LexiLearn is designed to protect user data, uploaded documents, and AI-generated results with strict privacy controls. This section outlines how user information is handled, stored, and secured.
9.1 Data Collection
LexiLearn collects only the information required to operate the platform:
User Data
- Name
- Password (hashed using bcrypt/argon2)
- Optional settings/preferences
Uploaded Content
- Uploaded PDFs or text highlights
- Extracted text from books
- AI-generated summaries, flashcards, MCQs, and Q&A data
- Usage activity such as which books were viewed or processed
LexiLearn does not collect unnecessary personal data and never sells user information.
9.2 Data Storage
- All user data and summaries are stored in MongoDB Atlas.
- Uploaded PDFs are stored either in MongoDB GridFS or secure cloud storage (e.g., S3 private bucket).
- Only authenticated users can access their own documents.
- Files are not publicly accessible at any time.
9.3 Data Processing
Uploaded books are processed only for:
- Summarization
- Entity extraction
- Flashcard/MCQ generation
- Q&A indexing
AI processing is done using Gemini API, and LexiLearn ensures:
- Data is sent securely over HTTPS
- No content is used for model training
- No content is shared with external parties
9.4 Access Control
- All API requests require JWT authentication.
- Users can only access documents tied to their own user ID.
- Role-based access may be added later for teachers or organization accounts.
9.5 Data Security
LexiLearn follows industry-standard security practices:
- HTTPS encryption for all network traffic
- Passwords stored with strong hashing algorithms
- Sanitized file uploads to prevent malicious PDF execution
- Strict input validation on all endpoints
- Rate limiting & brute-force protection on login
- Private storage for all user files
- No sensitive user info displayed in error logs
9.6 Data Retention & Deletion
- Users can delete any book and its summaries at any time.
- Deleting a book removes:
- PDF file
- Extracted text
- Summaries
- Flashcards
- Q&A data
- Deleted content is permanently removed from storage.
- User accounts can also be deleted, wiping all associated data.
9.7 User Rights
Users have the right to:
- Access their stored data
- Request deletion
- Update personal information
- Export summaries or flashcards (future feature)
9.8 Third-Party Services
LexiLearn uses the following external services:
- Gemini API – for summarization and Q&A
- MongoDB Atlas – for data storage
- Cloud file storage (optional)
No user content is used for advertising, training, or third-party purposes.
9.9 Compliance
LexiLearn is designed to align with:
- GDPR (data control, access, deletion, export)
- CCPA (no data selling, transparent usage)
- General data protection best practices
For privacy-related questions, please contact us through the application.