Privacy Policy
Last updated: February 22, 2026
1. Data Controller
The data controller for your personal data is:
KLINICA SOFTWARE SOLUTIONS S.R.L.
CUI: RO45227020
Email: support@klinica.io
2. Data We Collect
2.1 Account Data
- Email address
- Name (if provided)
- Authentication credentials (securely hashed)
2.2 User Content
- Course materials you upload (textbooks, slides, notes, PDFs)
- Course information (names, topics, exam dates)
- Chat messages with the AI tutor
- Practice test responses and results
2.3 Usage Data
We use Mixpanel for usage analytics. When you accept cookies, Mixpanel collects:
- Feature usage patterns (which tools you use, session duration)
- Device and browser information
- IP address
We also collect credit consumption and billing history as part of the Service.
2.4 Payment Data
Payment processing is handled by Stripe. We do not store your full credit card number. Stripe's privacy policy applies to payment data: stripe.com/privacy.
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide the Service (AI tutoring, tests, schedules) | Contract performance |
| Process payments and manage subscriptions | Contract performance |
| Send service-related communications | Contract performance |
| Improve the Service and fix bugs | Legitimate interest |
| Prevent fraud and abuse | Legitimate interest |
| Comply with legal obligations | Legal obligation |
4. AI Processing
Your uploaded materials and chat messages are processed by AI models hosted on AWS (Amazon Bedrock) to generate responses, practice tests, and study schedules. This processing is necessary to provide the core Service functionality. Your data is not sent to third-party AI model providers outside of our AWS infrastructure.
- Your materials are used only to serve you — they are not used to train AI models.
- AI-generated content is derived from your materials and general knowledge.
- We do not share your materials with other users.
5. Data Sharing
We share your data only with:
| Recipient | Purpose |
|---|---|
| AWS (Amazon Web Services) | Cloud infrastructure and hosting |
| Stripe | Payment processing |
| Mixpanel | Usage analytics (only when you accept cookies) |
We do not sell your personal data. We do not share your data with advertisers.
6. Data Retention
- Account data: retained while your account is active, deleted within 30 days of account deletion.
- User content (materials, chats, tests): deleted within 30 days of account deletion.
- Billing records: retained for up to 7 years as required by Romanian tax law.
- Server logs: retained for up to 90 days for security and debugging.
7. Your Rights (GDPR)
As a data subject under the GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict processing
- Data portability — receive your data in a structured, machine-readable format
- Object to processing based on legitimate interest
- Lodge a complaint with the Romanian data protection authority (ANSPDCP)
To exercise any of these rights, contact us at support@klinica.io. We will respond within 30 days.
8. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS) and at rest
- Secure authentication with hashed credentials
- Access controls and least-privilege principles
- Regular security reviews
9. International Transfers
Your data may be processed in the European Economic Area (EEA) and in other regions where our infrastructure providers operate. When data is transferred outside the EEA, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).
10. Cookies
ExamPath uses the following types of cookies:
- Essential cookies: required for authentication and session management. These cannot be disabled.
- Analytics cookies (Mixpanel): used to understand how you use the platform and improve the experience. These are only set if you accept cookies via the consent banner. You can change your preference at any time. Mixpanel's privacy policy: mixpanel.com/legal/privacy-policy.
11. Children's Privacy
ExamPath is not intended for children under 16. We do not knowingly collect data from children under 16. If you believe a child under 16 has provided us with personal data, contact us and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notice at least 14 days before they take effect.
13. Contact
For privacy-related questions or to exercise your rights:
KLINICA SOFTWARE SOLUTIONS S.R.L.
Email: support@klinica.io