Privacy Policy

We actively avoid collecting personal data. We limit what we gather to the minimum necessary to deliver our educational services. We do not build advertising profiles, we do not sell your data, and we do not track you across other websites.

Last updated: February 2026

Data Controller

The Platform is owned and operated by Keduka Cognitive Service LLC, which serves as the data controller for personal data processed through the Platform.

When you voluntarily provide personal data — for example, by creating an account, subscribing to a plan, or using interactive features — you consent to the collection, storage, and processing of that data on servers located in the United States and, where applicable, by trusted service providers operating in other jurisdictions on our behalf.

The data controller designation may vary depending on the nature of your interaction with the Platform. For example:

  • Account and learning data — Controlled by Keduka Cognitive Service LLC.
  • Payment data — Processed by Stripe, Inc. as a data processor on our behalf, subject to Stripe’s own privacy policy.
  • Content delivery and security — Processed by Cloudflare, Inc. as a data processor, subject to Cloudflare’s privacy policy.
  • Institutional accounts — When the Platform is used through an educational institution, the institution may serve as a joint data controller for student data under the terms of a Data Processing Agreement.

For questions about data controllership, contact privacy@keduka.com.

1. Information We Collect

We actively avoid collecting personal data. “Personal data” means information that identifies or could reasonably be used to identify you as an individual, such as your email address or IP address. We do not require or request information beyond what is essential to operate the Platform. We do not collect demographic data, social media profiles, government identifiers, or other personal details that are not directly necessary for your learning experience.

1.1 Information You Provide

  • Account information — Email address, password, and preferred language when you register. We do not require your real name to create an account.
  • Profile information — Optional details such as avatar, bio, and learning preferences that you choose to add to your profile.
  • Payment information — Billing details processed securely through Stripe. We do not store your full credit card number on our servers.
  • User content — Lessons, tutorials, learning materials, forum posts, and other content you create or upload.
  • AI agent data — Preferences, configurations, and data you provide to build and customize your AI agents.
  • Communications — Messages you send to us through support channels or feedback forms.

1.2 Information Collected Automatically

We minimize automatic data collection. Where possible, data is processed on your device rather than transmitted to our servers.

  • Usage data — Pages visited, features used, and learning progress, collected in aggregated form where possible.
  • Device information — Browser type and operating system, collected for compatibility purposes only.
  • Log data — IP address and access times, retained for security purposes only and automatically purged on a rolling basis.
  • Cookie data — Essential session cookies, authentication tokens, and preference cookies only (see Section 8).

1.3 Information from Third Parties

  • Authentication providers — If you sign in through a third-party service, we receive only the basic profile information you authorize.
  • Payment processor — Stripe provides us with transaction confirmations and subscription status. We do not receive or store your full payment card details.

2. How We Use Your Information

We use your information only for the purposes stated below. We will not use your personal information for purposes incompatible with these without your consent.

  • Provide and operate the Platform — Deliver personalized learning experiences, AI tutoring, and platform features.
  • Personalize your experience — Adapt content, recommendations, and AI agent behavior to your learning preferences and progress.
  • Process payments — Manage subscriptions, billing, and content monetization payouts.
  • Communicate with you — Send account notifications, security alerts, platform updates, and respond to support requests.
  • Improve the Platform — Analyze aggregated usage patterns to enhance features, fix issues, and develop new functionality.
  • Ensure safety and security — Detect fraud, prevent abuse, enforce our Terms of Use and Code of Conduct, and maintain platform integrity.
  • Comply with legal obligations — Meet regulatory requirements and respond to lawful requests from authorities.

3. AI and Data Processing

3.1 AI-Powered Features

Our Platform uses AI to provide personalized tutoring, adaptive learning paths, and interactive tools. When you interact with AI features:

  • Your inputs and interactions are processed to generate responses and recommendations.
  • Learning data may be used to improve the accuracy and relevance of your personalized experience.
  • In-browser AI tools (such as speech recognition and local language models) process data directly on your device where possible, minimizing data transmitted to our servers.

3.2 AI Model Improvement

  • Data used to improve Platform-wide AI models is anonymized and aggregated before processing.
  • Individual user data is never used to train general-purpose AI models without anonymization.
  • You may opt out of contributing to AI model improvement through your account settings without any impact on your learning experience.

3.3 Your AI Agents

  • You own and control the AI agents you create on the Platform.
  • Data used to build your AI agents is associated with your account and is not shared with other users unless you explicitly choose to do so.
  • You may export or delete your AI agent data at any time.

4. Student and Minor Privacy

We are deeply committed to protecting the privacy of students, particularly those under 18. Minors may only use the Platform with the involvement and consent of a parent or guardian.

4.1 Age Requirements

  • Users must be at least 13 years of age to create an account.
  • Users between 13 and 17 must have parental or guardian involvement and consent before registering or providing any personal data.
  • We do not knowingly collect personal information from children under 13. If we discover that we have, we will delete it promptly.

4.2 Student Data Protections

  • Data avoidance — We actively avoid collecting personal data and gather only what is essential to provide the educational service.
  • No advertising profiles — We do not use student data to build advertising profiles or serve targeted advertisements.
  • No third-party marketing — Student data is never sold, rented, or shared with third parties for marketing purposes.
  • Parental access — Parents or guardians of minor users may at any time request to review, correct, or delete their child’s personal information by contacting privacy@keduka.com.
  • Institutional use — When the Platform is used through educational institutions, we comply with applicable student data privacy agreements.

4.3 Regulatory Compliance

We design our data practices to comply with:

  • COPPA (Children’s Online Privacy Protection Act) — For users under 13 in the United States.
  • FERPA (Family Educational Rights and Privacy Act) — When student data is provided by educational institutions.
  • GDPR (General Data Protection Regulation) — For users in the European Economic Area.
  • Other applicable laws — Including regional and national student data privacy regulations.

5. How We Share Your Information

We do not sell, rent, or trade your personal data. Because we avoid collecting personal data wherever possible, we have minimal data to share. We share information only in the following limited circumstances:

5.1 Service Providers

We work with a limited number of trusted third-party providers who process data on our behalf:

  • Stripe — Payment processing and subscription management.
  • Cloudflare — Content delivery, security, and media storage (R2).
  • Email services — Transactional emails and account notifications.

All service providers are contractually bound to protect your data and use it only for the services they provide to us.

5.2 Content You Choose to Share

  • Monetized content you publish is visible to other users according to your chosen settings.
  • Profile information you make public is accessible to other Platform users.
  • AI agents you choose to share become accessible as configured by you.

5.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred to the successor entity. We will notify you of any such change and your options regarding your data.

6. Data Security and Confidentiality

We employ appropriate technical and organizational measures to protect your data against unauthorized access, loss, destruction, or damage. These measures include:

  • Encryption in transit — All data transmitted between your device and our servers is protected using Transport Layer Security (TLS). We do not transmit personal data over unencrypted connections.
  • Encryption at rest — Sensitive data stored in our databases and object storage is encrypted at rest.
  • Limited-access systems — Our computer systems are maintained in secure environments with access restricted to authorized personnel on a need-to-know basis, following the principle of least privilege.
  • Password security — User passwords are stored only as salted cryptographic hashes and are never stored or transmitted in plaintext.
  • Infrastructure security — Our services run in isolated, containerized environments with regular security updates and non-root execution.
  • Rate limiting — API and platform access is rate-limited to prevent brute-force attacks and abuse.
  • Content Security Policy — Nonce-based CSP headers protect against cross-site scripting and code injection attacks.
  • Monitoring — We use monitoring tools to detect and respond to security incidents promptly.

We retain personal data only as long as reasonably necessary to fulfil the purposes for which it was collected, or as required by law. When data is no longer needed, it is securely deleted or irreversibly anonymized.

No system is completely secure. While we take every reasonable precaution to protect your data, we cannot guarantee absolute security.

Incident Response

In the event of a data breach that poses a risk to your rights or privacy, we will:

  • Notify affected users without undue delay, with clear information about the breach and recommended protective actions.
  • Notify the relevant data protection authorities within 72 hours of becoming aware of the breach, where required by law.
  • Document the incident and remedial actions taken in an internal breach register.

7. Data Retention

  • Active accounts — We retain your data for as long as your account is active and as needed to provide services.
  • Closed accounts — Upon account closure, you may request a copy of your data within 30 days. After this period, we delete or anonymize your personal data, except where retention is required by law.
  • Payment and billing records — Retained for 7 years after the transaction to comply with legal and tax obligations.
  • Security and access logs — Retained for 12 months, then automatically purged.
  • Usage and analytics data — Aggregated and anonymized analytics data may be retained indefinitely for platform improvement. This data cannot be used to identify individual users.
  • Support communications — Retained for 2 years after resolution, then deleted.
  • Legal obligations — Certain data may be retained longer to comply with specific legal, tax, or regulatory requirements.

8. Cookies and Tracking

8.1 Cookies We Use

Type Purpose Duration
Essential Authentication, session management, CSRF protection Session
Functional Language preferences, display settings Up to 12 months
Analytics Platform usage and performance metrics (internal only) 30 days

8.2 What We Do Not Use

  • We do not use third-party advertising cookies.
  • We do not use cross-site tracking.
  • We do not embed social media tracking pixels.
  • We do not share cookie data with data brokers.

8.3 Your Choices

  • Essential cookies cannot be disabled as they are necessary for the Platform to function.
  • You may manage non-essential cookies through your browser settings or the cookie preferences option on the Platform.
  • For full details, refer to our Cookie Policy.

9. Active Scripts and In-Browser Processing

The Platform uses JavaScript and in-browser technologies to provide interactive features, including:

  • Page interactivity — Scripts enable dynamic page elements, navigation, and responsive user interfaces.
  • In-browser AI tools — Features such as speech recognition (Whisper), local language models (SmolLM2, Phi-4), and image recognition (Florence2) run directly in your browser using frameworks like Transformers.js. These tools process data on your device and do not transmit your inputs to our servers unless you explicitly save or submit them.
  • Code execution — Interactive code exercises may execute locally in your browser.

These scripts are used solely to improve the functionality and performance of the Platform. They never install software on your device without your knowledge or collect information beyond what is described in this Privacy Policy.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request correction of inaccurate or incomplete data.
  • Deletion — Request deletion of your personal data, subject to legal retention requirements.
  • Portability — Request your data in a structured, machine-readable format.
  • Restriction — Request that we limit how we process your data.
  • Objection — Object to processing of your data for certain purposes.
  • Withdraw consent — Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • Opt out of AI training — Opt out of contributing your data to AI model improvement.

To exercise any of these rights, contact us at privacy@keduka.com. We will respond within 30 days, or as required by applicable law. We may verify your identity before processing requests, to protect your data from unauthorized access.

11. International Data Transfers

Your data may be stored and processed on servers located in the United States and, where necessary, by service providers operating in other jurisdictions. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant data protection authorities.
  • Compliance with applicable data transfer frameworks.
  • Transfer impact assessments to evaluate the legal framework of the receiving country.
  • Ensuring that receiving parties maintain adequate data protection standards.

You may request information about the safeguards applied to your data transfers by contacting us.

12. Third-Party Links and Services

The Platform may contain links to third-party websites or services. We are not responsible for the content or privacy practices of those third parties. We periodically review the privacy policies of the third-party services we integrate with; however, we cannot control updates to their policies or practices. We encourage you to review their privacy policies directly before providing any personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time as our services and technology evolve. When we make material changes:

  • We will update the “Effective Date” at the top of this page.
  • We will notify registered users via email or platform notification.
  • Continued use of the Platform after changes constitutes acceptance of the updated policy.

We encourage you to review this policy periodically.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us:

If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.

Your privacy matters to us. We are committed to transparency and to protecting your data with care.