Last updated: March 27, 2026
RinKuzu (“we,” “us,” or “our”) is committed to protecting your personal data. This Privacy Policy explains how Hanoi University of Science and Technology (“HUST”), operating the RinKuzu platform at https://www.rinkuzu.app, collects, uses, discloses, and safeguards information when you use our AI-powered adaptive learning services.
When you register for RinKuzu, you provide: full name, email address, password (hashed using bcrypt), and optional profile information such as institution, role (student, teacher, or other), and profile photo. If you register via a third-party OAuth provider (e.g., Google), we receive your name and email from that provider.
When you upload PDF documents for quiz generation, we process and store: the content of uploaded PDFs, extracted text, and structured metadata (chapter titles, page count, file name, upload timestamp). Uploaded PDFs are stored securely and are accessible only to you and, if you choose to share quizzes publicly, to other platform users. You retain full ownership of content you upload.
We collect: quiz performance data (answers submitted, correctness, time spent per question), Bloom's Taxonomy mastery levels, knowledge graph progress data, session duration, and adaptive learning recommendations generated by our AI. This data is used to personalize your learning experience and improve our AI models.
Automatically collected: IP address, browser type and version, operating system, device identifiers, pages visited, referring URLs, clickstream data, and error logs. We use Google Analytics 4 to analyze aggregate usage patterns. This data is anonymized where possible and does not identify individual users without their consent.
RinKuzu uses essential cookies (authentication, security, session management) and optional analytics cookies. We do not use advertising or tracking cookies. Full details are available in our Cookie Policy. You may disable non-essential cookies through your browser settings.
If you are located in the European Economic Area, we process your personal data under:
We retain your personal data for as long as your account is active and for a period of up to 3 years after account deletion, unless a longer retention period is required by law. Specific retention periods:
We use the following third-party services, each acting as a data processor under GDPR:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Google Gemini AI | PDF analysis, quiz generation, answer evaluation | Uploaded PDF content, concept metadata | EEA / US (standard contractual clauses) |
| Vercel | Web hosting, CDN, serverless functions | All platform data (encrypted) | Global (GDPR compliant) |
| MongoDB Atlas | Database hosting | User accounts, quiz data, activity logs | Singapore / EU (selected region) |
| Google Analytics 4 | Aggregate usage analytics (anonymized) | Technical & usage data (no PII) | EEA / US |
| PayOS | Payment processing for Premium subscriptions | Billing name, email, transaction amount | Vietnam |
| NextAuth.js | Authentication and session management | Email, hashed password, OAuth tokens | EEA (session storage) |
All processors are bound by Data Processing Agreements (DPAs) incorporating standard contractual clauses approved by the European Commission.
Some third-party processors (notably Google Gemini AI) may process data outside the European Economic Area. Such transfers are protected by: (a) adequacy decisions by the European Commission, or (b) standard contractual clauses (SCCs) as approved by the European Commission. A copy of the relevant SCCs is available upon request.
If you are in the EEA, you have the right to:
To exercise any of these rights, contact us at support@rinkuzu.app. We will respond within 30 days.
For users in Vietnam, we comply with Decree No. 13/2023/ND-CP on the Protection of Personal Data (PDPD). Under Vietnamese law, you have the right to: be informed of data processing purposes; consent to or withdraw consent for processing; access and correct your personal data; delete your personal data; and complain to competent authorities. Contact our Data Protection Officer at dpo@rinkuzu.app.
RinKuzu's services are not directed to children under the age of 13 (“Children”). We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you believe we have inadvertently collected such data, please contact us immediately at support@rinkuzu.app, and we will promptly delete it.
RinKuzu uses Google Gemini AI to generate quizzes and evaluate answers. You have the right not to be subject to solely automated decisions that produce significant effects. If you believe an AI-generated evaluation has produced an unfair result, you may request human review by contacting support@rinkuzu.app. We do not use AI-generated content to make automated decisions with legal or similarly significant effects without human oversight.
We implement industry-standard security measures: TLS 1.3 encryption in transit, AES-256 encryption at rest, bcrypt password hashing, role-based access control (RBAC), regular security audits, and intrusion detection systems. In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33.
We do not use your personal data, uploaded learning materials, quiz content, or learning activity data to train, fine-tune, or improve any machine learning models or AI systems. Your content is processed solely for the purpose of providing the RinKuzu service to you.
Data Controller: Hanoi University of Science and Technology (HUST)
Operating Name: RinKuzu
Address: Room 302, Building A1, 17 Dai Co Viet Street, Hai Ba Trung District, Hanoi, Vietnam
Mã số thuế (Tax ID): [Vui lòng điền Mã số thuế của trường đại học]
Email: support@rinkuzu.app
Data Protection Officer: dpo@rinkuzu.app
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. For significant changes, we will send a notification to your registered email address. We encourage you to review this policy periodically.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: