Alexandrie is operated by Komiyama & Co., a sole proprietorship (raison individuelle) registered in the Canton of Vaud, Switzerland. We are the data controller for personal data processed through alexandrie.world.
Contact: contact@alexandrie.world
When you register, we collect your full name, email address, username, bio (optional), and a hashed password. We never store your password in plain text.
We record your IP address at registration and on each login, your browser user-agent string, and device type. These are used for security, fraud prevention, and abuse detection.
We use a single session cookie (session_id) to keep you logged in. See Section 7 for details.
All maps and knowledge items you create are stored on our servers. Content you set to public visibility is accessible to anyone; content set to private is accessible only to you and collaborators you invite.
We collect server-side logs of interactions with the platform (pages visited, searches performed, features used). No third-party analytics script is loaded in your browser.
Payments are processed by Stripe. Komiyama & Co. never stores your card number or full payment details. We retain your Stripe customer ID, subscription plan, status, and webhook events for billing and legal accounting purposes.
We log failed login attempts, rate-limit events, honeypot triggers, and application errors. These logs include IP addresses, user-agent strings, and request routes. They are used exclusively for security monitoring and incident response.
| Data category | Legal basis |
|---|---|
| Account data, session, content, payments | Performance of contract (nDSG Art. 31(2)(a)) |
| Technical identifiers, usage data, security logs | Legitimate interests — security, fraud prevention, service improvement (nDSG Art. 31(2)(b)) |
| Payment records | Legal obligation — Swiss accounting law (CO Art. 958f) |
Our legitimate interests in processing technical and security data are: detecting and preventing abuse, fraud, and unauthorized access; improving platform reliability; and maintaining records for potential legal proceedings. We consider that these interests are not overridden by your privacy interests because: (i) processing is limited to data generated by your own use of the service; (ii) no third-party tracking is performed; (iii) your data is not sold or used for advertising; and (iv) our primary server infrastructure is located in Germany.
| Data type | Retention period |
|---|---|
| Account data (active account) | Duration of your account |
| Account data (after deletion) | 5 years from deletion date |
| IP addresses and technical logs | 10 years from the event |
| Login attempt and security logs | 10 years from the event |
| Payment records | 10 years (mandatory under CO Art. 958f) |
| Map and knowledge content | Duration of account; 30-day backup window after deletion, then permanent deletion |
| Aggregated / anonymized data | Indefinitely (no longer personal data) |
Security-relevant data is retained for 10 years, calibrated to the Swiss general limitation period (CO Art. 127). Data subject to a legal hold may be preserved beyond these periods.
We share data with the following processors solely to operate the platform:
| Processor | Country | Purpose |
|---|---|---|
| Supabase Inc. | Ireland / USA | Database and file storage |
| Stripe Inc. | Ireland / USA | Payment processing |
| Cloudflare Inc. | USA | CDN, DDoS protection, WebSocket proxy |
| Migadu | Switzerland | Transactional email |
| Hetzner Online GmbH | Germany | Server hosting |
Transfers outside Switzerland or the European Economic Area are covered by Standard Contractual Clauses or EU adequacy decisions.
Alexandrie retrieves publicly available information from third-party sources on your behalf when generating knowledge maps (arXiv, Wikipedia, Serper, The Guardian, BBC, Reuters). Your identity and personal data are not disclosed to these sources.
Under the Swiss Federal Act on Data Protection (nDSG), you have the right to:
To exercise any right, contact us at contact@alexandrie.world.
You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (PFPDT) at www.edoeb.admin.ch.
We use a single cookie: session_id. It is strictly necessary to keep you logged in and is exempt from consent requirements. It is set as httponly, secure, and SameSite=Strict. No third-party tracking cookies, advertising pixels, or analytics cookies are used.
This Privacy Policy is governed by Swiss law. The competent supervisory authority is the PFPDT. Users in the European Union may also contact their local data protection authority, though processing is conducted under Swiss law which the European Commission has recognized as providing equivalent protections to the GDPR.
We may update this Privacy Policy at any time. The current version is always available at alexandrie.world/privacy. Continued use of the platform after a change constitutes acceptance of the updated policy.
Komiyama & Co., Canton de Vaud, Switzerland
contact@alexandrie.world