Privacy Policy

Last updated: 14 February 2026

kju bv ("kju.ai", "we", "us", or "our"), registered in Amsterdam, the Netherlands, is the data controller for personal data processed through the kju.ai platform. We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data We Collect

We collect the following categories of personal data:

Account data

Name, email address, profile picture, and authentication credentials (managed by our authentication provider, Clerk). If you sign in via a social provider (Google, Microsoft, etc.), we receive your name, email, and profile photo from that provider.

Profile and onboarding data

Industry, job function, skill level, learning goals, and assessment results you provide during onboarding. Organisation name and role if you join via an enterprise account.

Learning data

Quiz answers, session scores, streaks, XP, level progression, track completions, course recommendations, and feedback you submit. This data powers your personalised learning experience.

Usage data

Pages visited, features used, session duration, device type, browser, operating system, and IP address. Collected automatically to improve the Service.

Payment data

If you subscribe to a paid plan, payment is processed by Stripe. We do not store your full card number. We receive transaction confirmations, billing email, and subscription status from Stripe.

2. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the Service — delivering personalised learning sessions, tracking your progress, and generating recommendations.
  • Account management — authenticating your identity, managing your subscription, and communicating account-related updates.
  • Improvement and analytics — analysing usage patterns to improve content quality, platform performance, and user experience.
  • Enterprise reporting — if you use the Service through an organisation, providing aggregated (not individual answer-level) learning progress reports to your organisation's administrators.
  • Communication — sending service updates, learning reminders, and (with your consent) marketing communications.
  • Legal compliance — fulfilling legal obligations, resolving disputes, and enforcing our terms.

3. Legal Basis for Processing

Under the GDPR, we process your data on the following legal bases:

  • Contract performance — processing necessary to provide the Service you signed up for (Article 6(1)(b)).
  • Legitimate interests — improving the Service, preventing fraud, and ensuring security (Article 6(1)(f)).
  • Consent — for optional marketing communications and non-essential cookies (Article 6(1)(a)).
  • Legal obligation — where required by applicable law (Article 6(1)(c)).

4. Data Sharing and Sub-Processors

We do not sell your personal data. We share data only with trusted service providers who process it on our behalf for the purpose of providing and improving our Service. All sub-processors are bound by data processing agreements and comply with applicable data protection regulations.

5. International Data Transfers

Some of our sub-processors are based outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law (e.g., billing records for tax purposes, typically 7 years).

7. Your Rights

Under the GDPR and applicable Dutch data protection law, you have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data ("right to be forgotten").
  • Restriction — request that we limit how we process your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — withdraw consent for optional processing at any time.

To exercise any of these rights, contact us at privacy@kju.ai. We will respond within 30 days.

8. Cookies

We use essential cookies to operate the Service (authentication, session management). We may also use analytics cookies to understand how the Service is used. You can manage cookie preferences through your browser settings. For details, see our cookie banner on first visit.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us and we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. We encourage you to review this page periodically.

12. Supervisory Authority

If you believe we have not handled your data properly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

13. Contact

For privacy-related questions or requests, contact us at: privacy@kju.ai

kju bv
Amsterdam, the Netherlands