Privacy Policy

Effective date: 16 June 2026  ·  Komiyama & Co., Canton de Vaud, Switzerland

1. Who we are

Alexandrie is operated by Komiyama & Co., a sole proprietorship (raison individuelle) registered in the Canton of Vaud, Switzerland. We are the data controller for personal data processed through alexandrie.world.

Contact: contact@alexandrie.world

2. Data we collect

Account data

When you register, we collect your full name, email address, username, bio (optional), and a hashed password. We never store your password in plain text.

Technical identifiers

We record your IP address at registration and on each login, your browser user-agent string, and device type. These are used for security, fraud prevention, and abuse detection.

Session data

We use a single session cookie (session_id) to keep you logged in. See Section 7 for details.

Map and knowledge content

All maps and knowledge items you create are stored on our servers. Content you set to public visibility is accessible to anyone; content set to private is accessible only to you and collaborators you invite.

Usage data

We collect server-side logs of interactions with the platform (pages visited, searches performed, features used). No third-party analytics script is loaded in your browser.

Payment data

Payments are processed by Stripe. Komiyama & Co. never stores your card number or full payment details. We retain your Stripe customer ID, subscription plan, status, and webhook events for billing and legal accounting purposes.

Security and diagnostic data

We log failed login attempts, rate-limit events, honeypot triggers, and application errors. These logs include IP addresses, user-agent strings, and request routes. They are used exclusively for security monitoring and incident response.

3. Legal bases for processing

Data categoryLegal basis
Account data, session, content, paymentsPerformance of contract (nDSG Art. 31(2)(a))
Technical identifiers, usage data, security logsLegitimate interests — security, fraud prevention, service improvement (nDSG Art. 31(2)(b))
Payment recordsLegal obligation — Swiss accounting law (CO Art. 958f)

Our legitimate interests in processing technical and security data are: detecting and preventing abuse, fraud, and unauthorized access; improving platform reliability; and maintaining records for potential legal proceedings. We consider that these interests are not overridden by your privacy interests because: (i) processing is limited to data generated by your own use of the service; (ii) no third-party tracking is performed; (iii) your data is not sold or used for advertising; and (iv) our primary server infrastructure is located in Germany.

4. How long we keep your data

Data typeRetention period
Account data (active account)Duration of your account
Account data (after deletion)5 years from deletion date
IP addresses and technical logs10 years from the event
Login attempt and security logs10 years from the event
Payment records10 years (mandatory under CO Art. 958f)
Map and knowledge contentDuration of account; 30-day backup window after deletion, then permanent deletion
Aggregated / anonymized dataIndefinitely (no longer personal data)

Security-relevant data is retained for 10 years, calibrated to the Swiss general limitation period (CO Art. 127). Data subject to a legal hold may be preserved beyond these periods.

5. Third-party processors

We share data with the following processors solely to operate the platform:

ProcessorCountryPurpose
Supabase Inc.Ireland / USADatabase and file storage
Stripe Inc.Ireland / USAPayment processing
Cloudflare Inc.USACDN, DDoS protection, WebSocket proxy
MigaduSwitzerlandTransactional email
Hetzner Online GmbHGermanyServer hosting

Transfers outside Switzerland or the European Economic Area are covered by Standard Contractual Clauses or EU adequacy decisions.

Content sources

Alexandrie retrieves publicly available information from third-party sources on your behalf when generating knowledge maps (arXiv, Wikipedia, Serper, The Guardian, BBC, Reuters). Your identity and personal data are not disclosed to these sources.

6. Your rights

Under the Swiss Federal Act on Data Protection (nDSG), you have the right to:

  • Access — request a copy of the personal data we hold about you. We will respond within 30 days after verifying your identity.
  • Rectification — correct inaccurate data. Most profile data can be updated directly in your settings.
  • Erasure — request deletion of your account and personal data. We will delete your data unless retention is required by law, necessary for security or fraud prevention, or falls within applicable limitation periods.
  • Portability — download a copy of your data via the export feature in your account settings.
  • Object — object to processing based on legitimate interests. We will assess each request but reserve the right to continue processing where our legitimate interests are compelling.

To exercise any right, contact us at contact@alexandrie.world.

You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (PFPDT) at www.edoeb.admin.ch.

7. Cookies

We use a single cookie: session_id. It is strictly necessary to keep you logged in and is exempt from consent requirements. It is set as httponly, secure, and SameSite=Strict. No third-party tracking cookies, advertising pixels, or analytics cookies are used.

8. Governing law

This Privacy Policy is governed by Swiss law. The competent supervisory authority is the PFPDT. Users in the European Union may also contact their local data protection authority, though processing is conducted under Swiss law which the European Commission has recognized as providing equivalent protections to the GDPR.

9. Changes to this policy

We may update this Privacy Policy at any time. The current version is always available at alexandrie.world/privacy. Continued use of the platform after a change constitutes acceptance of the updated policy.

10. Contact

Komiyama & Co., Canton de Vaud, Switzerland
contact@alexandrie.world

Terms of Service Back to Alexandrie