Privacy Policy

Academizz is an academic companion platform for Bangladeshi undergraduate students. The product covers study resources, past-paper question banks, your batch and peer network, clubs and events, CGPA tracking, study habits, study-abroad preparation, skill-track practice (IELTS / GRE / PMP / AWS), and career-roadmap guidance. You can sign up directly, or your account may be created by an administrator at your institution. Throughout this policy “you” means a registered user; “we” / “Academizz” means the operators of academizz.com.

We collect only what we need to run the service:

• Account identity. Name, email address, phone number, primary university, department, and university ID, along with optional profile fields like avatar, batch year, expected graduation year, and academic role. Provided by you at sign-up or by your institution’s administrator.
• Affiliations. Each academic affiliation you hold — university, department, level (undergrad / postgrad / alumni), start and end year, “currently engaged” flag, and optional notes. You can hold more than one (e.g., undergrad at one university while doing a postgrad at another). One is marked primary; you choose which is currently active. Your active affiliation is referenced by other users who can see your profile.
• Authentication state. A short-lived JSON Web Token (JWT, 24-hour expiry) issued at sign-in. The token also embeds your active affiliation context so the app can scope what you see without an extra database lookup. We track one active session per device type (web / mobile); signing in on a new device of the same type ends the previous session.
• Content you upload. Study materials, books, notes, question papers, and any metadata (course, topic, description, file name, author) you add while uploading.
• Peer-graph and public profile fields. If you choose to fill them in: bio, LinkedIn URL, portfolio / GitHub URL, other external profile links, the topics you can help peers with, your mentorship availability, your “directory visibility” preference, an optional looking-back note, and declared career tracks. These exist so peers in your batch / department / university can find and contact you. You can hide your profile from the directory at any time from your profile settings.
• Higher Studies personal document vault. If you opt in to the Higher Studies track, you can upload personal documents to support an application abroad — for example passport scans, academic transcripts, statement-of- purpose drafts, recommendation letters, and IELTS / GRE scorecards. These files are private to you. They are stored encrypted in transit, served through an authenticated download proxy, and visible only to your own account. Administrators do not browse this vault as a routine matter, and we do not share these documents with anyone.
• Academic and study activity. CGPA records you add to the calculator, study sessions and streaks you start from the Study Mode, skill-track practice attempts (which questions you answered, your scores, time taken), saved resources, and personalised filter preferences. This stays tied to your account so we can show you progress, but counts displayed publicly (resource preview / download numbers, club member counts) are aggregated and not tied to your identity.
• Club and event activity. Clubs you follow, events you RSVP to, content you post to a club vault you have permission to write to, and posts you make as a Class Representative for your batch.
• Session metadata. User agent string and IP address at sign-in, used only to enforce single-active-session per device type and to show recent activity to administrators.
• Notifications. System-generated notifications (e.g., “new resource added in your department”, “your post received a reply”) are stored so the mobile and web apps can display them.

What we do not collect: we do not access your camera, microphone, contacts, calendar, photos, precise location, or health / fitness data. The mobile app’s file picker only reads the specific document you choose when uploading. We do not collect biometric data or read messages from any other app.

• To authenticate you and keep your session secure.
• To show you resources, peers, batch posts, clubs, events, and roadmap content scoped to your active affiliation’s (university, department) — and to scope your uploads to the right group.
• To let you switch between affiliations you hold (Slack-style context switching). When you switch, every list re-scopes to the new context automatically.
• To let administrators manage accounts (create, disable, reset password) at your institution.
• To notify you about new resources, replies, RSVPs, and other events relevant to your active context and saved preferences.
• To track your study streaks, CGPA over time, and skill-track practice progress, and to show that progress back to you in the app.
• To enforce rate limits and upload size limits, and to stop abuse.

We do not sell your data. We do not use your data for advertising. We do not train AI models on your personal information, your uploaded files, or the documents in your Higher Studies vault.

• Passwords are stored only as bcrypt hashes; we never store your plaintext password.
• Files you upload are stored on DigitalOcean Spaces (S3-compatible object storage). Only authenticated users from your department, or administrators, can retrieve them through the app.
• All traffic between your device and our servers uses HTTPS with modern TLS. The mobile app disables cleartext network traffic.
• On your device, the mobile app stores your session token in Android Keystore / iOS Keychain via a secure storage plugin. Logging out, uninstalling the app, or letting the token expire removes this state.

• Students & moderators see resources, batch posts, peers, and club vault content scoped to their active affiliation’s (university, department). Books and public roadmap content are visible across all departments.
• Peer-graph fields (bio, LinkedIn / portfolio URLs, mentorship availability, help-with topics) are visible to peers in your batch / department / university only when your “directory visibility” is on. You can hide your profile from the directory at any time, and the change takes effect immediately.
• Higher Studies vault documents are private to you. Other users — including peers in your batch — cannot see them. The download URL is gated by an authenticated proxy, not a public link.
• Administrators & superadministrators at your institution can see the user list, change roles, and disable / enable accounts. Superadministrators can also delete resources and preview scheduled email digests. Administrators do not browse your Higher Studies vault as a routine matter.
• Other users never see your phone number, password, session token, or the contents of your Higher Studies vault.

We send transactional emails only: account credentials when your account is created, password-reset codes when you request one, and optional digest emails summarising new resources in your department. Email is delivered by Brevo (Sendinblue), our transactional email provider. We do not send marketing email.

• DigitalOcean (infrastructure & file storage).
• Brevo (transactional email delivery).
• Vercel (hosting the web app and privacy page).
• Google Play Services / Apple App Store (app distribution and crash reporting for the mobile app).

Each of these providers processes the minimum data required to deliver their service, under their own privacy terms.

We keep your account and uploaded content for as long as your account is active. Session records and notifications older than 90 days are periodically pruned. If your administrator disables your account, your uploaded resources remain available to your department unless a superadministrator removes them.

If you ask us to delete your account, your Higher Studies vault documents, peer-graph profile fields, CGPA records, study-mode history, and skill-track practice history are deleted along with your account. Resources you uploaded for the wider student community may be retained without your name attached if they have ongoing academic value to your department.

You can ask us to:

• Show you the data we hold about you.
• Correct any inaccurate information.
• Delete your account and personal information (“right to be forgotten”). Resources you uploaded may be retained if they have academic value to your department, but will be disassociated from your identity.
• Export a copy of your personal information.

To exercise any of these rights, email support@academizz.com. We respond within 30 days.

Academizz is intended for university students. We do not knowingly collect information from children under 13. If you believe a minor has registered, contact us and we will delete the account.

We update this page when our practices change. The “Effective” date at the top always reflects the current version. Material changes will be highlighted in the app or by email.

Questions? Email support@academizz.com.