Privacy Policy

GilaniAI ("we", "our", "us") is committed to protecting your privacy and complying with the Kenya Data Protection Act 2019. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

We collect the following categories of information:

• Account information: Name, email address, and password (stored securely as a hash — never in plain text).
• Academic content: Notes you upload, quiz answers, chat messages sent to the AI tutor, and study plans generated for your account.
• Performance data: Quiz scores, streak records, and planner task completion — used to personalise your study experience.
• Usage data: Page views, feature interactions, and device/browser type — collected to improve the platform.
• Communication data: Messages you send to our support team.

We use your information to:

• Provide, personalise and improve the GilaniAI platform
• Generate AI-powered tutoring responses, quiz questions, summaries and study plans
• Track your academic progress and identify weak topics for targeted revision
• Facilitate teacher escalation when you request expert human review
• Send service notifications, product updates, and support responses
• Comply with legal obligations under Kenyan law

GilaniAI does not use your personal academic content (notes, chats, quiz answers) to train third-party AI models. AI responses are generated using pre-trained models accessed via API. Your data stays within GilaniAI's secure storage and is not shared with AI model providers for training purposes.

We do not sell your personal data. We share information only in these limited circumstances:

• Teacher escalation: When you explicitly escalate a question, the relevant conversation excerpt is shared with your assigned verified teacher.
• Service providers: We use trusted infrastructure providers (e.g. Supabase for database hosting) under strict data processing agreements.
• Legal requirements: If required by Kenyan courts, law enforcement, or regulatory authorities under valid legal process.

We retain your data for as long as your account is active. If you close your account, we delete your personal data within 30 days, except where retention is required by law.

We implement industry-standard security measures including:

• HTTPS encryption for all data in transit
• Encrypted storage for sensitive data at rest
• Role-based access controls
• Regular security audits and dependency scanning
• Passwords hashed — never stored in plain text

GilaniAI is intended for students aged 13 and above. We do not knowingly collect data from children under 13. If you believe a child under 13 has registered, please contact us immediately.

Under the Kenya Data Protection Act 2019, you have the right to access, correct, delete, and port your data. To exercise these rights, email us at onungaelly@gmail.com. We will respond within 30 days.

We use cookies to maintain your login session and personalise your experience. For full details, see our Cookie Policy.

We may update this Privacy Policy periodically. Your continued use after changes constitutes acceptance. We will notify registered users of significant changes via email.

For privacy questions or data requests, contact us at onungaelly@gmail.com or GilaniAI, Nairobi, Kenya.