Privacy Policy

Academizz is an academic resource-sharing platform for university students. Member accounts are created by an administrator at your institution; there is no public sign-up. Once you sign in you can browse study materials, upload resources for your course, save resources for later, and receive notifications when relevant content is added.

We collect only what we need to run the service:

• Account identity. Name, email address, phone number, university, department, and university ID. These are provided by your institution when your account is created.
• Authentication state. A short-lived JSON Web Token (JWT) issued when you sign in; it expires automatically after 24 hours.
• Content you upload. Study materials, books, notes, question papers, and any metadata (course, topic, description, file name, author) you add while uploading.
• Activity you create. Resources you save for later, default filter preferences, and our counts of how many times a resource has been previewed or downloaded (anonymous; not tied to your identity).
• Session metadata. User agent string and IP address at sign-in, used only to enforce single-active-session per device type and to show recent activity to administrators.
• Notifications. System-generated notifications (e.g., “new resource added in your department”) are stored so the mobile and web apps can display them.

What we do not collect: we do not access your camera, microphone, contacts, calendar, photos, precise location, health or fitness data. The mobile app’s file picker only reads the specific document you choose when uploading a resource.

• To authenticate you and keep your session secure.
• To show you resources relevant to your university and department, and to scope uploads to the right group.
• To let administrators manage accounts (create, disable, reset password) at your institution.
• To notify you about new resources that match your department or saved preferences.
• To enforce rate limits and upload size limits, and to stop abuse.

We do not sell your data. We do not use your data for advertising. We do not train AI models on your personal information or your uploaded files.

• Passwords are stored only as bcrypt hashes; we never store your plaintext password.
• Files you upload are stored on DigitalOcean Spaces (S3-compatible object storage). Only authenticated users from your department, or administrators, can retrieve them through the app.
• All traffic between your device and our servers uses HTTPS with modern TLS. The mobile app disables cleartext network traffic.
• On your device, the mobile app stores your session token in Android Keystore / iOS Keychain via a secure storage plugin. Logging out, uninstalling the app, or letting the token expire removes this state.

• Students & moderators see resources in their own department (books are visible across all departments).
• Administrators & superadministrators at your institution can see the user list, change roles, and disable/enable accounts. Superadministrators can also delete resources and preview scheduled email digests.
• Other users never see your phone number, password, or session token.

We send transactional emails only: account credentials when your account is created, password-reset codes when you request one, and optional digest emails summarising new resources in your department. Email is delivered by Brevo (Sendinblue), our transactional email provider. We do not send marketing email.

• DigitalOcean (infrastructure & file storage).
• Brevo (transactional email delivery).
• Vercel (hosting the web app and privacy page).
• Google Play Services / Apple App Store (app distribution and crash reporting for the mobile app).

Each of these providers processes the minimum data required to deliver their service, under their own privacy terms.

We keep your account and uploaded content for as long as your account is active. Session records and notifications older than 90 days are periodically pruned. If your administrator disables your account, your uploaded resources remain available to your department unless a superadministrator removes them.

You can ask us to:

• Show you the data we hold about you.
• Correct any inaccurate information.
• Delete your account and personal information (“right to be forgotten”). Resources you uploaded may be retained if they have academic value to your department, but will be disassociated from your identity.
• Export a copy of your personal information.

To exercise any of these rights, email support@academizz.com. We respond within 30 days.

Academizz is intended for university students. We do not knowingly collect information from children under 13. If you believe a minor has registered, contact us and we will delete the account.

We update this page when our practices change. The “Effective” date at the top always reflects the current version. Material changes will be highlighted in the app or by email.

Questions? Email support@academizz.com.