Privacy Policy

Last updated: March 20, 2026

This Privacy Policy describes how Lectern ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use our AI-powered study platform ("Service"). We are committed to safeguarding your privacy and being transparent about our data practices.

1. Information We Collect

Account Information

When you create an account, we collect your full name and email address. If you sign in with Google, we also receive your Google account ID and profile picture URL from Google.

Study Data

When you use the Service, we collect and store:

  • Chat messages you send to the AI tutor and the AI's responses
  • Your quiz answers and progress through lecture materials
  • Course enrollment records

Uploaded Materials

Course administrators may upload lecture materials (PDFs, Word documents) to generate study aids. These files are stored securely and processed by our AI to produce lecture content. Students do not upload materials directly.

Payment Information

When you purchase credits, your payment is processed by Paystack. We do not store your credit card number, bank account details, or other payment credentials. We receive only transaction confirmation data (amount, status, reference ID) from Paystack.

Technical Information

We automatically collect your IP address for rate limiting and security purposes. We use essential cookies (httpOnly, secure) to manage your authentication session. We do not use tracking cookies or third-party analytics.

2. How We Use Your Information

We use your personal information to:

  • Create and manage your account
  • Provide the study platform and its features (lectures, quizzes, AI chat)
  • Process payments for credit purchases
  • Generate AI-powered study aids from uploaded course materials
  • Maintain chat history so you can continue conversations across sessions
  • Track your study progress within courses
  • Enforce rate limits and prevent abuse
  • Send essential communications (email verification, password resets)
  • Comply with legal obligations

We do not sell your personal information. We do not use your data for advertising. We do not build profiles for targeted marketing.

3. AI Processing

To provide AI-generated study aids and chat responses, we send relevant course content and your chat messages to Anthropic (the company behind Claude AI) for processing. This data is sent via Anthropic's API and is subject to Anthropic's usage policies. Anthropic does not use API-submitted data to train their models.

We include only the minimum necessary context in AI requests — your chat messages and relevant sections of course content. We do not send your name, email, or other personal identifiers to Anthropic.

4. Third-Party Services

We share data with the following third-party services, strictly as needed to operate the platform:

  • Google — If you use Google Sign-In, Google provides us with your name, email, and profile picture. Governed by Google's Privacy Policy.
  • Anthropic (Claude AI) — Course content and chat messages are processed to generate study aids and chat responses. Anthropic does not retain API data for model training.
  • Cloudflare R2 — Uploaded course materials are stored securely in Cloudflare's object storage infrastructure.
  • Paystack — Payment processing for credit purchases. We do not store your payment credentials. Governed by Paystack's Privacy Policy.

5. Data Storage and Security

Your data is stored in a PostgreSQL database with encrypted connections. Passwords are hashed using bcrypt with a cost factor of 12 — we never store plaintext passwords. Authentication tokens are hashed before storage. All data in transit is encrypted using TLS/HTTPS.

Uploaded files are stored in Cloudflare R2 with access restricted to authorized platform operations. We implement rate limiting, input validation, and other security measures to protect against unauthorized access.

6. Data Retention

  • Account data is retained as long as your account is active.
  • Chat history is retained for the duration of your enrollment in a course.
  • Study progress is retained as long as your account is active.
  • Uploaded materials are retained as long as the associated course is active on the platform.
  • Payment records are retained as required by applicable financial regulations.

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete personal information
  • Delete your account and associated personal data
  • Export your data in a portable format
  • Object to certain processing of your personal information

To exercise any of these rights, contact us at privacy@lectern.academy. We will respond within 30 days.

8. Cookies

Lectern uses only essential cookies required for the Service to function:

  • access_token — An httpOnly, secure cookie containing your authentication token. Expires after 15 minutes.
  • refresh_token — An httpOnly, secure cookie used to refresh your session. Expires after 7 days.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Because we only use strictly necessary cookies, no cookie consent banner is required under most privacy regulations.

9. Children's Privacy

Lectern is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will promptly delete it. If you believe a child under 16 has provided us with personal information, please contact us at privacy@lectern.academy.

10. International Data Transfers

Your data may be processed in countries other than your own, including wherever our third-party service providers operate. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@lectern.academy.