PRIVACY POLICY

Clavis-X

Last updated: May 22, 2026

This Privacy Policy describes how Clavis-X collects, uses, stores, protects and shares personal data of users who access or use the Clavis-X mobile application, website and related digital services.

Clavis-X is a digital platform dedicated to education, study organization, educational content management, AI-powered learning tools, user-uploaded materials, subscriptions, digital purchases and internal content distribution features.

By using Clavis-X, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

The Data Controller responsible for the processing of personal data is:

Lorenzo Fiorino
VAT Number: 02788930200
Primary ATECO Code: 62.10.00
Location: Castelbelforte, 46032 Mantova, Lombardy, Italy
Website: www.clavis-x.com
Email: admin@clavis-x.com
Certified Email (PEC): clavisx@postecertifica.it

For any privacy-related request or data protection inquiry, users may contact the Data Controller using the contact information above.

2. Scope of This Policy

This Privacy Policy applies to:

• the Clavis-X mobile application;

• the official website;

• user accounts;

• educational tools and learning systems;

• AI-powered educational features;

• internal content store;

• subscriptions and digital purchases;

• uploaded educational materials;

• creator-related features;

• future educational and commercial services connected to Clavis-X.

3. Categories of Personal Data Processed

3.1 Account and Authentication Data

We may process:

• email address;

• user identifier;

• authentication credentials;

• session-related information;

• technical security information required to maintain account access.

At the time of this Policy, Clavis-X uses an internal account system. If third-party login providers such as Apple or Google are introduced in the future, this Privacy Policy may be updated accordingly.

3.2 Profile Data

We may process:

• nickname or display name;

• profile image, if uploaded;

• biography or optional public information;

• platform role, where applicable.

3.3 Study and Usage Data

We may process educational and platform activity data, including:

• viewed materials;

• completed chapters;

• exercises performed;

• answers submitted;

• scores and results;

• learning statistics;

• educational progress;

• activity history;

• preferences and language settings.

These data are used to provide educational continuity, personalized study experiences and platform functionality.

3.4 User Uploaded Content

Users may upload educational content and materials, including:

• PDF documents;

• educational texts;

• notes and learning resources;

• titles and descriptions;

• metadata associated with uploaded content.

Uploaded materials may be stored on the platform, particularly when published or shared through the internal store.

Users are solely responsible for ensuring they own or are authorized to upload, distribute or commercialize such content.

3.5 Public Content and Internal Store

Clavis-X may allow users to publish educational content within the platform store.

Publicly shared content may display:

• title;

• creator or nickname;

• description;

• subject;

• language;

• previews;

• pricing information;

• associated metadata.

Once content is published publicly, some information becomes visible to other users.

3.6 Subscription and Purchase Data

Clavis-X currently offers or may offer:

• subscriptions;

• digital purchases;

• premium features;

• paid educational content.

Payments processed through Apple App Store or Google Play are handled directly by those platforms.

Clavis-X does not store full payment card details.

We may receive transaction-related information such as:

• product identifiers;

• subscription status;

• purchase timestamps;

• renewal or expiration dates;

• confirmation of completed purchases;

• access entitlement information.

3.7 Creator Data

If creator monetization features are enabled, Clavis-X may process:

• legal name;

• country information;

• tax or administrative information;

• sales-related data;

• earnings data;

• IBAN or payment-related information where required.

Additional agreements or verification procedures may apply to creators in the future.

3.8 Technical and Security Data

We may process technical information necessary for security and platform maintenance, including:

• device identifiers;

• operating system;

• application version;

• technical logs;

• crash reports;

• security-related data;

• IP address, where processed by infrastructure providers.

3.9 Support Communications

When users contact support, we may process:

• email address;

• support messages;

• attachments;

• information required to respond to requests.

4. Data Not Currently Processed

At the time of this Policy:

• Clavis-X does not use third-party analytics systems;

• Clavis-X does not use push notifications;

• Clavis-X does not use advertising cookies within the mobile app;

• Clavis-X does not sell personal data.

If analytics, advertising, notifications or tracking technologies are introduced in the future, this Policy will be updated accordingly.

5. Purposes of Processing

Personal data may be processed for the following purposes:

• account creation and management;

• authentication and access control;

• educational functionality;

• study progress management;

• AI-powered educational generation;

• content uploads and management;

• operation of the internal educational store;

• subscriptions and digital purchase management;

• technical support;

• fraud prevention and security;

• legal and regulatory compliance;

• protection of platform rights and users.

6. Legal Bases for Processing

Processing activities may rely on one or more of the following legal bases under the GDPR:

6.1 Performance of a Contract

Processing is necessary to provide the services requested by users.

6.2 Legal Obligations

Certain data may be processed to comply with legal, fiscal, accounting or regulatory obligations.

6.3 Legitimate Interests

Clavis-X may process data to:

• secure the platform;

• prevent fraud and abuse;

• improve platform stability;

• protect legal rights;

• enforce platform rules.

6.4 Consent

Where required by law, processing activities such as marketing or optional tracking technologies may rely on user consent.

7. Artificial Intelligence Services

Clavis-X uses artificial intelligence systems, including OpenAI or equivalent providers, to generate educational outputs such as:

• explanations;

• summaries;

• exercises;

• study assistance;

• educational transformations of uploaded materials.

To provide these services, parts of user-provided content, prompts or uploaded materials may be transmitted to AI providers.

Users should avoid uploading sensitive personal data or third-party information unless legally authorized to do so.

AI-generated content may contain inaccuracies or incomplete information and is provided exclusively for educational purposes.

8. Minors

Clavis-X is intended for educational purposes and may be used within school or training environments.

Where required by applicable law, minors must use the platform under parental, guardian, educational institution or authorized supervision.

If a parent or legal guardian believes that a minor has provided personal data without authorization, they may contact:

admin@clavis-x.com

9. Data Retention

Personal data are retained only for as long as necessary to fulfill the purposes described in this Policy.

Retention periods may depend on:

• account activity;

• educational continuity;

• uploaded content persistence;

• subscription management;

• legal obligations;

• security and fraud prevention requirements.

Some data may remain stored where required by law or necessary to protect legal rights.

10. Sharing of Personal Data

Clavis-X does not sell personal data.

Data may be shared only where necessary with:

• infrastructure providers;

• backend and hosting services;

• AI providers;

• payment and subscription platforms;

• legal or administrative consultants;

• public authorities where legally required.

11. Main Service Providers

Clavis-X may rely on third-party providers including:

• Supabase;

• OpenAI or equivalent AI providers;

• Apple App Store;

• Google Play;

• infrastructure and hosting providers.

Providers may change over time depending on platform evolution.

12. International Data Transfers

Some providers may process data outside the European Economic Area.

Where applicable, appropriate safeguards such as Standard Contractual Clauses or legally recognized transfer mechanisms are used.

13. Security Measures

Clavis-X adopts reasonable technical and organizational measures to protect personal data, including:

• authentication systems;

• access controls;

• backend security rules;

• encrypted communications where supported;

• technical monitoring;

• abuse prevention measures.

No digital system can guarantee absolute security.

14. User Rights

Under applicable law, users may have the right to:

• access personal data;

• request correction;

• request deletion;

• restrict processing;

• object to processing;

• request portability;

• withdraw consent;

• file complaints with supervisory authorities.

Requests may be sent to:

admin@clavis-x.com

or:

clavisx@postecertifica.it

15. Account and Data Deletion

Users may request deletion of their account and associated personal data.

Clavis-X may provide a dedicated deletion page accessible through the official website.

Some information may be retained where necessary for:

• legal obligations;

• fraud prevention;

• dispute management;

• legal defense;

• protection of platform rights;

• preservation of purchased public content.

16. User Published Content

Users publishing content are responsible for ensuring that such content:

• does not infringe copyright;

• does not violate third-party rights;

• does not contain unlawful material;

• does not contain unauthorized personal data;

• complies with applicable laws.

Clavis-X may remove or restrict content that violates laws, platform rules or third-party rights.

17. Cookies and Similar Technologies

The Clavis-X mobile application does not currently use advertising cookies.

The website may use technical cookies necessary for functionality and security.

If analytics or marketing technologies are introduced in the future, a dedicated Cookie Policy may be provided.

18. Changes to This Policy

Clavis-X may update this Privacy Policy over time.

Updated versions will be published on the official website together with the latest revision date.

Continued use of the platform after updates constitutes acknowledgment of the revised Policy.

19. Contact Information

For questions regarding this Privacy Policy or personal data processing, users may contact:

Lorenzo Fiorino
Email: admin@clavis-x.com
PEC: clavisx@postecertifica.it
Website: www.clavis-x.com
Location: Castelbelforte, Mantova, Lombardy, Italy

20. Governing Language

This Privacy Policy is drafted in English.

Translations may be provided for convenience only. In case of inconsistencies, the Italian version shall prevail unless otherwise required by applicable law.

© 2026 Clavis-X. All rights reserved.