EPITOLEDGE PRIVACY POLICY

Effective from 1st January 2026

1. INTRODUCTION

Epitoledge (“Company,” “we,” “us,” or “our”) operates a global document hosting, reading, annotation, and AI-assisted study platform (the “Services”).

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our website and related services.

By accessing or using the Services, you agree to this Privacy Policy.

2. GLOBAL APPLICATION

Epitoledge operates from Kenya and serves users worldwide. This Policy is designed to comply with:

  • Kenya Data Protection Act, 2019
  • EU General Data Protection Regulation (GDPR)
  • UK GDPR
  • California Consumer Privacy Act (CCPA/CPRA)
  • Other applicable international data protection laws

Where local laws provide additional rights, those rights apply to you.

3. INFORMATION WE COLLECT

3.1 Information You Provide

Account Information

  • Name
  • Email address
  • Password (hashed and salted)
  • Subscription tier
  • Account settings

Uploaded Content

  • Documents (PDF, EPUB, images)
  • Highlights
  • Annotations
  • Sticky notes
  • AI prompts submitted within the reader
  • Metadata related to uploaded files

Payment Information

Payments are processed by third-party providers such as Paystack.

We do not store:

  • Full card numbers
  • CVV codes

We may store:

  • Transaction reference
  • Subscription status
  • Plan expiration date

3.2 Information Collected Automatically

  • IP address
  • Approximate location
  • Device type
  • Browser type
  • Operating system
  • Usage logs
  • Reader session duration
  • Feature usage frequency
  • Error reports
  • Authentication cookies
  • Advertising cookies (where applicable)

3.3 Advertising Data

We use Google AdSense to display advertisements.

AdSense may:

  • Use cookies
  • Collect device identifiers
  • Collect browsing data
  • Personalize advertisements

We do not control third-party advertising cookies.

Users in applicable jurisdictions may opt out of personalized ads via Google Ad Settings or applicable industry tools.

3.4 AI Assistant Data

When using the AI assistant inside the reader:

  • Prompts are processed by AI infrastructure providers.
  • Prompts may be temporarily logged for abuse prevention and service improvement.
  • Users should not submit highly sensitive personal data.
  • AI responses are generated automatically and may be inaccurate.

4. HOW WE USE INFORMATION

We use personal information to:

  • Create and manage user accounts
  • Authenticate users
  • Process subscriptions and payments
  • Enable document storage and reader features
  • Provide AI responses
  • Enforce subscription tiers
  • Detect fraud and abuse
  • Comply with legal obligations
  • Display advertisements
  • Improve service performance

5. USER RESPONSIBILITY FOR UPLOADED CONTENT

Users are solely responsible for all content they upload.

You represent and warrant that:

  • You own or have permission to upload the content.
  • The content does not infringe copyright or intellectual property rights.
  • The content complies with applicable laws.

Epitoledge acts as a hosting intermediary and does not pre-screen all uploads.

We reserve the right to remove content that violates law or our Terms of Service.

6. DATA SHARING

We may share data with:

  • Hosting providers
  • Payment processors (e.g., Paystack)
  • AI infrastructure providers
  • Analytics providers
  • Advertising partners (e.g., Google AdSense)
  • Legal authorities where required by law

We do not sell personal information in exchange for money.

7. INTERNATIONAL DATA TRANSFERS

Your data may be processed outside your country of residence.

By using the Services, you consent to international data transfers.

Where required, we implement appropriate safeguards.

8. DATA RETENTION

We retain:

  • Account data while account remains active
  • Uploaded files until deleted by user
  • Backup data for limited disaster recovery periods
  • Payment records as required by tax and financial laws
  • Security logs for fraud detection

Deleted content may persist in backups for a limited period before permanent deletion.

9. DATA SECURITY

We implement:

  • HTTPS encryption
  • Secure authentication
  • Rate limiting
  • Access control
  • Webhook signature verification
  • Structured logging

However, no internet system is completely secure.

Users upload content at their own risk.

10. CHILDREN AND PARENTAL RESPONSIBILITY

The Service is accessible to users of all ages.

Parents and guardians are solely responsible for:

  • Supervising minors
  • Monitoring uploaded content
  • Preventing minors from sharing sensitive information

We do not knowingly collect personal information from children without parental involvement.

11. USER RIGHTS

Depending on your jurisdiction, you may have rights to:

  • Access your data
  • Correct inaccuracies
  • Request deletion
  • Restrict processing
  • Object to certain processing
  • Request data portability

We may verify identity before fulfilling requests.

12. AI DISCLAIMER

AI outputs:

  • May be inaccurate
  • Are not professional advice
  • Should not be relied upon for legal, medical, financial, or critical decisions

We are not liable for reliance on AI responses.

13. LIMITATION OF LIABILITY (PRIVACY)

To the maximum extent permitted by law, we are not liable for:

  • Unauthorized access beyond reasonable safeguards
  • User-uploaded content
  • AI-generated responses
  • Third-party advertising practices

14. CHANGES TO THIS POLICY

We may update this Privacy Policy at any time. Continued use of the Services constitutes acceptance.