Privacy Policy
Last updated: April 18, 2026
1. Overview
Fekra AI ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our educational platform.
Fekra is a Tunisian company. While Tunisia does not fall under the EU GDPR jurisdiction, we follow GDPR-inspired principles to ensure your data is handled responsibly and transparently.
2. Data We Collect
We collect the following categories of data:
- Account data: Name, email address, phone number, date of birth, governorate, and academic division
- Usage data: Features used, pages visited, time spent, and interaction patterns
- Content data: Documents you upload, notes you create, and AI-assisted learning materials
- Device data: Browser type, operating system, screen resolution, and IP address
3. How We Use Your Data
We use your data to:
- Provide and personalize the educational Service
- Process your onboarding and account setup
- Improve our AI models and educational content
- Communicate important updates about the Service
- Ensure security and prevent fraud
- Comply with legal obligations
4. Authentication Data
We use Clerk (operated by Clerk Inc., USA) for authentication. Clerk processes your email address, password hash (never the plain-text password), and OAuth tokens if you sign in with Google. Clerk's processing is governed by their own privacy policy and SOC 2 Type II compliance.
We do not store passwords on our servers. Authentication tokens (JWTs) are used to verify your identity with each request and are stored in secure, HTTP-only cookies.
5. Data Storage
Your data is stored in Supabase (operated by Supabase Inc.) with servers located in the region selected during project setup. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
We implement Row Level Security (RLS) policies so that each user can only access their own data. Service-level access is restricted to authenticated webhook operations and document uploads.
7. Third Parties
We share data only with the following service providers:
- Clerk — Authentication and user management
- Supabase — Database and file storage
- Vercel — Application hosting and delivery
Each provider is contractually obligated to process data only as instructed by us and in compliance with applicable data protection laws.
8. Your Rights
You have the right to:
- Access: Request a copy of all personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and associated data
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing for specific purposes
To exercise any of these rights, contact us at privacy@fekra.ai. We will respond to your request within 30 days.
9. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. Upon account deletion:
- Profile data is deleted within 30 days
- Uploaded documents are deleted within 30 days
- Anonymized usage statistics may be retained for analytics
- Backup copies are purged within 90 days
10. Children's Privacy
Fekra AI is designed for students aged 10 and above. We collect only the minimum data necessary to provide the educational Service. We do not knowingly collect data from children under 10.
Parents or guardians may contact us to review, modify, or delete their child's data at any time.
11. Security
We implement industry-standard security measures including encryption in transit and at rest, Row Level Security on all database tables, rate limiting, input validation, and regular security audits. However, no method of electronic storage is 100% secure.
If you discover a security vulnerability, please report it to security@fekra.ai. We will investigate and address reported issues promptly.
12. Contact
For questions about this Privacy Policy or to exercise your data rights, contact us at:
Fekra
Email: privacy@fekra.ai