Back to Home

Privacy Policy

Last updated: April 14, 2026

This Privacy Policy complies with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the European Artificial Intelligence Act (Regulation (EU) 2024/1689).

1. Introduction

Puterize ("we", "our", or "us"), operating the Euclid's Elements interactive educational platform ("Service"), is committed to protecting your personal data and privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service, in compliance with the General Data Protection Regulation (GDPR) and the European AI Act.

We act as the data controller for the personal data we process. This means we are responsible for deciding how we hold and use personal information about you.

2. Data Controller Information

The data controller responsible for your personal data in connection with this Service is Puterize. For questions regarding data protection, you may contact us through the Service or at the email address provided in your account settings.

3. Information We Collect

3.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us, including:

  • Account Information: Name, email address, password (hashed using industry-standard algorithms), and profile information
  • Progress Data: Your learning progress, completed propositions, and construction history
  • Communication Data: Information you provide when contacting us for support, including the content of your messages and any attachments
  • Transaction Data: If applicable, payment information processed by third-party payment processors (we do not store full payment card details)

3.2 Information Collected Automatically

We automatically collect certain information when you use our Service:

  • Usage Data: Pages visited, features used, time spent on pages, click patterns, and navigation paths through the Service
  • Device Information: IP address, browser type and version, operating system, device type, screen resolution, and unique device identifiers
  • Log Data: Server logs including access times, error logs, and request metadata
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies as described in Section 7

3.3 Categories of Personal Data Under GDPR

For GDPR purposes, we process the following categories of personal data:

  • Identity Data: First name, last name, username
  • Contact Data: Email address
  • Technical Data: IP address, browser type, operating system, device information
  • Usage Data: Information about how you use the Service
  • Progress Data: Learning progress, completed propositions, construction history

We do not collect or process any special categories of personal data (sensitive data) such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.

4. Legal Basis for Processing (GDPR Art. 6)

Under the GDPR, we process your personal data based on the following legal bases:

  • Performance of a Contract (Art. 6(1)(b)): Processing necessary to provide the Service you have requested, including account management, progress tracking, and service delivery
  • Consent (Art. 6(1)(a)): Where you have given explicit consent for specific processing activities, such as receiving marketing communications or accepting non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
  • Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate interests in: improving and securing the Service, preventing fraud and abuse, analyzing usage patterns for service optimization, and ensuring the security and integrity of our systems. We have conducted a balancing test to ensure our legitimate interests do not override your rights and freedoms
  • Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with applicable laws and regulations, including tax, accounting, and regulatory requirements

5. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide, maintain, and improve the Service
  • Process your registration and manage your account
  • Track your learning progress through geometric propositions
  • Save your interactive constructions and progress
  • Send you technical notices, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze usage patterns and trends to improve the Service
  • Detect, prevent, and address technical issues, security threats, fraud, and other illegal activities
  • Comply with legal obligations and enforce our Terms of Use
  • Personalize your experience (without automated profiling that produces legal or similarly significant effects)

6. Automated Decision-Making and AI Systems

In compliance with the European AI Act (Regulation (EU) 2024/1689) and GDPR Article 22, we provide the following transparency regarding automated processing:

6.1 Automated Systems in Use

Our Service may employ the following automated systems:

  • Adaptive Learning: Automated adjustment of proposition difficulty and recommendations based on your progress. This is a low-risk AI system under the EU AI Act classification and does not produce legal or similarly significant effects on individuals
  • Security and Fraud Detection: Automated monitoring for security threats and abusive behavior. These systems operate as part of our security infrastructure and do not make automated decisions that significantly affect individuals without human review
  • Usage Analytics: Automated analysis of usage patterns for service improvement. This processing does not produce legal effects or significantly affect individuals

6.2 Your Rights Regarding Automated Processing

Under GDPR Article 22, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. If any such automated decision-making is introduced, we will:

  • Inform you of the existence, logic, and significance of such automated processing
  • Provide you with the right to obtain human intervention, express your point of view, and contest the decision
  • Ensure appropriate human oversight as required by the EU AI Act

6.3 AI Act Compliance

We classify our automated systems as minimal or limited risk under the EU AI Act. We maintain documentation regarding:

  • The purpose and capabilities of our automated systems
  • The types of data used and their sources
  • Risk assessments and mitigation measures
  • Human oversight mechanisms
  • Data governance and quality management processes

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies in accordance with the ePrivacy Directive and GDPR. You will be presented with a cookie consent banner upon first visit, allowing you to accept or reject non-essential cookies.

Categories of cookies we use:

  • Strictly Necessary Cookies: Required for the Service to function properly (authentication, security). These do not require consent as they are essential for the service you have requested.
  • Functional Cookies: Remember your preferences and settings. These may be set by us or by third-party providers whose services we use.
  • Analytics Cookies: Help us understand how visitors interact with the Service. These require your prior consent under GDPR.

You can manage your cookie preferences at any time through your browser settings or through our cookie management tool. Disabling strictly necessary cookies may prevent the Service from functioning properly.

8. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with the following categories of recipients, only to the extent necessary:

  • Data Processors: Third-party service providers who process data on our behalf under written data processing agreements (Art. 28 GDPR), including: cloud hosting providers, email service providers, and analytics providers. These processors are contractually bound to process data only on our instructions and to implement appropriate security measures.
  • Legal Requirements: When required by law, regulation, legal process, or enforceable government request, or to protect our rights, privacy, safety, or property, or that of our users or the public.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, provided the recipient entity agrees to respect your personal data in a manner consistent with this Privacy Policy.
  • With Your Consent: When you have given explicit, informed consent to share your information with specific third parties for specific purposes.

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure an adequate level of protection by implementing appropriate safeguards in accordance with GDPR Chapter V, including:

  • Adequacy Decisions: Transfers to countries that the European Commission has determined provide an adequate level of data protection
  • Standard Contractual Clauses (SCCs): EU-approved contract terms that require the recipient to protect your data to European standards
  • Binding Corporate Rules: Where applicable, approved corporate policies for intra-group transfers
  • Supplementary Measures: Technical and organizational measures to ensure an essentially equivalent level of protection, including encryption in transit and at rest

You may request information about the specific safeguards applied to the transfer of your data by contacting us.

10. Data Security

We implement appropriate technical and organizational measures (Art. 32 GDPR) to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit (TLS/SSL) and at rest
  • Secure password hashing using industry-standard algorithms (e.g., PBKDF2)
  • Regular security assessments, penetration testing, and vulnerability scanning
  • Access controls, authentication mechanisms, and the principle of least privilege
  • Regular backups and disaster recovery procedures
  • Staff training on data protection and security procedures
  • Incident response procedures and breach notification processes in compliance with Art. 33 and 34 GDPR

While we take reasonable measures to protect your personal data, no method of electronic transmission or storage is 100% secure. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR Articles 33 and 34.

11. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following data protection rights under the GDPR:

  • Right of Access (Art. 15): Request confirmation of whether we process your personal data and obtain a copy of that data
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data without undue delay
  • Right to Erasure / Right to Be Forgotten (Art. 17): Request deletion of your personal data where there is no compelling reason for its continued processing
  • Right to Restriction of Processing (Art. 18): Request restriction of processing in certain circumstances, such as when you contest the accuracy of the data
  • Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes at any time
  • Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing based on consent before its withdrawal
  • Right Not to Be Subject to Automated Decision-Making (Art. 22): Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects
  • Right to Lodge a Complaint: Lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement

To exercise any of these rights, please contact us using the information provided in Section 15. We will respond to your request within one (1) month of receipt, extendable by two (2) further months for complex requests, in accordance with GDPR Article 12(3). We will verify your identity before processing any request to exercise your rights.

You also have the right to lodge a complaint with your local data protection supervisory authority. A list of supervisory authorities can be found at: EDPB Members.

12. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Specifically:

  • Account Data: Retained for the duration of your account and for up to thirty (30) days after account deletion to complete data erasure procedures
  • Progress Data: Deleted upon account deletion, except where retained for legal obligations
  • Usage and Log Data: Retained for a maximum of twelve (12) months for security and analytics purposes
  • Legal Obligation Data: Retained for the period required by applicable law (e.g., tax records)

When data is no longer needed, we will delete or anonymize it in accordance with our data retention policies and applicable law.

13. Children's Privacy

Our Service is not directed at children under the age of sixteen (16). We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information from our servers promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated Privacy Policy on this page with an updated "Last updated" date
  • Notify you through the Service or via email for material changes
  • Where required by GDPR, obtain your consent for material changes affecting the processing of your personal data

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us through the Service or by email at the address provided in your account settings.

We aim to respond to all data protection inquiries within thirty (30) days. If you believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection supervisory authority.

Back to Home
Terms of Use