1. Introduction
This Privacy Policy explains how AI Teaching Assistant ("we", "our", or "us") collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
The data controller responsible for your personal data is:
[Your Organization Name]
[Address]
Email: privacy@yourdomain.com
3. Data We Collect
We collect the following types of personal data:
- Account Information: First name, last name, email address
- Educational Data: Course enrollments, quiz attempts, grades, chat sessions
- Usage Data: Login times, feature usage, interaction patterns (with consent)
- Technical Data: IP address, browser type, device information
4. Legal Basis for Processing
We process your personal data based on:
- Contract: To provide educational services you've enrolled in
- Consent: For AI processing, analytics, and marketing (where applicable)
- Legitimate Interest: To improve our services and ensure security
- Legal Obligation: To comply with educational and legal requirements
5. How We Use Your Data
- Provide access to courses and educational materials
- Grade quizzes and provide feedback
- Generate AI-powered learning content (podcasts, summaries)
- Communicate about your courses and progress
- Improve our services (with your consent)
- Ensure platform security and prevent fraud
6. Data Sharing
We share your data only with:
- Your Teachers: Course instructors can see your enrollment and performance data
- Service Providers: Supabase (hosting), Google Cloud (AI services) - all under Data Processing Agreements
- Legal Requirements: When required by law or to protect rights and safety
We never sell your personal data to third parties.
7. Data Retention
We retain your data for the following periods:
- Quiz attempts: 2 years
- Chat sessions: 1 year
- Course materials: 3 years
- Audit logs: 7 years (legal requirement)
- Inactive accounts: 2 years, then deleted
8. Your Rights Under GDPR
You have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Restrict Processing: Limit how we use your data
- Right to Object: Object to certain types of processing
- Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, visit your Privacy Settings or contact us at privacy@yourdomain.com
9. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit (HTTPS/TLS) and at rest
- Row-level security on database
- Regular security audits
- Access controls and authentication
- Automated backups
10. Cookies and Tracking
We use essential cookies for authentication and session management. Optional cookies for analytics require your consent, which you can manage in your Privacy Settings.
11. International Data Transfers
Your data may be processed in countries outside the EU/EEA. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements with all processors
- Compliance with GDPR transfer requirements
12. Children's Privacy
Our service is intended for educational institutions. If you are under 16, please ensure you have parental/guardian consent before using our platform.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or platform notification.
14. Contact Us
For privacy-related questions or to exercise your rights:
Email: privacy@yourdomain.com
Data Protection Officer: dpo@yourdomain.com
Response time: Within 48 hours
15. Supervisory Authority
You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.