Privacy Policy & GDPR Compliance

1. Introduction

At Liwaza, we are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI-powered graduate school admissions platform.

The Liwaza platform is operated by Chinery SAS, a company registered in France under SIREN 938 593 290, with its registered office at 60 RUE FRANCOIS IER, 75008 PARIS.

2. Data Controller

Chinery SAS is the data controller responsible for processing your personal data. For any questions regarding this policy or your personal data, please contact us at:

3. Types of Data We Collect

We collect different types of personal data depending on how you interact with our platform:

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Consent (Article 6(1)(a)): For analytics cookies, marketing communications, and optional features
• Contract Performance (Article 6(1)(b)): To provide our educational services and platform functionality
• Legitimate Interest (Article 6(1)(f)): For security, fraud prevention, and service improvement
• Legal Obligation (Article 6(1)(c)): For compliance with applicable laws and regulations

5. How We Use Your Data

We use your personal data for the following purposes:

• Providing AI-powered coaching and educational services
• Personalizing your learning experience and recommendations
• Processing payments and managing subscriptions
• Communicating with you about your account and our services
• Improving our platform and developing new features
• Ensuring platform security and preventing fraud
• Complying with legal obligations and regulatory requirements
• Analyzing usage patterns to enhance user experience (with consent)

6. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with trusted third parties only in the following circumstances:

• Service Providers: Stripe (payments), Google Analytics (with consent), hosting providers
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In case of merger, acquisition, or asset sale
• Consent: When you explicitly consent to sharing

7. Data Retention

We retain your personal data for the following periods:

• Account Data: For the duration of your subscription plus 6 months after cancellation
• Application Materials: Until you request deletion or 2 years after last activity
• Payment Records: 7 years for accounting and tax purposes
• Analytics Data: 26 months (Google Analytics default)
• Support Communications: 3 years for quality assurance

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Secure data centers with physical security measures
• Employee training on data protection
• Incident response procedures

10. Contact Information

For any questions about this Privacy Policy or to exercise your rights, please contact us:

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our platform. The updated policy will be effective immediately upon posting. We encourage you to review this policy periodically.