Service operator: Illia Sihov (independent service provider) Contact:[email protected] · Telegram support Website: aidemica.org Operator details: registered address and tax residence communicated on legal request.
1. Acceptance of Terms
By creating an account, placing an order, or using any part of the AIdemica platform ("the Service"), you ("the User") confirm that you have read, understood, and agreed to these Terms of Service ("the Terms"), the Privacy Policy, the Cookie Policy, the Refund Policy, and the Acceptable Use Policy (together, "the Agreements"). The Agreements constitute a binding contract between you and the Service operator.
If you do not accept any part of the Agreements, you must not use the Service.
2. Description of the Service
AIdemica is an AI study-assistant platform that helps students prepare drafts of academic study materials on demand: essays, term papers, bachelor / master theses, internship reports, technical drawings, conference abstracts, and presentations (PPTX). The Service is positioned as educational assistance — a tutoring tool that accelerates research, formatting, and structuring — not as a substitute for the User's own learning effort.
The materials are intended as study references. The User is solely responsible for compliance with their academic institution's rules on AI assistance, citation, and authorship.
3. Eligibility
You are at least 16 years old (18 in jurisdictions where AI-assisted education requires adulthood).
You provide accurate registration data (name, email, language).
You have legal capacity to enter into a binding contract under your local law.
You are not located in a country/region under EU, US, or UK sanctions that prohibit the use of AI services.
4. Account, Authentication & Security
You create an account using either email + password (bcrypt-hashed, cost factor 12) or Google OAuth 2.0 (CSRF-protected via state nonce). You must keep your credentials confidential. You are responsible for all activity under your account.
The Service may suspend or revoke an account that shows signs of credential stuffing, automated abuse, or shared use across multiple natural persons.
5. Orders, Pricing, and Payments
Each order's price is calculated by the live calculator on the landing page from public parameters (work type, page count, deadline, urgency multiplier, language). The price is shown in full before you click "Pay". No hidden fees.
Payment is collected via PCI-DSS compliant providers:
Stripe — international cards (USD primary).
LiqPay (приват24) — Ukraine cards (UAH primary), Apple Pay, Google Pay.
Fondy — Ukraine fallback (UAH/EUR/USD).
The Service does not store card numbers. Only transaction IDs and webhook event IDs are kept in our database for accounting and refund-fraud prevention.
Promotional codes (issued automatically after a verified review — see §11) are single-use, attached to the issuing User, and expire 30 days after issue.
6. Intellectual Property
Upon successful payment and delivery, ownership of the produced study materials transfers to you. You receive an exclusive perpetual licence to use, modify, and submit the materials for any lawful academic or personal purpose.
The Service operator retains the right to keep aggregated, anonymised metadata (number of orders per work type, average length, error categories, anonymous diagnostic logs) for service improvement. No identifiable User content is reused.
The platform itself, source code, AI prompts, and underlying methodology remain the intellectual property of the Service operator and are protected under applicable copyright law and TRIPS / WIPO treaties.
Submit prompt-injection payloads or attempt to make the AI claim a different identity or violate its guardrails.
Scrape, reverse-engineer, or attempt to bypass platform security (rate limits, bcrypt, JWT, CSP).
Register multiple accounts to evade caps, refund cooldowns, or promo-code limits.
Upload illegal content, malware, or material that violates third-party copyright.
Submit deepfakes, defamation, or content targeting identifiable third parties without their consent.
8. Disclaimers and Limitation of Liability
The Service is provided "as is" and "as available" without warranties of any kind, express or implied, including but not limited to fitness for a particular academic standard or supervisor approval.
The Service operator does not guarantee any specific grade or supervisor approval. AI-generated drafts are written in a natural academic style; individual results may vary depending on topic, source availability, and academic context.
To the maximum extent permitted by applicable law, the operator's total liability for any claim arising from the Service is limited to the amount the User actually paid for the specific order giving rise to the claim. No liability for indirect, incidental, consequential, or punitive damages.
9. Termination
You may terminate your account at any time via Dashboard → Settings → "Delete account" (the GDPR Article 17 self-service flow). The operator may suspend or terminate accounts that violate these Terms with at least 7 days' written notice via email, except in cases of clear abuse, fraud, or security threat where immediate suspension is justified.
10. Changes to the Terms
The operator may revise these Terms periodically. Material changes are notified by email at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.
11. Reviews and Promo Codes
Users with at least one completed order may submit a public review (rating 1-5 + free-form text, 30-1500 characters). Reviews are subject to moderation by the operator. Once approved, the review is published anonymously (first name + last initial) on the landing page, and the author receives a 5% promo code, single-use, valid for 30 days, attached to that account.
12. Governing Law and Jurisdiction
These Terms are governed by the applicable law of the Service operator's place of business. Mandatory consumer-protection law of the User's country of residence applies where required. Disputes are first to be resolved through good-faith negotiation; if unresolved, by the competent courts of the operator's place of business.
International transfers (US-bound) rely on the EU-US Data Privacy Framework or EU Standard Contractual Clauses where applicable.
4. Where your data lives
Primary servers are located in the European Union (Germany, Netcup data centre, Nuremberg). The SQLite database, order workspaces, and uploaded files are stored on encrypted disk volumes. Daily encrypted backups (restic + age) are retained 30 days on the same server. Off-site backup to Cloudflare R2 (EU region) is in deferred deployment.
5. Data retention
Data type
Retention period
Why
Live account + active orders
While your account exists
You may revisit the chat and request edits for 30 days after delivery
Account after self-deletion
0 days in live DB; 30 days in encrypted backup, then irrecoverable
GDPR Art. 17 — Right to erasure
Payment records
7 years in pseudonymised form
Applicable tax / accounting law
Audit log (login/logout/admin actions)
2 years
Fraud investigation, security incident response
Server access logs (Caddy)
30 days, then auto-rotated
Debugging, security
6. Your rights (GDPR Articles 15-22)
Right of access (Art. 15) — Dashboard → ⚙ Settings → "Download my data" produces a JSON export with profile, orders, messages, payments. API: GET /api/auth/me/export.
Right to rectification (Art. 16) — edit your profile from the Dashboard. For orders, contact support.
Right to erasure / "Right to be forgotten" (Art. 17) — Dashboard → ⚙ Settings → "Delete account" (requires password confirmation, rate-limited 3/hour/IP). Cascades to all your orders, messages, and payments. Tax-law-required records remain pseudonymised for 7 years.
Right to data portability (Art. 20) — the JSON export is machine-readable, suitable for transfer to another service.
Right to object (Art. 21) — for processing based on legitimate interest, email us.
Automated decision-making (Art. 22) — there is no fully automated decision with legal effect. The AI generates content, but you choose whether to accept or reject it.
Right to lodge a complaint — EU/EEA: your national Data Protection Authority (DPA list). Other regions: your local data protection authority.
7. Children's data
The Service is not intended for users under 16 (or 18 in jurisdictions requiring adulthood for AI services). We do not knowingly collect data from minors. If you believe a minor created an account, email us and we will remove it.
File upload: magic-byte validation, size cap, ZIP-bomb protection, magic-byte check on each ZIP entry.
Webhook signatures verified with constant-time compare (crypto.timingSafeEqual).
Session cookies: httpOnly, Secure, SameSite=lax.
Encrypted backups (age + restic).
9. Changes
Material changes are notified by email at least 14 days before they take effect. The version and effective date are shown at the top of this document.
10. Contact / DPO
[email protected] · operator details communicated privately on legal request.
Cookie & Local-Storage Policy
Effective: 6 May 2026 · Version 1.2 · GDPR + ePrivacy compliant
1. What we use and why
AIdemica uses the smallest possible set of browser-storage items. Strictly-necessary items don't require consent (ePrivacy Art. 5 §3 exception). Anything else is opt-in via the cookie banner.
Name
Type
Purpose
Lifetime
Category
aidemica_jwt
HttpOnly cookie, Secure, SameSite=lax
Authenticated session — keeps you logged in
7 days
Strictly necessary
aidemica_oauth_state
HttpOnly cookie
CSRF nonce during Google OAuth flow
10 minutes
Strictly necessary
aidemica_lang
localStorage
Remember UI language across visits
Persistent (until manually cleared)
Strictly necessary
aidemica_session_hint
localStorage
Avoid skeleton flicker on landing nav (cached "logged in: yes/no" hint, no PII)
Persistent
Strictly necessary
aidemica_cookie_consent_v2
localStorage
Stores your consent decision (necessary / analytics / marketing flags) and policy version
Persistent (until policy version bumps)
Strictly necessary
aidemica_user, aidemica_token
localStorage
Cache of public profile to avoid an extra /me request
Until logout
Strictly necessary
2. Privacy-first analytics (no cookies)
We use Cloudflare Web Analytics to measure aggregate page performance (page views, browser/country breakdown, Core Web Vitals). It is loaded via /js/cf-beacon.js which injects static.cloudflareinsights.com/beacon.min.js. It sets no cookies, writes no localStorage, and does not track individuals. No window.aidemica_consent.analytics gate is required because nothing identifies you.
No advertising cookies. No retargeting. No fingerprinting libraries.
No Google Analytics / GA4. No Plausible / Matomo.
No Facebook Pixel / TikTok Pixel.
No third-party tracking pixels of any kind.
No heat-map / session-replay tools (Hotjar, Clarity, etc.).
4. How to manage / withdraw consent
The cookie banner appears on your first visit and gives you three choices: Accept all, Only necessary, or close the page. Your decision is stored in aidemica_cookie_consent_v2. To revoke, clear localStorage for aidemica.org (browser → Settings → Privacy → Site data) and reload — the banner will reappear.
You can also delete aidemica_jwt directly to log out without using the UI button.
5. Browser controls
Most modern browsers allow you to block cookies entirely or per site. If you block aidemica_jwt, you will not be able to log in. Strictly-necessary cookies cannot be replaced by an alternative mechanism that respects GDPR while keeping the service functional.
6. Future analytics changes
If we ever add cookie-based analytics or session-replay tools (e.g. Microsoft Clarity, Hotjar), we will:
Update this policy and bump the consent version (you will see the banner again).
Only load such SDKs after explicit opt-in (window.aidemica_consent.analytics === true).
Disclose the sub-processor in §3 of the Privacy Policy.
Effective: 6 May 2026 · Version 1.2 · Compatible with EU Consumer Rights Directive 2011/83/EU and UA «Про захист прав споживачів»
1. Cooling-off — first hour
You can request a full, unconditional refund within 1 hour of payment, no questions asked, regardless of whether the AI started Stage 1.
2. Within 24 hours
If 1 hour has passed but Stage 1 (analysis & plan) is still in progress or has not produced a plan that matches your methodology, you can still request a full refund within 24 hours from payment.
3. After Stage 1 plan is approved
Once you click "Approve plan" in the chat, the refund window closes. Subsequent dissatisfaction is handled via free unlimited revisions for 30 days (see §5).
4. Failed delivery
If we fail to deliver the work within the agreed deadline (urgent / standard / relaxed tariff), you are entitled to:
A free 24-hour extension with a written explanation, OR
A full refund.
The choice is yours.
5. Free revisions (30 days)
The chat stays open 30 days after final delivery. Forward your supervisor's comments — the AI will redo any section at no extra charge. Three-round limit per section (after that we may charge for substantial scope expansion, with a transparent quote first).
Provide the order ID (visible in the Dashboard URL or order list).
Briefly describe the reason (helps us improve the Service; not required for the cooling-off hour).
7. Processing time and method
Refunds are processed back to the original payment method via Stripe / LiqPay / Fondy refund APIs:
Stripe: 5-10 business days to your card statement.
LiqPay: usually within 24 hours; up to 5 business days.
Fondy: 1-5 business days.
You receive an email confirmation when the provider acknowledges the refund. Bank delays are outside our control.
8. Promo-code orders
If a promo code was applied, refunds are issued for the actual charged amount. The promo code itself is restored to "unused" only if the refund is processed within 1 hour of payment; otherwise it counts as consumed.
9. Chargebacks
Please contact support before initiating a chargeback. Chargebacks issued without prior support contact may result in account suspension and recovery of bank-side processing fees.
For EU/EEA/UK residents — also extended to all global users
Article 15 — Right to access
Dashboard → ⚙ Settings → Download my data. You receive a JSON file containing:
Profile (id, email, name, role, language, signup date, last login).
All orders (id, type, topic, status, deadline, deliverables list).
All chat messages with the AI on each order.
Payment metadata (provider, amount, currency, status, transaction ID — never card numbers).
API alternative: GET /api/auth/me/export while authenticated.
Article 16 — Right to rectification
Edit your profile data via the Dashboard. To correct order metadata (e.g. wrong group / university on the cover page), contact support — no fee.
Article 17 — Right to erasure ("Right to be forgotten")
Dashboard → ⚙ Settings → Delete account. This requires your password (re-authentication, rate-limited to 3 attempts / hour / IP). On confirmation:
Live database: your users row + cascading orders, messages, payments are deleted.
Encrypted backups: rotated within 30 days, after which the deletion is irrecoverable.
Tax-law records (Article 17 §3.b GDPR): preserved 7 years in pseudonymised form (no name, only invoice ID and amount).
Your audit-log entries are retained 2 years (legitimate interest in security forensics) but bound to a now-deleted user_id.
OAuth-only accounts (no password) can request deletion via support — we verify identity by checking the linked Google email.
Article 18 — Right to restrict processing
Email [email protected] from your registered address. We respond within 7 days.
Article 20 — Right to data portability
The JSON export from Article 15 is machine-readable and can be imported into any service that accepts standard JSON.
Article 21 — Right to object
If you wish to object to processing based on legitimate interest (audit log, fraud-prevention IP storage), email us. Note: contract-based processing (delivering your order) cannot be objected to without terminating the order.
Article 22 — Automated decision-making
No fully automated decision producing legal or significant effect is made by AIdemica. The AI generates content; you decide whether to accept it.
How to lodge a complaint
Other regions: contact your local data protection authority.
EU: your national supervisory authority — see the EDPB list.
UK: Information Commissioner's Office — ico.org.uk.
Response times
We acknowledge any data-subject request within 5 business days and complete it within 30 days (extendable by 60 days for complex requests, with explanation).
Acceptable Use Policy
Effective: 6 May 2026 · Version 1.2
1. Forbidden content
Illegal content under applicable law (terrorism, child sexual abuse material, drug trafficking instructions, etc.).
Incitement to violence, hate speech targeting protected groups, deepfakes of identifiable persons without consent.
Content that violates third-party copyright (e.g. asking the AI to reproduce verbatim a paywalled paper).
Personally identifiable data of third parties without their consent.
Malware, virus payloads, exploit code targeting real systems.
2. Forbidden activity
Multiple accounts to bypass rate limits, the 5-active-chats cap, or refund cooldowns.
Scraping the platform (any automated request not driven by genuine user interaction).
Reverse engineering of the platform, AI subprocess, or MCP tools.
Prompt-injection payloads designed to make the AI claim a different identity or violate its content guardrails.
Bypassing the upload validators (extension renames, ZIP-of-ZIP, polyglot files).
3. Forbidden purpose
Selling AIdemica deliverables on third-party marketplaces (this voids the licence in §6 of the Terms).
Using the Service in jurisdictions where AI assistance with academic work is explicitly criminalised by national law.
Submitting AI-produced work as your own where your institution explicitly forbids it (this is a violation of your obligations to your institution; it is your responsibility, not ours, but we ask you not to use the Service for that purpose).
4. Enforcement
First minor breach: warning email, content removal, 7-day cooling-off.
Repeated or serious breach: account suspension, no refund for unused balance.
Illegal activity: immediate termination, preservation of evidence, cooperation with law-enforcement requests.
5. Reporting
If you encounter content or behaviour that violates this AUP, email [email protected] with details. We respond within 5 business days.