LexStud Privacy Policy

Effective date: January 9, 2026

This Privacy Policy explains how LexStud (“we”, “us”, “our”) collects, uses, shares, and protects your personal data when you use LexStud (the “Service”). It also explains your rights under the GDPR.

1) Data controller and contact

Controller: LexStud (website operator)

Contact: /contact.php

Email (privacy): info@nikolasgiantsikouris.com

2) Data we collect

Depending on how you use LexStud, we may collect:

Account data: email, display name/username, password hash, settings, language preferences.
Learning data (SRS): items studied, review history, correctness, streaks, points/levels, progress logs.
Community data: profile content you choose to publish, posts/comments, reactions, friend connections.
Chat/messages: direct messages and related metadata (time, participants).
Uploads: images/files you upload (if enabled) and related metadata.
Technical/log data: IP address, device/browser info, pages viewed, timestamps, error logs, security events.
Cookies and similar tech: essential session cookies and preference cookies; optional analytics/marketing cookies only if you enable them.

Example: many services record “log data” like IP, browser type, pages visited, time/date, and diagnostics. :contentReference[oaicite:1]{index=1}

3) Public vs private information

Public (if you choose): your display name, profile info, posts/comments, and activity shown in community areas.
Private: your email, password hash, private messages, and internal security logs (not public).

4) Why we process your data (purposes)

Provide the Service (accounts, SRS, progress tracking, games, community, chat).
Moderation and safety (spam control, abuse prevention, fraud/security).
Operate and improve the Service (bug fixing, performance, analytics if enabled).
Communications (support requests, account/security notices).
Legal compliance (e.g., responding to lawful requests).

5) Legal bases (GDPR)

We rely on one or more of the following legal bases, depending on the context:

Contract: to provide the Service you requested (account, SRS tracking, community features).
Legitimate interests: to secure and improve the Service, prevent abuse, and maintain platform integrity.
Consent: for optional cookies/analytics/marketing where required, and for certain optional features.
Legal obligation: where processing is required by law.

GDPR requires a lawful basis (Art. 6) and transparency about what you do with data (Art. 13). :contentReference[oaicite:2]{index=2}

6) Cookies

We use essential cookies to keep you logged in and to run the Service (for example: sessions, CSRF, preferences). If we use non-essential cookies (like analytics), we will ask for consent where required and provide a way to opt out.

If you add analytics later, consider adding a separate /legal/cookies.php page.

7) Sharing your data

We do not sell your personal data.

We may share limited data with:

Service providers that help us run LexStud (hosting, email delivery, database/storage, security tools).
Payment processors (only if/when you add payments). We typically do not store full card details.
Legal/safety when required to comply with law or protect users and the Service.

8) International transfers

If our hosting or providers process data outside the EEA, we will use appropriate safeguards (such as contractual protections) where required by law.

9) Data retention

We keep personal data only as long as needed for the purposes described above. Typical retention:

Account data: kept while your account is active. If you delete your account, we delete or anonymize where possible.
Learning progress: kept to provide your progress and SRS history until account deletion (or earlier if you request deletion, where feasible).
Chat/community content: may remain visible if you posted it publicly; private messages are retained for service operation unless deleted/removed.
Security logs: kept for a limited period (e.g., 30–180 days) unless needed longer for abuse investigations or legal reasons.
Backups: deleted on a rolling schedule; residual copies may exist for a limited time.

GDPR expects you to explain retention or the criteria used to determine it. :contentReference[oaicite:3]{index=3}

10) Your rights (GDPR)

If you are in the EU/EEA (including Greece), you have rights such as:

Access your personal data
Correct inaccurate data
Delete data (“right to be forgotten”), in certain cases
Restrict or object to processing, in certain cases
Data portability, in certain cases
Withdraw consent at any time (when processing is based on consent)
Lodge a complaint with a supervisory authority (in Greece: the Hellenic Data Protection Authority)

These rights and transparency duties are part of GDPR’s core framework. :contentReference[oaicite:4]{index=4}

11) Children

LexStud is not intended for children who are below the age of digital consent for online services in their country. In Greece, that age is 15 under national GDPR implementation. :contentReference[oaicite:5]{index=5}

12) Security

We use reasonable administrative, technical, and organizational measures to protect personal data. No online service is 100% secure; you use LexStud at your own risk.

13) Changes to this policy

We may update this Privacy Policy from time to time. If changes are significant, we will post the updated version on this page and update the effective date.

14) Contact us

For privacy requests (access, deletion, export), contact us at /contact.php or email info@nikolasgiantsikouris.com .

Note: This is a practical template, not legal advice. If you add payments, ads, third-party trackers, or run a large community, have a lawyer review it.