AcadeX

    Privacy Policy

    Last updated: January 15, 2025

    1. Introduction

    AcadeX ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. We comply with GDPR, CCPA, and other applicable data protection regulations.

    2. Information We Collect

    We collect: (a) Account information — name, email, role, institution; (b) Academic data — grades, transcripts, enrollment records; (c) Usage data — login times, feature usage, device information; (d) Financial data — payment information for billing purposes. We collect only what is necessary to provide our services.

    3. How We Use Your Information

    We use your information to: provide and maintain the Platform; process transactions; send service-related communications; improve our services through analytics; provide customer support; comply with legal obligations; and detect and prevent fraud.

    4. Data Sharing

    We do not sell your personal data. We may share data with: service providers who assist in operating the Platform (under strict data processing agreements); law enforcement when required by law; your institution's authorized administrators. All third-party processors are GDPR-compliant.

    5. Data Retention

    We retain personal data only as long as necessary to fulfill the purposes outlined in this policy. Academic records are retained for the duration of the institution's subscription plus 90 days for data export. After termination, all data is securely deleted.

    6. Your Rights (GDPR)

    Under GDPR, you have the right to: access your personal data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict processing; data portability; object to processing; and withdraw consent. To exercise these rights, contact our Data Protection Officer.

    7. Security

    We implement industry-standard security measures including: AES-256 encryption at rest; TLS 1.3 encryption in transit; role-based access controls; regular security audits; SOC 2 Type II certified infrastructure; and automated vulnerability scanning.

    8. Cookies

    We use essential cookies for authentication and session management. Analytics cookies are optional and require your consent. You can manage cookie preferences through your browser settings or our cookie consent banner.

    9. International Transfers

    Data may be processed in different regions. We ensure adequate protection through Standard Contractual Clauses (SCCs) and data processing agreements. Enterprise customers can choose their preferred data residency region.

    10. Contact

    For privacy-related questions, contact our Data Protection Officer at dpo@acadex.io or visit our contact page.