← Back to LearniLast updated April 21, 2025

Legal

Privacy Policy

This policy explains exactly what data Learni collects, why we collect it, how we store it, and your rights over it — across both our web app at https://learni.site and our Android mobile application.

1. Who We Are

Learni ("we," "our," "us") is an AI-powered educational platform operated as a personal/student project. Our service is available at https://learni.site and on Android via the Google Play Store. For any privacy questions, contact us at support@learni.site.

2. Data We Collect

2.1 Information You Provide

Data TypeWhat We CollectWhen
AccountEmail address, full name, hashed passwordRegistration
ProfileDisplay name, avatar URL, bio, usernameProfile setup / edits
Learning DataRoadmap topics, lesson progress, quiz answers, XP, streaks, certificates earnedUsing the app
NotesPersonal text notes attached to lessonsNote creation / editing
Community PostsText posts visible to other usersPosting in community
FeedbackBug reports, feature requests, ratingsFeedback submission

2.2 Automatically Collected

  • Device Information: Operating system, app version, device type (mobile vs. web).
  • Push Notification Tokens: Expo push tokens for delivering in-app reminders (mobile only, optional).
  • IP Address: Used for rate limiting and abuse prevention. Not stored long-term.
  • Session Metadata: Login timestamps, session expiry, token refresh events.

2.3 Third-Party Sign-In (Google)

If you sign in via Google OAuth, we receive your Google account's email, name, and profile picture URL. We do not receive your Google password. Your Google account is governed by Google's Privacy Policy.

3. How We Use Your Data

PurposeLegal Basis
Provide and operate the Service (authentication, roadmap generation, progress tracking)Contract performance
Personalise learning content and AI-generated roadmapsContract performance
Send push notifications for streaks, lesson reminders, and milestonesConsent (opt-in)
Send transactional emails (OTP codes, password reset links)Contract performance
Display community posts and leaderboard rankingsLegitimate interest
Improve the Service via usage analysisLegitimate interest
Prevent fraud, abuse, and enforce rate limitsLegitimate interest
Comply with legal obligationsLegal obligation

4. AI Processing

Learni uses Google Gemini API to generate learning roadmaps, daily boosts, and quiz questions. When you generate a roadmap:

  • Your topic input and skill level are sent to the Gemini API to generate personalised content.
  • Generated roadmaps are cached in our Supabase database to reduce repeated API calls.
  • We do not send your personal identity (name, email) to the Gemini API — only the learning topic.
  • We do not sell any data to AI training companies.
  • Google may process the topic query per their own API terms. See Google's Privacy Policy.

5. Data Sharing & Disclosure

We do not sell your personal information. We share data only in these circumstances:

  • Service Providers: Supabase (database/auth), Google Gemini (AI), YouTube (video links), Gmail/Resend (email delivery) — only as necessary to deliver the Service.
  • Community Features: Community posts, leaderboard display name, and public profile information are visible to other registered users.
  • Legal Requirements: We may disclose information when required by law, court order, or to protect the rights and safety of users.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred with appropriate notice.

6. Third-Party Services

The following third-party services process data on our behalf:

ServicePurposeData Shared
SupabaseAuth, database, storageAll user data (encrypted at rest)
Google GeminiAI content generationLearning topic queries only
YouTube Data APIVideo resource lookupTopic search queries
Wikipedia APIReading contentTopic search queries
Dev.to APIArticle contentTopic search queries
Gmail SMTP / ResendTransactional emailEmail address, OTP code
Expo NotificationsPush alerts (mobile)Push token, notification payload

7. Push Notifications

The Learni mobile app requests permission to send push notifications for:

  • Daily learning reminders and streak alerts.
  • Lesson completion and milestone notifications.
  • Certificate availability and roadmap updates.

Push notifications are opt-in. You can disable them at any time in your device's notification settings or from your in-app profile. We use Expo Push Notifications for delivery. Your push token is stored in our database and deleted when you unsubscribe or delete your account.

8. Session & Token Storage

We store authentication tokens to keep you signed in across sessions:

  • Mobile (Android): Session tokens are encrypted and stored in the device's secure keychain via Expo SecureStore. Tokens persist across app restarts; you remain logged in until you explicitly sign out.
  • Web: Session tokens are stored in secure, HttpOnly cookies managed by Supabase. Tokens auto-refresh in the background.
  • Tokens expire and are automatically refreshed to maintain a seamless experience.
  • On sign out, all tokens are immediately invalidated and removed from local storage.

9. Data Security

We implement the following security measures:

  • Encryption at rest: All data stored in Supabase is encrypted at rest.
  • Encryption in transit: All data transmission uses TLS/HTTPS.
  • Password hashing: Passwords are never stored in plaintext — handled by Supabase Auth (bcrypt).
  • JWT authentication: API endpoints are protected by signed JWT tokens (HS256 with audience validation).
  • Rate limiting: All API endpoints are rate-limited to prevent brute-force and abuse (SlowAPI).
  • Row-Level Security: Supabase RLS policies ensure users can only access their own data.

Despite these measures, no internet-based system is 100% secure. We encourage you to use a strong, unique password and enable secure device locks.

10. Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide the Service.

Account Deletion: When you delete your account via Settings → Delete Account, we permanently remove:

  • Your profile and authentication record.
  • All roadmaps, lesson progress, and module assessments.
  • Your notes, notifications, community posts, and certificates.
  • Your push notification subscriptions.

Deletion is irreversible. Residual encrypted backup copies may persist for up to 30 days before complete purge.

11. Your Rights

Depending on your location, you may have rights under GDPR, PDPA, CCPA, or similar laws:

  • Access: Request a copy of your personal data.
  • Correction: Update inaccurate information via Profile settings.
  • Deletion: Delete your account and all associated data via Settings.
  • Portability: Request your data in a machine-readable format.
  • Opt-out of Notifications: Disable push notifications at any time in device settings.
  • Restrict Processing: Contact us to limit specific data uses.

To exercise any right, email us at support@learni.site. We will respond within 30 days.

12. Children's Privacy

Learni is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us immediately at support@learni.site and we will delete it promptly.

13. International Data Transfers

Our infrastructure is hosted via Supabase and Render, which may process data in data centers outside your country of residence (including the United States). By using the Service, you consent to data being transferred to and processed in these locations. We ensure appropriate safeguards are in place per Supabase's own compliance certifications.

14. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the "Last Updated" date at the top and may notify you via in-app notification or email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

For privacy questions, data requests, or concerns, please contact us at:

Learni Support

support@learni.site

We aim to respond within 30 days.

⚠️

Legal Disclaimer: This Privacy Policy reflects actual data practices implemented in the Learni codebase. For commercial publishing, consult a qualified legal professional to ensure full compliance with GDPR, PDPA, CCPA, and Google Play Store requirements.

→ Terms of Service→ Back to Learni