Katalyst ("we", "us", or "our") operates the Katalyst web application at learnkloud.todayand the Katalyst mobile app on iOS and Android (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this carefully. If you disagree with the terms, please discontinue use of the Service.
1. Information We Collect
1.1 Information you provide directly
- Account registration: Full name, email address, and password when you create an account.
- Profile: Display name, role (e.g., "Developer", "Student"), and optional profile preferences you set within the app.
- Payment information: When you purchase a Pro subscription or individual quiz unlock, payment is processed by Razorpay (India) or Stripe (international). We do not store your card number, CVV, or full payment details on our servers — only the order ID, amount, currency, status, and gateway reference returned by the payment processor.
- Quiz activity: Your answers, scores, time taken, bookmarked questions, and review submissions for each quiz attempt.
- Reviews and feedback: Star ratings and written comments you submit for quizzes.
- Support communications: Emails or messages you send to support@katalysthq.app.
1.2 Information collected automatically
- Device information: Device type, operating system version, app version, and unique device identifiers (on mobile).
- Usage data: Pages visited, quiz sessions started/completed, features used, tap/click events, session duration, and in-app navigation paths.
- Log data: IP address, browser type, referring URL, and timestamps of requests to our servers.
- Performance data: Crash reports and error logs collected to diagnose and fix issues.
1.3 Information from third-party services
- Google OAuth / Apple Sign-In: If you sign in using a social provider, we receive your name, email address, and profile picture URL from that provider.
- reCAPTCHA: Google reCAPTCHA v3 runs on auth forms to detect abusive traffic; Google may collect device and behaviour signals as part of this.
2. How We Use Your Information
We use the information we collect to:
- Create and manage your account and authenticate your identity.
- Provide the quiz, leaderboard, daily-challenge, and progress-tracking features of the Service.
- Process payments and verify subscription or unlock entitlements.
- Personalise your experience (e.g., remembering your dark-mode preference, last quiz, bookmark list).
- Send transactional emails (email confirmation, password reset, payment receipts). We do not send marketing emails unless you have explicitly opted in.
- Monitor, debug, and improve the reliability and performance of the Service.
- Detect and prevent fraud, abuse, and security incidents.
- Comply with legal obligations.
3. Information Sharing & Third Parties
We do not sell your personal data. We share data only in the following circumstances:
3.1 Service providers we use
- Supabase — Database, authentication, and file storage. Data is stored in Supabase-managed PostgreSQL instances. Supabase Privacy Policy.
- Vercel — Web hosting and serverless function execution. Vercel Privacy Policy.
- Razorpay — Payment processing for Indian customers. Razorpay Privacy Policy.
- Stripe — Payment processing for international customers. Stripe Privacy Policy.
- Google reCAPTCHA — Bot and abuse detection on auth forms. Google Privacy Policy.
- Google AdSense — Advertising displayed to free-tier users. Google may use cookies and device identifiers to show personalised ads. See Section 9 for more detail.
- Expo / EAS — Mobile app build and over-the-air update delivery for iOS and Android.
3.2 Legal requirements
We may disclose your information if required by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
3.3 Business transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
4. Data Retention
We retain your account data for as long as your account is active. Quiz results and progress data are retained indefinitely to power your progress history and leaderboard ranking. If you delete your account, we delete or anonymise your personal information within 30 days, except where retention is required by law (e.g., payment records retained for 7 years for tax compliance).
You can request account deletion at any time via Profile → Danger Zone → Delete Account in the app, or by visiting learnkloud.today/delete-account.
5. Security
We implement industry-standard security measures, including:
- All data in transit is encrypted via TLS 1.2+.
- All data at rest is encrypted at the storage layer (Supabase/Vercel).
- Row-Level Security (RLS) policies on every database table — users can only access their own records.
- Passwords are hashed using bcrypt via Supabase Auth; we never store plaintext passwords.
- Rate limiting on all API endpoints to prevent brute-force attacks.
- Security headers (HSTS, CSP, X-Frame-Options, etc.) on all web responses.
Despite these measures, no system is completely secure. If you discover a security vulnerability, please report it to security@katalysthq.app.
6. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Ask us to correct inaccurate or incomplete data.
- Deletion: Request deletion of your account and associated personal data.
- Portability: Request your data in a structured, machine-readable format.
- Objection / Restriction: Object to or restrict certain types of processing.
- Withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email privacy@katalysthq.app. We will respond within 30 days. EU/EEA residents may also lodge a complaint with their local data protection authority.
7. Children's Privacy
The Service is not directed at children under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data without parental consent, please contact us at privacy@katalysthq.app and we will promptly delete it.
8. Cookies & Tracking
The Katalyst web portal uses the following types of storage:
- localStorage: Stores your theme preference, quiz progress, profile settings, and session tokens. This data never leaves your device except as part of API calls to our servers.
- Session cookies: Supabase sets a secure, HTTP-only session cookie to maintain your authenticated session.
- Third-party cookies: Google AdSense and reCAPTCHA may set cookies or use browser fingerprinting signals. You can opt out of personalised advertising via Google's ad settings at adssettings.google.com.
The mobile app does not use browser cookies. It uses secure device storage for session tokens.
9. Advertising
Free-tier users see advertisements served by Google AdSense. These ads may be personalised based on your browsing history and interests as inferred by Google. To opt out of personalised ads:
- Visit adssettings.google.com to manage your Google ad personalisation settings.
- Install an ad blocker or use the "Whitelist this site" flow shown when an ad blocker is detected.
- Upgrade to a Katalyst Pro subscription — Pro members see no ads.
Katalyst is a participant in the Google AdSense program. Google's use of advertising cookies is governed by the Google Privacy Policy.
10. International Data Transfers
Katalyst is operated from India. If you access the Service from outside India, your information may be transferred to and processed in India and the United States (Vercel, Supabase infrastructure). By using the Service you consent to this transfer. We rely on standard contractual clauses and Supabase's Data Processing Addendum where required by applicable law.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top and, for material changes, notify you by email or in-app notice. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your data, contact us: