key pair, used to let other users in your classes share encrypted content with you. The private portion never leaves your browser.
  • Payment information handled by third-party payment processors (such as PayPal). We do not store your payment card details.


Information we collect automatically

  • IP address, browser type, device type, operating system, language preference.
  • Timestamps of your activity on the platform.
  • Pages you visit and actions you take (create a class, send a message, etc.), recorded as metadata only. We record that an event happened, not its content.
  • Error logs from your browser, scrubbed of any user-supplied content before storage.


Information we cannot access

Because of our zero-knowledge architecture, the following are encrypted in your browser before reaching us and we cannot read them:

  • The content of messages you send in chats.
  • The content of assignments you submit or receive.
  • The titles, descriptions, and attachments of any work.
  • Your grades and grade history.
  • The name and code of any class you are enrolled in.
  • Any files you upload to an issue report or attach to a message.
  • Your email address at rest. We store an encrypted form of it plus a keyed-hash lookup value; the plaintext is only accessible when you are logged in.


2. HOW WE USE INFORMATION


In Short: We use your information to run the platform and keep it secure. We do not use it for advertising.


  • To run the platform: routing messages, managing classes, processing payments, sending notifications you have asked for.
  • To keep the platform secure: detecting abuse, preventing fraud, responding to incidents.
  • To meet our legal obligations: responding to valid legal process, tax and accounting requirements.
  • To improve the platform: understanding aggregate usage patterns (never individual content).
  • To contact you about your account or material changes to our services.


We do not use your information for advertising. We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not use your content to train artificial intelligence systems. AI writing assistance offered on the platform runs on our own servers; your content is never sent to external AI providers.


3. WHEN WE SHARE INFORMATION


In Short: Only with service providers we depend on to operate, only when legally required, and never for marketing.


  • Service providers we depend on to operate. We use a content-delivery network to protect against denial-of-service attacks and serve pages quickly; they see request metadata (IP, timestamp, URL) but cannot read your encrypted content. We use a payment processor (such as PayPal) for payments; they see your payment details, which we do not. If we add a new processor, we will update this policy.
  • Legal process. We will disclose information where legally required in a jurisdiction that has authority over us, such as Kenya (our place of incorporation) or Switzerland (where we host our infrastructure). We will push back on overbroad requests. We cannot disclose content we cannot read; a legal request for encrypted content returns ciphertext, which we are unable to decrypt.
  • Vital interests. In situations involving imminent threats to life or safety, we may disclose information to relevant authorities.
  • With your explicit consent. Never otherwise.


We do not share your information with business partners for promotions, with affiliated companies for marketing, with advertisers, or as part of a data sale. None of these arrangements exist.


4. COOKIES AND TRACKING


In Short: Only essential cookies. No tracking. No behavioural advertising.


We use cookies only for essential functionality: keeping you logged in, remembering your language and theme preferences. We do not use tracking cookies, behavioural-advertising cookies, or third-party analytics that identify you personally. Our content-delivery network may set operational cookies to protect the service from attacks; these cookies are short-lived.


See our Cookie Notice for specifics.


5. HOW LONG WE KEEP YOUR DATA


In Short: As long as your account is active, plus 30 days. Transaction records up to 7 years for tax purposes.


  • Account data (name, email hash, public key, timestamps): kept while your account is active, plus 30 days after account closure.
  • Encrypted content (messages, assignments, files): kept while your account is active. On account closure, all encrypted blobs are purged within 30 days.
  • Transaction records (payments, invoices): kept for 7 years to meet tax and accounting requirements.
  • Server logs: retained for 90 days for security monitoring, then deleted.


Backups may retain your data for up to an additional 30 days before being rotated out.


6. HOW WE KEEP YOUR DATA SAFE


In Short: Client-side encryption, password-authenticated key exchange, Swiss-hosted infrastructure, audited cryptographic libraries.


  • All user content is encrypted in your browser using modern cryptographic primitives before being sent to our servers. Keys for decryption are derived from your password and never transmitted to us.
  • Authentication uses a password-authenticated key exchange protocol that allows us to verify you know your password without ever receiving it.
  • Infrastructure is hosted in Switzerland, under Swiss data-protection law.
  • Access to our production systems requires two-factor authentication and is limited to the engineers who operate the platform. All such access is logged.
  • We use audited third-party cryptographic libraries.


No system is completely invulnerable. If a breach occurs, we will notify affected users within 72 hours of confirming the incident, as required by the European General Data Protection Regulation. We will publish a post-incident report describing what happened and what we changed.


7. CHILDREN'S DATA


In Short: The platform is for adults 18 and older.


The platform is intended for users aged 18 and older. We do not knowingly collect information from anyone under 18. If we learn we have collected such information, we will delete it promptly. If you believe we may have collected information from a minor, please contact us at contact@academikx.com.


8. YOUR PRIVACY RIGHTS


In Short: You can access, correct, delete, or export your data at any time. To exercise any right, email contact@academikx.com.


Depending on where you live, you have some or all of the following rights:

  • Access. Request a copy of the personal information we hold about you. Because most of your content is encrypted with keys only you possess, your own browser is the authoritative copy; we provide our metadata on request.
  • Correction. Ask us to correct inaccurate information.
  • Deletion. Delete your account. All encrypted blobs tied to your account are purged within 30 days.
  • Portability. Receive a machine-readable copy of metadata we hold about you.
  • Objection. Object to certain processing.
  • Restriction. Ask us to limit how we process your information.
  • Withdrawal of consent. Where we rely on your consent, withdraw it at any time.


To exercise any of these rights, email contact@academikx.com. We respond within 30 days.


European Economic Area residents have the right to lodge a complaint with their national data protection authority. A directory is available at ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.


Swiss residents may contact the Federal Data Protection and Information Commissioner at edoeb.admin.ch.


California residents have additional rights under the California Consumer Privacy Act (CCPA). Academikx has not sold personal information to third parties in the preceding 12 months and will not do so in the future. California residents may request disclosure of categories of personal information we have collected, purposes of collection, and categories of third parties (service providers only) with whom we have shared personal information.


9. RECOVERY AND DATA LOSS


In Short: If you lose your password AND your 12-word recovery kit, your data is permanently inaccessible. This is by design and cannot be reversed.


At signup, you receive a 12-word recovery kit. Store it somewhere safe, printed on paper, locked in a drawer, or in an offline password manager. If you lose both your password and your recovery kit, your encrypted data is permanently inaccessible, including by us. This is the cryptographic trade-off that makes our privacy guarantee real. Support cannot recover your data in this case because we never had the key.


10. UPDATES TO THIS NOTICE


In Short: We will tell you when this notice changes materially.


We will update this notice when our practices change. Material changes will be announced on the platform and by email at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.


11. HOW TO CONTACT US


Academikx

Email: contact@academikx.com