Back to Home

Privacy & Data Protection Policy

Last Updated: December 2024

LexiLearn is designed to protect user data, uploaded documents, and AI-generated results with strict privacy controls. This section outlines how user information is handled, stored, and secured.

9.1 Data Collection

LexiLearn collects only the information required to operate the platform:

User Data

  • Name
  • Email
  • Password (hashed using bcrypt/argon2)
  • Optional settings/preferences

Uploaded Content

  • Uploaded PDFs or text highlights
  • Extracted text from books
  • AI-generated summaries, flashcards, MCQs, and Q&A data
  • Usage activity such as which books were viewed or processed

LexiLearn does not collect unnecessary personal data and never sells user information.

9.2 Data Storage

  • All user data and summaries are stored in MongoDB Atlas.
  • Uploaded PDFs are stored either in MongoDB GridFS or secure cloud storage (e.g., S3 private bucket).
  • Only authenticated users can access their own documents.
  • Files are not publicly accessible at any time.

9.3 Data Processing

Uploaded books are processed only for:

  • Summarization
  • Entity extraction
  • Flashcard/MCQ generation
  • Q&A indexing

AI processing is done using Gemini API, and LexiLearn ensures:

  • Data is sent securely over HTTPS
  • No content is used for model training
  • No content is shared with external parties

9.4 Access Control

  • All API requests require JWT authentication.
  • Users can only access documents tied to their own user ID.
  • Role-based access may be added later for teachers or organization accounts.

9.5 Data Security

LexiLearn follows industry-standard security practices:

  • HTTPS encryption for all network traffic
  • Passwords stored with strong hashing algorithms
  • Sanitized file uploads to prevent malicious PDF execution
  • Strict input validation on all endpoints
  • Rate limiting & brute-force protection on login
  • Private storage for all user files
  • No sensitive user info displayed in error logs

9.6 Data Retention & Deletion

  • Users can delete any book and its summaries at any time.
  • Deleting a book removes:
    • PDF file
    • Extracted text
    • Summaries
    • Flashcards
    • Q&A data
  • Deleted content is permanently removed from storage.
  • User accounts can also be deleted, wiping all associated data.

9.7 User Rights

Users have the right to:

  • Access their stored data
  • Request deletion
  • Update personal information
  • Export summaries or flashcards (future feature)

9.8 Third-Party Services

LexiLearn uses the following external services:

  • Gemini API – for summarization and Q&A
  • MongoDB Atlas – for data storage
  • Cloud file storage (optional)

No user content is used for advertising, training, or third-party purposes.

9.9 Compliance

LexiLearn is designed to align with:

  • GDPR (data control, access, deletion, export)
  • CCPA (no data selling, transparent usage)
  • General data protection best practices

For privacy-related questions, please contact us through the application.