Privacy Policy

Sign In

TL;DR — The Short Version

We only collect data necessary to run the platform.
We never sell your personal data to third parties.
Passwords are hashed — we never see them in plain text.
You can delete your account and data at any time.
We use Supabase (EU-compliant) for auth & storage.
Profile information you post publicly is visible to all.

Overview

Dheeyudha ("we", "our", or "us") is an educational quiz platform that connects students and verified teachers for academic learning and competitive quizzes. This Privacy Policy explains how we collect, use, store, and protect information in connection with your use of Dheeyudha at Dheeyudha.app and related services.

By creating an account or using Dheeyudha, you agree to the practices described in this policy. If you do not agree, please discontinue use of the service and contact us to delete your account.

This policy applies to all users — students, teachers, and visitors — regardless of how they access Dheeyudha (web browser, mobile device, etc.).

Data We Collect

2.1 Account Information

When you register, we collect:

  • Full name (as provided during signup)
  • Email address (used for authentication and communication)
  • Password (stored as a secure bcrypt hash — never in plain text)
  • Username (unique, lowercase, no spaces — public identifier)
  • User role: student or verified teacher

2.2 Profile Information (Optional)

You may optionally add:

  • School name and class grade
  • A biography / bio text
  • Profile avatar image (uploaded to our storage)
  • Banner / cover image
  • Teacher-specific: primary teaching subject

⚠️ Profile information you provide is publicly visible to all users and visitors unless noted otherwise.

2.3 Usage & Activity Data

  • Questions you attempt and scores you achieve
  • Quiz battles you participate in (opponents, outcomes, timestamps)
  • Questions created by teachers (title, body, subject, options)
  • Follow relationships (who you follow and who follows you)
  • Profile interactions (avatar updates, username change timestamps)

2.4 Technical Data

  • Browser type and device information (for compatibility)
  • IP address (logged by Supabase for security purposes)
  • Session tokens and JWT authentication data
  • Storage paths for uploaded files (avatars, banners, question images)

How We Use Your Data

We use your information strictly for the following purposes:

Authentication
Verifying your identity on login, managing sessions, and keeping your account secure.
Profile Display
Showing your name, avatar, bio, and stats on your public profile to other users.
Leaderboard
Calculating and displaying your global ranking based on points earned from quiz attempts.
Quiz Battles
Matching you in real-time competitive quizzes, recording outcomes, and awarding points.
Follow System
Enabling you to follow teachers and students and view their follower/following counts.
Rate Limiting
Tracking username update timestamps to enforce the 4-per-month limit and prevent abuse.
Teacher Verification
Reviewing teacher applications and associating verified teachers with posted questions.
Platform Safety
Detecting and preventing abuse, spam, and policy violations.

We do not use your data for advertising, profiling, or selling to third parties.

Third-Party Services

Supabase

Authentication, Database & Storage

Core Infrastructure

We use Supabase to manage user authentication, store application data (profiles, questions, follows, scores), and host uploaded files (avatars, banners). Supabase is SOC2-compliant and stores data in secure cloud infrastructure.

Read Supabase Privacy Policy

Vercel / Next.js

Web Hosting & Delivery

Hosting

Dheeyudha is hosted on Vercel, which serves the web application globally. Vercel may collect standard web server logs (IP addresses, timestamps, request paths) as part of their infrastructure.

Read Vercel Privacy Policy
We do not share your personal data with advertisers, data brokers, or any other third parties beyond the infrastructure providers listed above.

Data Security

We take security seriously and have implemented multiple layers of protection:

🔐
Hashed Passwords
Passwords are hashed using bcrypt via Supabase Auth. We never store or see plaintext passwords.
🛡️
Row-Level Security (RLS)
Every database table uses Supabase RLS policies. Users can only access their own records with rare, defined exceptions.
🔑
JWT Authentication
All authenticated requests use short-lived signed JWT tokens. Tokens are rotated on every session refresh.
🗄️
Private Admin Operations
Server-side operations use a service-role key never exposed to browsers. Client keys are scoped to only what the user needs.
📁
Secure File Storage
Avatars and images are stored in Supabase Storage buckets with controlled access policies. Raw bucket paths are never exposed.
🌐
HTTPS Everywhere
All data in transit is encrypted using TLS/HTTPS. There is no unencrypted HTTP access to the platform.

While we implement strong security measures, no system is 100% infallible. We encourage users to use strong, unique passwords and to report any suspicious activity to us immediately.

Public Information

Some of the information you provide is visible to all users and visitors of Dheeyudha — even without an account. This includes:

  • Your display name and username (e.g. /user/your-username)
  • Your profile avatar and banner image
  • Your bio / biography text
  • Your school name and class grade (if provided)
  • Your global rank and point total (on the leaderboard)
  • Your followers count and following count
  • Questions posted by teachers (title, body, subject, difficulty)
  • Achievements and badges earned on your profile
⚠️ Be mindful: Do not include sensitive personal information (phone numbers, physical addresses, financial data) in your bio or profile fields. These fields are publicly visible.

Your Rights & Choices

Access & Correction

You can view and edit most of your personal information directly on your profile page at /profile. This includes your name, username, bio, avatar, and banner.

Username Changes

You may update your username up to 4 times per 30-day period from your profile page. This limit helps maintain the integrity of @mentions and profile links across the platform.

Account Deletion

You have the right to request complete deletion of your account and all associated personal data. To do so:

  • Contact us at the email listed in the Contact section below.
  • Include your registered email address in your request.
  • We will process the deletion within 14 business days.
  • Note: some data (quiz outcomes, posted questions) may be retained in anonymised form for platform integrity.

Objection & Restriction

If you believe we are processing your data unlawfully or incorrectly, you have the right to object. Please contact us and we will review your request promptly.

Cookies & Local Storage

Dheeyudha uses minimal browser storage to function properly:

TypePurposeDuration
Auth Session CookieKeeps you logged in across page visitsUntil sign out
JWT Access TokenAuthenticates API requests securely1 hour (auto-refreshed)
Refresh TokenObtains a new access token silently30 days
localStorage (UI)Saves light UI preferences like sidebar stateBrowser session

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:

💌 Email
privacy@dheeyudha.app

We aim to respond within 2 business days.

📝 Contact Form
Dheeyudha.app/contact

Use our contact page for general queries.

This policy was last updated on February 20, 2026.

Changes to this policy will be communicated via email or a prominent notice on the platform.

DocsContactAbout