Privacy Policy for Ask Ainstein

2.1 Personal Information

• Name
• Email address
• Phone number (optional)
• Role (student, teacher, parent, admin)
• School/institution details
• Login via Google or Microsoft SSO
• Device identifiers, IP address

We do not store passwords for SSO users.

2.2 Student Data

• Grade level, subjects, curriculum
• Assessment attempts
• Scores, XP, badges, streaks
• Learning gaps & mastery insights
• Teacher feedback
• AI interaction data
• Notes, flashcards, saved content
• Time spent and engagement metrics

2.3 Educator & Institution Data

Teachers, tutors, and institutions may upload:

• Assessments
• Notes & worksheets
• Images & diagrams
• Video links
• Public assessments
• Class reports
• Student performance summaries
• Image-labeling tasks

2.4 AI Interaction Data

Collected to enable AI features:

• User prompts/questions
• Chat interactions
• AI-generated diagrams & images
• Audio tutoring requests
• Feedback on AI responses

This data enables personalization and service improvement.

2.5 Uploaded Media & Files

Includes:

• PDFs
• Images/diagrams
• Lesson notes
• Screenshots
• Assignments
• Image-labeling data

Files may be processed for:

• Display
• AI enhancements
• Assessment generation

2.6 Usage & Analytics Data

Collected via tools like Google Analytics & Cloudflare:

• Device type
• Browser
• Pages visited
• Session duration
• App interaction behavior
• WebSocket activity

This data is non-identifiable and used for performance improvement.

3.1 Service Provision

• Personalizing dashboards
• Generating AI explanations
• Tracking academic progress
• Providing voice-based tutoring
• Enabling assessments, scoring, and teacher insights
• Secure authentication & authorization

3.2 Service Improvement

• Platform analytics
• Performance optimization
• Quality assurance of AI outputs
• Feature enhancements

3.3 Communication

• Account notifications
• Class updates
• Administrative messages
• Verification emails
• Safety and security alerts

Marketing emails require explicit consent.

3.4 Legal & Safety

• Detecting abuse or harmful activity
• Enforcing Terms of Service
• Complying with legal requirements

4.1 With Teachers, Schools, and Authorized Staff

For students under their institution, we share:

• Scores
• Performance insights
• Attempts
• Learning progress

4.2 With Parents/Guardians

Where applicable, they may access the child's progress and activity.

4.3 With Trusted Service Providers

Examples:

• AWS (hosting, storage)
• Cloudflare (security)
• MongoDB Atlas (database)
• Google & Microsoft (SSO)
• SendGrid, Twilio (email communication)
• AI model providers (OpenAI, etc.)

4.4 Legal Requests

We may disclose information to comply with:

• Laws
• Subpoenas
• Investigations
• Safety incidents

Key Protections

• Parental or institutional consent required for users under 13
• Only educationally relevant data is collected
• No targeted advertising
• Student data is never sold or monetized
• Parents/schools may request deletion any time

Schools are responsible for obtaining parental consent where required.

Retention Timelines

• Student assessments: up to 5 years or until the institution deletes them
• Teacher-created assessments: retained until the creator deletes them
• AI interactions: retained for service functionality, up to 24 months
• Account data: retained until account deletion
• Deleted accounts: anonymized to "Deleted User" and purged within 90 days
• Logs & analytics: 12–24 months

After deletion, associated content becomes attributed to "Deleted User", and identifying information is no longer recoverable.

9.1 Essential Cookies

• Authentication
• Security
• Session management

9.2 Functional Cookies

• Preferences
• UI settings

9.3 Analytics Cookies

• Traffic insights
• Feature usage
• Performance metrics

Data Breach Notification

If a data breach affecting your personal data occurs, we will notify:

• Affected users
• Schools/institutions
• Regulatory authorities (if required)

within legally reasonable timelines.