Privacy Policy

Last updated: June 8, 2026

1. Introduction

Hemistich ("we," "our," or "us") is a WhatsApp-based student utility service designed for African tertiary students. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WhatsApp bot service.

By using Hemistich, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • WhatsApp Phone Number: Your phone number is collected automatically when you message our bot.
  • Messages and Content: Text messages, documents (PDFs), and images you send to the bot for processing.
  • Academic Data: Course information, grades, and GPA data you provide for calculations.
  • Reminders: Reminder content and scheduling information you set.
  • Resources: Files and materials you choose to save in your resource vault.

2.2 Information Collected Automatically

  • Usage Data: How you interact with the bot, including commands used and frequency of use.
  • Timestamps: When you send messages and interact with the service.
  • Message Metadata: Message type (text, image, document) and file sizes.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our service (summarize documents, calculate GPA, send reminders, etc.)
  • Process and respond to your requests
  • Store your resources and academic data for future retrieval
  • Improve and optimize our service
  • Send you reminders you have set
  • Detect and prevent spam or abuse
  • Comply with legal obligations

4. Third-Party Services

We use the following third-party services to operate Hemistich:

  • Meta (WhatsApp Cloud API): For message delivery and receiving. Subject to WhatsApp's Privacy Policy.
  • Google (Gemini AI): For AI-powered features like summarization, quiz generation, and flashcards. Your content is processed but not stored by Google for model training.
  • Supabase: For secure data storage and file hosting.
  • Hostinger: For application (server) hosting on a private virtual server.
  • Paystack: For processing payments. We do not store your full card details.

5. Data Storage and Security

Your data is stored securely using Supabase's infrastructure with the following measures:

  • Encrypted data transmission (HTTPS/TLS)
  • Row-level security on database tables
  • Temporary files are automatically deleted after 24 hours
  • Access controls and authentication for all data access

6. Data Retention

  • Account Data: Retained as long as you use the service. Deleted upon request.
  • Messages: Processed in real-time and not permanently stored (only AI cache for common queries).
  • Resources: Stored until you delete them or request account deletion.
  • Temporary Files: Automatically deleted after 24 hours.
  • Usage Analytics: Aggregated and anonymized after 90 days.

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data.
  • Deletion: Request deletion of all your data. See our Data Deletion page for instructions.
  • Correction: Request correction of inaccurate data.
  • Portability: Request your data in a portable format.
  • Objection: Object to certain processing of your data.

8. Children's Privacy

Hemistich is designed for tertiary (university/college) students. We do not knowingly collect information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by sending a message through the WhatsApp bot. Your continued use of the service after changes constitutes acceptance of the updated policy.

10. Legal Basis & Compliance (NDPA 2023 & GDPR)

Hemistich is operated from Nigeria and serves students in Nigeria and, increasingly, worldwide. We aim to comply with the Nigeria Data Protection Act (NDPA) 2023 and to follow the core principles of the EU General Data Protection Regulation (GDPR), regardless of where you are located.

10.1 Principles we follow

  • We process personal data lawfully, fairly, and transparently.
  • We collect only what we need for the purposes described in this policy (data minimization).
  • We keep data only as long as necessary, then delete or anonymize it.
  • We apply reasonable technical and organizational measures to keep data secure.

10.2 Lawful bases for processing

  • Performance of a contract: to deliver the features you ask for.
  • Consent: where required, for example for optional communications. You can withdraw consent at any time.
  • Legitimate interests: to operate, secure, and improve the service, balanced against your rights.
  • Legal obligation: where the law requires us to process or retain data.

10.3 Your rights

Subject to applicable law, you may request access to, correction of, deletion of, or a portable copy of your data, and you may object to or restrict certain processing. To exercise any right, contact us (section 11) or use our Data Deletion page. You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) or your local data-protection authority.

10.4 International transfers

Some of our service providers (for example, Meta, Google, and Supabase) may process data on servers outside your country. Where data is transferred across borders, we rely on the providers' safeguards and applicable legal mechanisms to protect it.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us:

  • WhatsApp: Message our bot and type /help
  • Email: privacy@hemistich.com