Privacy Policy

1. Regulatory Integration & Scope

This Privacy Policy serves as a binding legal addendum to the AlphaBrate Global Policy Framework. It specifically governs the data processing activities conducted within AlphaBrate for DSE platform. Users are encouraged to review our overarching commitments at alphabrate.github.io/about/policies/.

By utilizing this platform, you acknowledge that you understand the decentralized nature of our service and consent to the local and remote processing protocols defined in this document.

2. Data Architecture & Persistence Standards

AlphaBrate adheres to a Local-First, Decentralized Architecture. We operate under the principle of Data Sovereignty, where the user retains exclusive control over their generated information. No data is stored on AlphaBrate-owned central servers.

2.1 Client-Side Storage Implementation

To facilitate application functionality without centralized oversight, data is stored using the following browser-native technologies:

• Web Storage API (localStorage): Utilized for persistent session states and the isolation of OpenRouter API credentials. These keys reside strictly within your browser's security sandbox.
• IndexedDB: A client-side transactional database used to maintain structured academic records, including the "Mistake Book" and "Global Diagnosis" datasets.

2.2 Credential Integrity

AlphaBrate does not employ any backend telemetry to mirror or capture user API keys. Your OpenRouter credentials are only accessed locally to authorize requests directed to the specified inference engines. Failure to secure your browser environment may result in local credential exposure; users are responsible for their device security.

2.3 Erasure & Non-Recoverability

In alignment with the "Right to be Forgotten," all user data is entirely within the user's control. Manual clearance of browser site data (cache and cookies) will result in the immediate and permanent termination of all stored progress. AlphaBrate maintains no backups and cannot facilitate data recovery once deleted from the local client.

3. Intelligence Engine Processing Protocol

Linguistic evaluation and diagnostic features require the utilization of a remote processing layer. AlphaBrate facilitates this via an integration with the Xiaomi Mimo-v2-Flash (Free) model, accessed through the OpenRouter API Gateway.

3.1 Model Transmission Scope

Data transmission to the LLM (Large Language Model) is strictly limited to the technical requirements of the exercise. This includes student-submitted answers and relevant marking criteria. All communications are protected via encrypted HTTPS (TLS 1.3) protocols.

3.2 Data Minimization & Privacy Risk

• Anonymized Requests: AlphaBrate does not transmit personally identifiable information (PII), biometric data, or persistent hardware identifiers to Xiaomi or OpenRouter.
• Third-Party Retention Notice: Since the service utilizes the "Free" tier of the Xiaomi Mimo-v2-Flash model, data processing is subject to the specific retention and training policies of the model provider. Users are cautioned against inputting sensitive personal narratives or confidential information within the practice response fields.

4. Technical Security & Compliance

AlphaBrate is designed to be tracker-free. We do not employ third-party marketing cookies, cross-site tracking pixels, or user behavior analytics. Technical integrity is enforced through strict Content Security Policy (CSP) headers and restricted Cross-Origin Resource Sharing (CORS) configurations to prevent unauthorized data exfiltration.

5. Auditability & Contact

Transparency is a core tenet of our governance. The client-side source code responsible for these data handling procedures is available for public security audits via our official GitHub repository. Technical inquiries or vulnerability reports should be directed to the project maintainers through official repository channels.