Privacy Policy for Ace Acad

Effective Date: 14/04/2026

Last Updated: 14/04/2026

1. INTRODUCTION

ACE ACAD (“ACE ACAD”, “we”, “us”, or “our”) is an AI-powered educational platform that curates personalized learning materials based on users’ interests, academic level, and selected courses. We at Ace acad are committed to respecting your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our services (“Service”).

We are committed to processing personal data in accordance with the Nigeria Data Protection Act (“NDPA”).

2. SCOPE OF THIS POLICY

This Policy applies to:

  • Users of ACE ACAD
  • Visitors to our website or applications
  • Individuals who interact with us (e.g., support, inquiries)

It does not apply to:

  • Third-party platforms linked through our Service

3. PERSONAL DATA WE COLLECT

We collect personal data in the following categories:

3.1 Information You Provide Directly

When you create an account with us, we collect information associated with your account, including your name, contact information, email address, account credentials, payment information (“Account information”). Our services may also allow you to upload your profile picture, a user name, your school, department, course and level as part of your account information.

If you communicate with us, such as via email or our pages on social media sites, we may collect personal data like your name, contact information and the content of the messages (Support requests, feedbacks…..) you send.

3.2 Information Collected Automatically

When you use the Service, we receive the following information about your visit, use or interactions:

  • Log Data: We collect information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.
  • Usage Data: We collect information about your use and activity across the Services, such as the types of content that you view or engage with, the features you use and the actions you take, when you submit feedback to a model response, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
  • Device Information: We collect information about the device you use to access the Services, such as the name of the device, operating system, device identifiers, and browser you are using. Information collected depends on the type of device you use and its settings.
  • Location Information: We determine the general area from which your device accesses our Services based on information like its IP address for security reasons and to make your product experience better, for example to protect your account by detecting unusual login activity or to provide more accurate responses. In addition, some of our Services allow you to choose to provide more precise location information from your device, such as location information from your device’s GPS.
  • Cookies and Similar Technologies: We use cookies and similar technologies to operate and administer our Services, and improve your experience. We store some of the information described in this Policy with cookies, for example to help maintain your preferences across sessions if you’re not logged in, or to assist with authentication and customer support. For details about our use of cookies, please read our Cookie Notice.

3.3 Inferred and Derived Data

We may generate insights about you, such as:

  • Learning preferences.
  • Engagement patterns
  • Content relevance scores

This is essential to how ACE ACAD personalizes your experience.

3.4 Information from Third Parties (Limited)

At launch, we do not actively collect data from third-party sources, but we may do so in the future (e.g., integrations with learning platforms). Where applicable, this Policy will be updated.

4. HOW WE USE PERSONAL DATA

We use personal data for the following purposes:

4.1 Service Delivery

  • To provide, analyze and maintain our service (for example to respond to your questions to our Aceacad AI)
  • To generate personalized learning materials

4.2 Personalization

  • To tailor content to your academic level and department
  • To improve recommendation accuracy

4.3 Improvement of Services

  • To analyze usage trends
  • To improve system performance and user experience

4.4 Safety and Security

  • To detect, prevent, and investigate misuse
  • To protect the integrity of the platform

4.5 Communications

  • To send service-related updates
  • To respond to inquiries and provide support

5. ARTIFICIAL INTELLIGENCE AND DATA USE

5.1 Use of AI System

ACE ACAD uses artificial intelligence and machine learning systems to power core functionalities of the Service. These systems analyze user-provided information and interaction patterns to:

  • Curate relevant educational materials from internal and third-party sources
  • Generate personalized learning recommendations tailored to a user’s academic level, interests, and selected courses
  • Continuously adapt and refine learning pathways based on user engagement

These AI systems operate using probabilistic models and pattern recognition techniques, meaning outputs are generated based on learned associations rather than deterministic rules.

5.2 Use of Data for System Improvement

We may use user inputs, interactions, and usage data to improve the performance, accuracy, and reliability of our AI systems.

Such use may include:

  • Training, testing, and validating machine learning models
  • Identifying and correcting errors or inconsistencies in recommendations
  • Enhancing personalization features and system responsiveness

Where reasonably practicable, we implement safeguards to reduce privacy risks, including:

  • Removing or masking direct identifiers (e.g., names, email addresses)
  • Aggregating data to prevent identification of individual users
  • Applying data minimization principles to ensure only necessary data is processed

We do not use personal data for system improvement in a manner that is incompatible with the original purpose of collection.

5.3 Human Review and Oversight

To ensure quality, safety, and system integrity, ACE ACAD may involve limited human review of data and system outputs.

Such review may occur where necessary to:

  • Improve the accuracy and performance of AI-generated recommendations
  • Detect, prevent, or investigate misuse, abuse, or security incidents
  • Debug technical issues or maintain system functionality

Human reviewers are:

  • Authorized personnel or vetted service providers
  • Subject to strict confidentiality and data protection obligations
  • Granted access only on a need-to-know basis.

We implement internal controls to limit the scope and frequency of such access.

5.4 Limitations and Risks of AI Systems

You acknowledge and agree that AI-generated outputs:

  • May not always be accurate, complete, or up-to-date
  • May reflect biases present in training data or underlying models
  • May not fully account for individual learning contexts or academic requirements

Accordingly:

  • Content provided through the Service is for informational and educational purposes only
  • It should not be relied upon as a substitute for professional, academic, or institutional guidance
  • Users are responsible for independently verifying critical information before reliance

ACE ACAD does not guarantee the correctness, reliability, or suitability of AI-generated outputs for specific purposes.

5.5 User Control and Expectations

Where applicable, users may:

  • Adjust their preferences to influence recommendations
  • Provide feedback to improve system outputs
  • Request access to or deletion of their personal data in accordance with applicable laws

We are committed to improving transparency and user control over AI-driven features as the Service evolves.

6. LEGAL BASES FOR PROCESSING (GDPR)

We process personal data based on:

  • Performance of a contract – to provide the Service
  • Consent – where required (e.g., optional features)
  • Legitimate interests – improving services, ensuring security
  • Legal obligations – compliance with applicable laws

7. HOW WE SHARE PERSONAL DATA

ACE ACAD does not sell, rent, or trade personal data to third parties for monetary or commercial gain. We may, however, disclose personal data in the following limited circumstances:

7.1 Service Providers (Data Processors)

We engage carefully selected third-party service providers (“Processors”) to support the operation and delivery of the Service.

These may include:

  • Cloud hosting and storage providers (to host and store data securely)
  • Analytics and performance tools (to understand usage patterns and improve functionality)
  • Technical infrastructure and support providers (to maintain system reliability, security, and scalability)

Where such providers process personal data on our behalf:

  • They act strictly under our instructions and do not process data for their own purposes
  • They are bound by data processing agreements that comply with the Nigeria Data Protection Act
  • They are required to implement appropriate technical and organizational security measures
  • They are subject to confidentiality obligations and restricted access controls

We take reasonable steps to ensure that all Processors provide sufficient guarantees regarding data protection and security.

7.2 Legal and Regulatory Disclosures

We may disclose personal data where such disclosure is necessary to:

  • Comply with applicable laws, regulations, or legal obligations
  • Respond to lawful requests from courts, law enforcement agencies, or regulatory authorities
  • Enforce our Terms of Service or other contractual rights
  • Detect, prevent, or investigate fraud, security breaches, or unlawful activities
  • Protect the rights, property, or safety of ACE ACAD, our users, or third parties

Where appropriate and legally permissible, we will take steps to:

  • Limit the scope of disclosure
  • Ensure that requests are valid and proportionate

7.3 Business Transfers and Corporate Transactions

In the event of a corporate transaction, such as:

  • A merger or consolidation
  • An acquisition or sale of assets
  • Financing, restructuring, or investment transaction

personal data may be disclosed to relevant third parties, including:

  • Prospective or actual purchasers
  • Investors
  • Legal and financial advisors

In such circumstances:

  • Personal data will only be shared to the extent necessary for the transaction
  • We will ensure that appropriate confidentiality and data protection safeguards are in place
  • Any successor entity will be required to process personal data in a manner consistent with this Privacy Policy and applicable law

Where required by law, we will provide notice to users before such transfer occurs.

7.4 International Transfers in the Context of Sharing

Where any sharing of personal data involves transfer outside Nigeria or the European Economic Area (EEA), we ensure that appropriate safeguards are implemented, including:

  • Standard Contractual Clauses (SCCs)
  • Transfers to jurisdictions with adequate data protection standards
  • Other lawful transfer mechanisms under applicable law

7.5 No Unauthorised Disclosure

Except as expressly set out in this Policy, we do not disclose personal data to third parties without:

  • Your consent; or
  • A lawful basis under applicable data protection laws

9. DATA RETENTION

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, contractual, and operational requirements.

Retention periods are determined based on:

  • The nature and sensitivity of the data
  • The purposes of processing
  • Applicable legal and regulatory obligations
  • Legitimate business needs

In general:

  • Account Data (e.g., name, email, profile information) is retained for as long as your Account remains active and for a reasonable period thereafter to enable account recovery, compliance, and dispute resolution
  • Usage and Interaction Data is retained for analytics, system improvement, and security monitoring purposes for a limited period, after which it may be deleted or anonymized
  • Support and Communication Data may be retained to resolve disputes, enforce agreements, and improve user support
  • Legal and Compliance Data is retained as required to comply with applicable laws, regulatory requirements, or lawful requests

Where personal data is no longer required:

  • It will be securely deleted or anonymized; or
  • Retained in a form that does not permit identification of individuals

We may retain aggregated or anonymized data indefinitely, as such data does not constitute personal data under applicable law.

10. DATA SECURITY

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

These measures include, where appropriate:

  • Encryption of data in transit and/or at rest
  • Access controls to restrict data access to authorized personnel on a need-to-know basis
  • Authentication mechanisms (e.g., secure login processes)
  • System monitoring and logging to detect and respond to suspicious activity
  • Secure infrastructure and hosting environments

We also implement internal policies and procedures to ensure that:

  • Personnel are trained on data protection obligations
  • Access to personal data is limited and auditable
  • Data breaches are identified and managed in a timely manner

Despite these measures, no method of transmission or storage is completely secure. Accordingly, we cannot guarantee absolute security of personal data.

11. YOUR RIGHTS

Subject to applicable law, including the Nigeria Data Protection Act, you have the following rights in relation to your personal data:

11.1 Right of Access

To request confirmation of whether we process your personal data and to obtain a copy of such data.

11.2 Right to Rectification

To request correction of inaccurate or incomplete personal data.

11.3 Right to Erasure (“Right to be Forgotten”)

To request deletion of your personal data where:

  • It is no longer necessary for the purposes collected;
  • You withdraw consent (where applicable); or
  • Processing is unlawful

11.4 Right to Restrict Processing

To request that we limit the processing of your data in certain circumstances.

11.5 Right to Object

To object to processing based on legitimate interests or for direct marketing purposes (if applicable).

11.6 Right to Data Portability

To receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

11.7 Right to Withdraw Consent

Where processing is based on consent, you may withdraw such consent at any time without affecting the lawfulness of prior processing.

11.8 Exercising Your Rights

You may exercise your rights by contacting us at:

Email: wstar5552@gmail.com

We may:

  • Request verification of your identity before processing requests
  • Refuse or limit requests where permitted by law
  • Respond within applicable statutory timelines

12. CHILDREN’S PRIVACY

ACE ACAD does not knowingly collect or process personal data from children without appropriate authorization.

Where users are under the age of 18:

  • Processing is carried out only with verifiable parental or guardian consent where required by law
  • We take reasonable steps to ensure that such consent is obtained and maintained

If we become aware that personal data has been collected without appropriate authorization:

  • We will take steps to delete such data promptly; and
  • Where necessary, restrict or terminate the associated Account

13. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies (e.g., local storage, analytics tools) to enhance user experience and improve the Service.

13.1 Types of Cookies Used

  • Strictly Necessary Cookies – required for core functionality (e.g., authentication, security)
  • Performance and Analytics Cookies – used to understand how users interact with the Service
  • Functional Cookies – used to remember preferences and improve user experience

13.2 Purpose of Use

Cookies help us to:

  • Enable and maintain core platform functionality
  • Analyze usage patterns and improve performance
  • Personalize content and user experience

13.3 User Control

You may control or disable cookies through:

  • Browser settings
  • Device-level controls

Please note that disabling certain cookies may affect the functionality of the Service.

14. THIRD-PARTY SERVICES

The Service may contain links to or integrations with third-party service.

These third parties:

  • Operate independently of ACE ACAD
  • Have their own privacy policies and practices

ACE ACAD does not:

  • Control or monitor third-party data practices
  • Accept responsibility for their content, security, or handling of personal data

We encourage users to review the privacy policies of any third-party services they access.

15. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect:

  • Changes in legal or regulatory requirements
  • Updates to our services or data practices
  • Improvements in transparency

Where changes are material:

  • We will provide appropriate notice (e.g., via the platform or email where applicable)
  • We will update the “Last Updated” date

Continued use of the Service after such updates constitutes acknowledgment of the revised Policy.

16. CONTACT AND COMPLAINTS

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact us at:

Email: wstar5552@gmail.com

Address: No.9 Sarkin Fulani Street, Zaria, KD, Nigeria.

You also have the right to lodge a complaint with a competent supervisory authority, including the Nigeria Data Protection Commission (NDPC) under the Nigeria Data Protection Act and other relevant regulatory authority.