Last updated: November 22, 2025
We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, your rights under the GDPR (EU Regulation 2016/679), and our compliance with Greek Law 4624/2019 and 4727/2020 regarding personal data protection.
1. Data We Collect
1.1 Information you provide
- Email address, name, and encrypted password
- Images or photos of math problems (optional)
- Handwriting or sketches you draw on the platform's canvas
1.2 Technical information
- IP address
- Browser and device type
- Cookies used for authentication, functionality, and performance
1.3 Subscription information
- Revolut customer ID
- Payment status
- Active subscription tier (Free, Student Pro, Teacher Pro)
2. AI Processing and Third-Party Providers
Some features of our platform use external AI processing providers to deliver mathematical solutions, OCR (Optical Character Recognition), and problem generation. We ensure the following safeguards:
- Data is transmitted securely via encrypted connections (TLS/SSL)
- AI providers process data transiently and do not store it permanently
- Uploaded images are deleted immediately after OCR processing
- Your data is not used to train AI models
- Solutions generated by AI may contain errors and should be verified by users
The use of third-party AI processing is based on contractual necessity (GDPR Art. 6(1)(b)) to provide the services you request.
3. How We Use Your Data
We process personal data in order to:
- Provide mathematical solutions and explanations
- Perform OCR on uploaded content
- Generate exercises and materials
- Manage user accounts
- Offer customer support
- Prevent abuse or misuse of the platform
We do not sell or rent personal data to third parties.
4. Handling of Images and Photos
Images uploaded for solution processing:
- Are used solely for OCR and mathematical analysis
- Are automatically deleted after processing
- Are not used for AI model training
- Are not shared with third parties except as necessary for AI processing
5. Payment Processing
All payments are processed by Revolut, our payment provider. Mathimatikos.xyz does not store or process credit card information. Revolut handles all payment data in compliance with PCI-DSS standards. For payment-related inquiries, please refer to Revolut's Privacy Policy.
6. Legal Basis for Processing (GDPR)
We process data under the following legal bases:
- Contractual necessity (Art. 6(1)(b)) – providing the services you request, including AI-powered problem solving
- Legitimate interest (Art. 6(1)(f)) – maintaining platform security and preventing abuse
- Consent (Art. 6(1)(a)) – cookies and optional functionalities
- Legal obligation (Art. 6(1)(c)) – compliance with applicable laws
7. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy:
- Account data: Retained while your account is active and for 30 days after deletion
- Solution history: Retained while your account is active and deleted upon account deletion
- Usage logs: Retained for 90 days for security and abuse prevention
- Payment records: Retained by Revolut in accordance with legal requirements (typically 7 years)
Upon account closure, you may request complete data deletion by contacting yb.athens@gmail.com. We will process such requests within 30 days.
8. Your Rights Under GDPR
Under the GDPR and Greek Law 4624/2019, you have the right to:
- Access your personal data (Art. 15)
- Request correction or deletion (Art. 16, 17)
- Request restriction of processing (Art. 18)
- Request data portability (Art. 20)
- Object to processing (Art. 21)
- Withdraw consent at any time (Art. 7)
- Lodge a complaint with a supervisory authority
To exercise any of these rights, contact:
If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr or your local EU supervisory authority.
9. Age Restrictions
Our service is intended for users aged 13 and older. Users under 18 years of age must obtain parental or guardian consent before using Mathimatikos.xyz. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13 without parental consent, we will take steps to delete such information.
10. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our AI processing providers operate. Such transfers are protected by appropriate safeguards, including Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR) and data processing agreements ensuring GDPR-equivalent protections.
11. Automated Decision-Making
Our platform uses AI to generate mathematical solutions and explanations. These AI-generated outputs are not subject to human review and may contain errors. No significant decisions affecting your rights are made solely based on automated processing. You are encouraged to verify all AI-generated solutions independently. We are committed to transparency in AI use as required by the EU AI Act.
12. Cookies and Tracking
We use the following types of cookies:
- Essential cookies: Required for authentication and session management (persist for the duration of your session)
- Functional cookies: Remember your preferences such as language selection (persist for 1 year)
- Analytics cookies: Track usage patterns only if you provide explicit consent (persist for 2 years or until you withdraw consent)
You can control cookie preferences through your browser settings. Blocking essential cookies may limit platform functionality.
Session cookies expire when you close your browser. Persistent cookies expire as indicated above or when you clear your browser cache.
13. Data Storage and Security
Personal data is stored on secure European servers or on GDPR-compliant cloud infrastructure. We use industry-standard security measures including encryption at rest and in transit, regular security audits, and access controls to protect your data from unauthorized access, alteration, or disclosure.
14. Security Measures
We protect personal data using:
- TLS/SSL encryption for data in transit
- Encryption at rest for stored data
- Role-based access controls
- Brute-force and abuse-prevention systems
- Regular security audits and vulnerability assessments
- Secure authentication via Supabase Auth (OAuth 2.0)
15. Data Protection Contact
For all data protection inquiries, including exercising your GDPR rights, please contact our Data Protection Officer:
We will respond to all requests within 30 days as required by GDPR Article 12.
16. Contact Information
For privacy-related inquiries:
For general support:
