Privacy Policy

Last Updated: May 13, 2026

1. Introduction

Repitio® is owned and operated by TekCloud Ltd. ("TekCloud", "we", "us", or "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard information when you use Repitio at repitio.io, including Study Room features, APIs, OAuth app linking, and Model Context Protocol (MCP) integrations with external AI tools.

2. Information We Collect

Depending on how you use Repitio, we may collect or process the following categories of information:

Account information: name, email address, password or authentication method, account settings, timezone preferences, and communication preferences.
Authentication and connected-app information: OAuth client names, approved scopes, access-token metadata, token prefixes, token status, token creation or revocation metadata, and connected-app records. We do not intentionally display plaintext access tokens after creation.
Organization and access information: organization names, organization type, membership, roles, and permissions used to determine what Study Room content you can access.
Study Room content: subjects, subject descriptions, audience type, proficiency level, preferred language, study materials, imported question bundles, questions, answers, explanations, references, practice activity, progress, and related user-generated content.
Imported content from authorized tools: question bundles, source labels, reference URLs, prompts, choices, explanations, answers, validation results, dry-run previews, import summaries, and rejected item identifiers that you or an authorized connected AI tool sends to Repitio.
Payment information: purchase and subscription status, product purchased, transaction identifiers, and billing metadata. Payment card details are handled by our payment processor and are not stored directly by Repitio.
Usage, device, and security information: logs, error reports, IP address, user agent, timestamps, request metadata, rate-limit events, authentication events, and other diagnostic information needed to operate, secure, debug, and improve the Service.

3. AI Tools, MCP, and Connected Apps

Repitio may allow you to connect external AI clients and developer tools, including MCP-compatible clients. When you approve a connection, the external client can access Repitio only within the scopes shown during authorization or permitted by the access token you provide.

These connected tools may send Repitio study materials, question bundles, subject metadata, and import instructions that you choose to provide or approve. Repitio may return limited information needed to complete the requested action, such as Study Room subject titles, descriptions, audience type, proficiency level, preferred language, organization names, organization roles, validation results, dry-run previews, import summaries, rejected question identifiers supplied in the bundle, and OAuth/MCP endpoint metadata.

Repitio does not intentionally return passwords, plaintext access tokens, payment card data, raw server logs, or unnecessary internal database identifiers through its public MCP tools. We design connected-app responses to return only information needed for the user's request. If a field is not needed for the requested workflow, we prefer not to return it rather than relying only on disclosure in this Privacy Policy.

External AI clients are operated by their respective providers. Your use of those clients is also governed by their own terms and privacy policies. Repitio is responsible for data processed by Repitio; external clients are responsible for how they process data within their services.

4. How We Use Your Information

We use the information we collect or process to:

Provide, maintain, secure, and improve Repitio and its Study Room features
Create and manage your account, organizations, roles, permissions, and connected apps
Authenticate users, authorize API/MCP requests, enforce scopes, and prevent unauthorized access
Validate, preview, import, organize, and display study materials and question bundles you approve
Track practice activity, progress, and performance where those features are available
Process purchases, subscriptions, refunds, and account-related transactions
Communicate with you about your account, connected apps, support requests, and service updates
Monitor reliability, diagnose errors, prevent abuse, enforce our Terms, and comply with legal obligations

5. How We Share Your Information

We may share information with the following categories of recipients:

Service providers: vendors that provide hosting, databases, storage, analytics, email, security, support, monitoring, and similar operational services.
Payment processors: providers such as Stripe that process and store payment information on our behalf.
Authentication providers: providers such as Google or Apple when you choose to sign in using their services.
AI and integration providers: external AI clients or MCP-compatible tools that you authorize to connect to Repitio, limited to the access you approve.
Legal and safety recipients: authorities, courts, advisors, or other parties when required by law, to protect rights and safety, or to enforce our Terms.

We do not sell your personal information.

6. Data Retention

We retain information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

Account information is generally retained while your account is active and for a reasonable period afterward for legal, security, backup, and dispute-resolution purposes.
Study Room subjects, imported question bundles, questions, explanations, answers, and related study materials are retained until you delete them, your account is deleted, or retention is no longer necessary to provide the Service.
Question bundles and related content imported through connected AI tools are retained as part of your Study Room content unless you delete that content or your account.
OAuth and connected-app token records are retained until revoked, expired, replaced, or no longer needed for security, audit, and account-management purposes. Plaintext access tokens are not intentionally shown after creation.
Operational logs, security events, diagnostic data, and analytics are retained for a limited period appropriate to security, reliability, debugging, abuse prevention, and legal compliance.
Payment and transaction records are retained as needed for accounting, tax, fraud prevention, refund handling, and legal compliance.

7. Data Security

We implement reasonable technical and organizational measures designed to protect your information from unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

8. Your Data Rights and Controls

Depending on your location, you may have rights regarding your personal data, including:

The right to access your personal data
The right to correct inaccurate data
The right to request deletion of your data
The right to restrict or object to processing
The right to data portability

You can also manage certain information directly in Repitio, including editing or deleting Study Room content where available and disconnecting authorized external apps from your connected-apps settings. Disconnecting a connected app stops that app from using the revoked token to access Repitio, but it does not automatically delete study materials previously imported into your account.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service, keep you signed in, remember preferences, protect accounts, and understand usage. You can instruct your browser to refuse cookies or to indicate when a cookie is being sent, but some features may not function properly without cookies.

10. Children's Privacy

Repitio is not directed to children under 13, and we do not knowingly collect personal information from children under 13. Users aged 13 to 17 should use Repitio only with appropriate parent, guardian, school, or organizational oversight where required. Study materials and content imported from AI tools should be reviewed for accuracy and age appropriateness.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by posting the updated Privacy Policy on this page and updating the "Last Updated" date. Material changes may also be communicated through the Service or by email where appropriate.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise privacy rights, please contact TekCloud Ltd. at support@repitio.io.