InvariantMath

Effective date: —
This page explains what we store, why we store it, and what we do not do.

Who we are

• Platform: InvariantMath (a mathematics community hub).
• Contact: Use the Contact page on the site for privacy requests (access, correction, deletion).

Legal basis

• We process personal data to operate the platform and provide requested services (accounts, posts, community features).
• Where required, we rely on your consent (e.g., when you voluntarily submit information for publication).
• We aim to comply with the Nigerian Data Protection Act (NDPA) 2023 and, where applicable, GDPR / UK GDPR principles.

What we collect

• Account data (when you sign up/sign in): basic identifiers needed to operate the platform (e.g., email, username) and keep your account functional.
• Authentication data: passwords are not stored in plain text. Where passwords are used, they are stored in a secure, non-readable form and are not accessible to administrators.
• Content you submit: problems, solutions, comments, Invariant Letters posts, and related metadata you choose to publish.
• Invariant Letters publication data: if you use Letters Studio, we may process the post title, subtitle, category, tags, body content, chosen byline, coauthor names, captions, uploaded media references, and publication/update metadata needed to display the post.
• Local draft data on your device: Letters Studio may save unfinished draft content in your browser’s local storage on that device so you can recover work before publication.
• Messages you send us: if you contact us, your email provider will send the message to our mailbox; we receive what you send.
• Basic technical data: like IP address and basic request logs may be processed by hosting/CDN providers for security and reliability.

Chat and account-specific details

• Chat encryption and protection: chat messages are encrypted before storage on our servers (encrypted at rest), with access controls and server-side protections designed to reduce unauthorized access risk.
• Chat recovery model: chat is intentionally designed for account-based access reliability across devices and sessions, rather than strict device-only end-to-end key custody.
• Account page controls you can manage yourself: you can update profile/account settings, download your account data export, and schedule account deletion with a 30-day recovery window (you can restore access by signing in again before the deadline).
• Recents and discoverability controls: chat recents and discoverability settings can be adjusted by you in the interface, and recents can be cleared by you at any time.
• Chat export: you can export your chat history for personal backup from within chat. Exports are user-initiated and intended to help you keep your own records.
• Search in chat: member search may process usernames/emails to return relevant results; this is used for product functionality, not advertising profiles.

Why we collect it

• To create and maintain accounts, sign-in sessions, and access control.
• To publish and display content you choose to submit.
• To support writing workflows such as local draft recovery, image handling, and post rendering for Invariant Letters.
• To prevent abuse, spam, and security threats.
• To respond to support or moderation requests.

Publication and community content

• Public posts: content you publish may be visible to other users and visitors.
• Invariant Letters visibility: published Invariant Letters posts may publicly display the title, subtitle, body content, category, tags, publication date, and shareable post link.
• Public identifiers and attribution: your chosen display name/username, author or coauthor byline, and image captions may appear alongside published posts.
• Images in publication posts: if you upload or import images into Invariant Letters, those images may be stored and delivered through our publication media pipeline and become publicly accessible as part of the published post.
• Drafts before publication: locally saved Letters Studio drafts remain on your device/browser unless and until you publish or otherwise submit the content to us.
• Edits and removals: you may request correction or deletion of personal data; we will act within a reasonable time.

Sharing and third parties

• We may use service providers to host and operate the platform (for example: hosting, email, database, and media-delivery services). These providers process data only to deliver their services.
• Data may be stored or processed outside Nigeria depending on the service provider’s infrastructure.

Payments and donations (Stripe)

• Checkout provider: payments on the Support page are processed by Stripe Checkout.
• Card data handling: card details are entered on Stripe-hosted pages and are not stored on InvariantMath servers.
• Data shared for payment: checkout details (such as amount, currency, and optional email) are shared with Stripe to process your transaction.
• Payment records: transaction records are maintained through Stripe and related payment operations for service and compliance purposes.
• Stripe privacy terms: Stripe acts as an independent payment service provider. See Stripe’s privacy information for details on their processing.

Retention

• We keep account data while your account remains active.
• We keep user-submitted content until you delete it or request removal, unless retention is necessary for security, dispute resolution, or legal compliance.
• Support messages may be retained for a reasonable period to help resolve issues and maintain records of requests.

Your rights

• You can directly use in-product controls for profile/account updates, discoverability settings, recents management, chat export, and account-data export.
• You can schedule account deletion from the account page and restore it during the 30-day recovery window by signing in again.
• You may request access to the personal data we hold about you.
• You may request correction of inaccurate data.
• You may request deletion of personal data, subject to legitimate retention needs.
• You may object to certain processing or request restriction where applicable.

Security

• We use reasonable measures to protect accounts and data, including access controls and secure handling of authentication information.
• No system is perfect; if you believe your account or data is at risk, contact us promptly.

What we do not do

• We do not sell personal data.
• We do not run advertising trackers.
• We do not build marketing profiles.
• We do not use third-party analytics pixels by default.