Data Privacy & FERPA Compliance
Your data security and privacy are our top priorities. Learn how we protect your information.
Our Privacy Commitment
Core Principles
- Minimal Collection: We only collect what's necessary
- Purpose Limitation: Data used only for intended purposes
- User Control: You control your data
- Transparency: Clear about our practices
FERPA Compliance
What is FERPA?
The Family Educational Rights and Privacy Act protects student education records.
How We Comply
- Signed agreements with institutions
- Restricted access to student data
- Audit logging of all access
- Parent/eligible student rights
- No unauthorized disclosure
Institution Responsibilities
Institutions remain responsible for:
- Student consent management
- Access control decisions
- Data sharing policies
Data We Collect
Account Information
- Email address
- Name
- Role (student/educator/admin)
- Institution affiliation
Learning Data
- Documents uploaded (for processing only)
- Generated content (summaries, questions)
- Study activity and progress
- Performance metrics
Technical Data
- Device information
- Login timestamps
- Usage patterns (anonymized)
Data We Don't Collect
- Social security numbers
- Financial information (payment processed by Stripe)
- Biometric data
- Location tracking
- Third-party browsing history
Data Processing
AI Processing
- Documents processed in memory only
- Not used for AI training
- Deleted after processing (unless saved)
- No human review
Third-Party Sharing
We do NOT share data with:
- Advertisers
- Data brokers
- Marketing companies
We share only with:
- Infrastructure providers (encrypted)
- Payment processors (billing only)
- As required by law
International Data
GDPR Compliance
For EU users:
- Lawful basis for processing
- Data portability rights
- Right to erasure
- DPO available
Data Location
- Primary servers in US
- EU data center option for institutions
- Encrypted in transit and at rest