B Benignant

Privacy Policy

How Benignant handles data.

This policy explains what the app processes for accounts, study workflows, AI quiz generation, peer sharing, support, legal requests, and future paid features if they are enabled.

Last updated: May 6, 2026 Version: privacy_policy_v3_2026-05-06 Status: pre-submission legal draft

1. Who we are

Benignant is an educational study-support app for medical learners. The app is not a medical device, clinical decision tool, diagnosis tool, or treatment service.

Benignant is operated by Berkant Boncukçu, an individual developer based in Ankara, Turkey. For privacy questions, access requests, correction requests, export requests, deletion questions, and objections, contact privacy@benignant.app.

2. Data we process

  • Account data such as email address, display name, username, university, class year, cohort grouping, and authentication identifiers.
  • Compliance records such as privacy, KVKK, terms, analytics, and upload-license acknowledgement logs.
  • Study data such as schedules, lecture metadata, PDF attachment metadata, generated quiz progress, Daily Consult activity, and question-bank contribution metadata.
  • Files that you choose to upload or send through app features, including temporary files used for AI quiz generation or peer delivery.
  • Peer-sharing metadata such as requester username, sender username, cohort, request topic, delivery status, timestamps, quotas, and file references.
  • Moderation and safety records such as reports, reporter/reported account identifiers, block records, report categories, review notes, related request/file metadata, and moderation outcomes.
  • PDF safety records for server-touched uploads, such as uploader user ID, file hashes, page count, sanitizer status, rejection reason, and security severity.
  • Aggregate or anonymized learning statistics, such as topic-level quiz performance or lecture areas that cohorts find difficult, where shared externally only with safeguards and without personal identifiers.
  • Subscription state and purchase metadata only if paid features are enabled later through official Apple App Store or Google Play products.
  • Support and privacy-request messages you send to us.

3. Why we process data

  • To create accounts, authenticate users, and protect accounts from abuse.
  • To provide study-planning, PDF, quiz, Daily Consult, and peer-sharing features.
  • To generate AI-assisted educational quiz questions from user-selected study material.
  • To scan, sanitize, reject, and audit PDFs that are uploaded for AI quiz generation or peer sharing.
  • To receive reports, apply blocks, review harmful peer-sharing content, and protect users from abuse or unsafe files.
  • To enforce quotas, future paid-feature entitlements if enabled, safety limits, and security rules.
  • To respond to access, correction, export, deletion, objection, and support requests.
  • To produce aggregate or anonymized usage and learning statistics that do not reasonably identify individual users.

4. Processors and international transfer

Benignant currently relies on third-party infrastructure providers to operate the app:

  • Google Firebase and Google Cloud for authentication, email verification, database, Cloud Functions, storage, and backend processing.
  • Google Cloud Run or equivalent Google-hosted backend components, together with native PDF tooling, for server-side PDF safety processing of uploaded quiz or peer-sharing PDFs when configured.
  • Google Vertex AI / Gemini or Gemini Developer API for AI-assisted quiz generation, depending on backend configuration.
  • Apple App Store and Google Play for subscription and purchase management only if paid features are enabled through official store products.
  • Domain, hosting, and email providers used for this public website and support email routing.

These providers may process data outside your country. Where required by law, international transfers rely on explicit consent, contract performance, legitimate interests, or appropriate legal safeguards.

5. Local device storage

Many study materials and annotations are stored locally on your device through browser, IndexedDB, Capacitor, or device file storage. Local PDF copies may remain on a shared device after account deletion until you clear app data, remove local files, or uninstall the app.

The app reads files you select through the device file picker. It is not intended to scan your whole file library.

6. Peer sharing, reports, and PDF safety

Peer-sharing features let users request and send study files inside cohort-based contexts. Because user-provided files can be harmful, server-touched PDFs for quiz generation or peer sharing may be uploaded first to quarantined storage, checked or rewritten by backend safety tooling, and released only after they are marked safe.

If content or an account is reported, Benignant may review account identifiers, profile snapshots, report context, request/delivery metadata, and the reported file when necessary to assess abuse, non-consensual material, unsafe files, impersonation, or cohort misuse. A report is evidence for review, not an automatic ban.

7. Aggregate statistics

Benignant may create aggregate or anonymized statistics about product usage and learning patterns, such as which lecture topics are commonly failed by a cohort. If shared with universities or educators, these statistics should use minimum group thresholds and should not include names, emails, usernames, individual scores, individual files, or personally identifying records.

8. Retention and deletion

  • Account-linked server data is processed while your account is active.
  • When account deletion is requested, server-side identity-linked account data is deleted or anonymized within 30 days unless a longer period is legally required.
  • Question-bank educational content may be retained after account deletion only after user attribution is detached or anonymized.
  • Moderation, report, block, and PDF security events may be retained where needed for safety review, abuse prevention, legal claims, or compliance.
  • Compliance consent logs may be retained for up to 10 years where needed to prove legal compliance or defend legal claims.
  • Aggregate or anonymized statistics may be retained indefinitely if they cannot reasonably identify an individual.

9. Your rights

Depending on your location, you may have rights to access, correct, export, delete, restrict, or object to processing of your personal data. Turkish users may also exercise rights under KVKK Article 11.

Send requests to privacy@benignant.app. We may ask for information needed to verify that the request belongs to the account owner.

10. Children and medical safety

Benignant is intended for university-level learners and is not directed to children under 13. The app provides educational support only. It is not a medical device and does not diagnose, treat, cure, prevent, or advise on any medical condition. Consult a qualified healthcare professional for medical advice, diagnosis, or treatment.

11. Changes

We may update this policy as the product, legal entity, providers, or paid features change. Material changes should be reflected in the app and on this website.