Privacy Policy

Last updated: March 4, 2026

1. Data Controller

Project Atlas is operated by WynexLabs. For questions about data processing, contact us at privacy@wynexlabs.com.

2. Data We Collect

  • Account data: Email address, name, and authentication provider information (Google OAuth or email magic link).
  • Uploaded content: PDF documents you upload for study purposes. These are processed to extract text and generate quiz questions.
  • Learning data: Quiz responses, scores, session history, and performance metrics used to personalize your learning experience.
  • Usage data: Login timestamps, feature usage, and engagement metrics for service improvement.

3. Legal Basis for Processing (GDPR Article 6)

  • Consent: We process your data based on your explicit consent, which you can withdraw at any time.
  • Contract performance: Processing necessary to provide the adaptive learning service you signed up for.
  • Legitimate interest: Service improvement, security monitoring, and fraud prevention.

4. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Right of access (Art. 15): Request a copy of all data we hold about you.
  • Right to data portability (Art. 20): Export your data in a structured, machine-readable format via your Account Settings.
  • Right to erasure (Art. 17): Permanently delete your account and all associated data via your Account Settings.
  • Right to rectification (Art. 16): Update or correct your personal information.
  • Right to restrict processing (Art. 18): Request that we limit how we use your data.
  • Right to withdraw consent: Withdraw consent at any time without affecting prior processing.

5. Data Retention

We retain your data for as long as your account is active. Upon account deletion, all personal data and uploaded content are permanently removed within 30 days. Anonymized, aggregated analytics data may be retained for service improvement.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS/HTTPS), access controls, regular security audits, and audit logging of data access events.

7. Data Transfers

Your data is processed on servers in the European Union. If data transfer outside the EU is necessary, we ensure appropriate safeguards (Standard Contractual Clauses) are in place per GDPR Chapter V.

8. Cookies

We use essential cookies required for authentication and session management. We do not use advertising or tracking cookies. Essential cookies cannot be disabled as they are necessary for the service to function.

9. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours per GDPR Article 33. If the breach is likely to result in a high risk to your rights, we will notify you directly per Article 34.

10. Contact & Complaints

For any privacy-related inquiries, contact our Data Protection Officer at privacy@wynexlabs.com. You also have the right to lodge a complaint with your local data protection supervisory authority (e.g., CNIL in France).