Privacy Policy

1. Introduction & Data Controller

StudySite.ai ("we," "our," or "us") is operated by Martlet Solutions, LLC, a Texas limited liability company. We are the data controller responsible for your personal information and are committed to protecting your privacy in compliance with applicable data protection laws.

This Privacy Policy explains how we collect, use, share, and protect information when you use our AI-powered learning platform at studysite.ai (the "Platform").

2. Information We Collect

2.1 Account Information

When you create an account (via our authentication provider, Clerk), we collect:

• Email address
• Name (first and last)
• Profile photo (if provided)
• Authentication credentials (managed securely by Clerk)

2.2 Learning Data

When you use our AI tutoring system, we collect:

• Learning conversations: Your chat messages with AI tutors for personalizing instruction
• Progress data: Learning objectives completed, assessment results
• Study patterns: Time spent learning, session frequency, engagement metrics
• Code submissions: Programming exercises and solutions (if applicable)

2.3 Platform Support Data

When you use our platform help chat (Sherpa Assistant):

• Help conversations and support requests
• Feature usage and navigation patterns

2.4 Usage Information

• Device information (browser type, operating system)
• IP address and general location
• Pages visited and features used
• Error logs and diagnostic data

3. How We Use Your Information

We use your information to:

3.1 Provide Educational Services

• Deliver personalized AI tutoring and adaptive learning
• Assess your understanding of learning objectives using AI analysis
• Track your progress and generate insights
• Adapt curriculum difficulty to your skill level

3.2 Improve the Platform

• Analyze usage patterns to enhance features
• Train and improve AI models (using aggregated, anonymized data)
• Fix bugs and optimize performance

3.3 Communicate with You

• Send important platform updates and notifications
• Respond to support requests
• Provide educational tips and progress reports

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following lawful bases:

Your Right to Object: Where we rely on legitimate interest, you have the right to object. Contact us at privacy@studysite.ai to exercise this right.

5. Third-Party Services & Data Recipients

We share your data with the following categories of third-party service providers (sub-processors) who help us operate the Platform:

5.1 OpenAI Data Processing

Your learning conversations are processed by OpenAI to generate tutoring responses. Under our enterprise agreement:

• OpenAI does not use your data to train their models
• Data is processed in real-time and not retained beyond 30 days for abuse monitoring
• OpenAI acts as a data processor under our instructions

5.2 Google Gemini Data Processing

Google Gemini is used exclusively for visualization generation during the module building process:

• No student data is ever sent to Google Gemini
• Only instructor-provided content (learning objectives, concept descriptions) is processed
• Used only during module creation, not during student learning sessions
• Google does not use API data to train their models
• Data is processed in real-time to generate HTML5 visualizations

6. Data Retention

6.1 Learning Conversations

• Active learning sessions: Retained while you're actively learning
• Inactive sessions: Deleted after 90 days of inactivity
• Reason: Our AI has already extracted learning progress; raw chats are no longer needed

6.2 Platform Help Chats

• Retention: 30 days after creation
• OpenAI Threads: 30 days (per OpenAI's policy)

6.3 Learning Progress Data

• Progress summaries: Retained for the duration of your enrollment
• After unenrollment: Aggregated anonymously for analytics (1 year)
• Account deletion: All personal progress data is deleted

6.4 Account Information

• Retention: Until you delete your account
• Deletion: Permanently removed within 30 days of deletion request

7. Your Privacy Rights

7.1 Rights Under GDPR (EU Users)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Data Portability: Receive your data in machine-readable format
• Right to Object: Object to certain processing activities
• Right to Restrict Processing: Limit how we use your data

7.2 Rights Under CCPA (California Users)

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell your personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

7.3 How to Exercise Your Rights

You can exercise your privacy rights through our self-service Privacy Settings page, where you can:

• Export your data in JSON or CSV format
• Delete specific data (activity, Sherpa sessions, learning sessions)
• Request account deletion with a 30-day grace period
• Manage consent and sharing preferences
• Configure data retention periods

For additional assistance, contact us at support@studysite.ai

8. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted over HTTPS/TLS 1.3
• Encryption at Rest: PostgreSQL databases encrypted with AES-256
• Authentication: Secure authentication via Clerk with multi-factor authentication support
• API Security: Rate limiting, JWT authentication tokens, and role-based access controls
• Infrastructure: Hosted on Render.com with SOC 2 Type II compliance
• Regular Updates: Automated security patches and dependency updates

8.1 Data Breach Notification

In the event of a data breach that affects your personal information:

• Regulatory Notification: We will notify relevant supervisory authorities within 72 hours of becoming aware of a breach (as required by GDPR)
• User Notification: We will notify affected users without undue delay via email and/or in-app notification
• Information Provided: Nature of the breach, data affected, steps we're taking, and recommended actions for you
• Documentation: We maintain records of all breaches and our response actions

9. Automated Decision-Making & Profiling

9.1 How We Use AI Analysis

Our AI tutoring system performs automated analysis of your learning activity:

• Progress Assessment: AI analyzes your responses to determine if you've completed learning objectives
• Personalized Instruction: Content difficulty and teaching approach adapt based on your performance
• Progress Tracking: Automated tracking of completed objectives and skill development
• Struggling Student Detection: Identifies when you may need additional support

9.2 Impact and Consequences

These automated decisions affect your experience in the following ways:

• Which learning content and activities are presented to you
• The difficulty level of questions and exercises
• Progress reports shared with your instructor (if enrolled in a section)
• Recommendations for additional practice or review

9.3 Your Rights Regarding Automated Decisions

Under GDPR, you have the right to:

• Request Human Review: Ask for a human to review any automated assessment
• Express Your View: Contest an automated decision and provide additional context
• Obtain Explanation: Understand the logic behind automated assessments
• Opt-Out: Request that certain automated processing be limited (may affect service quality)

To exercise these rights, contact us at privacy@studysite.ai

10. Children's Privacy (COPPA Compliance)

10.1 School Consent (Ages Under 13)

For students under 13, we rely on schools and teachers acting in loco parentis (in place of parents) to provide consent for educational use:

• Instructor-Mediated Access: Students under 13 may only access the platform through instructor-created accounts or access codes provided by their school
• School Authorization: Schools and instructors consent to data collection for educational purposes
• No Self-Registration: Children under 13 cannot independently create accounts
• Educational Use Only: All data collection is limited to educational purposes

10.2 Information Collected from Children

For users under 13, we collect only the minimum information necessary for educational purposes:

• Username or student identifier (often provided by school)
• Learning activity data (responses, progress, assessments)
• Usage data (time spent, modules accessed)
• We do NOT require: Full name, email, address, or phone number unless school provides it

10.3 Parental and School Rights

Parents and schools have the following rights regarding children's information:

• Review: Request to review the personal information collected from the child
• Delete: Request deletion of the child's personal information
• Revoke Consent: Refuse further collection or use of the child's information
• Export: Receive a copy of the child's data in machine-readable format

To exercise these rights, schools or parents should contact us at support@studysite.ai with the student's identifier and proof of authorization.

10.4 No Behavioral Advertising

10.5 Data Security for Children

We take extra precautions to protect children's information:

• Encrypted transmission and storage of all data
• Minimal data collection (only what's necessary for education)
• Automatic deletion after 90 days of inactivity
• No public student profiles or social features that expose children
• Restricted third-party access (only educational tools like OpenAI for tutoring)

10.6 Instructor Responsibilities

Instructors who create student accounts represent and warrant that:

• They have proper authorization from their school or educational institution
• They have obtained necessary consents as required by their institution's policies
• They will only use the platform for legitimate educational purposes
• They will not share student data inappropriately

11. International Data Transfers

Our services are operated from the United States. If you access the platform from outside the U.S., your information will be transferred to, stored, and processed in the United States.

11.1 Transfer Safeguards

For users in the European Economic Area (EEA), UK, or other regions with data transfer restrictions, we implement the following safeguards:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Data Processing Agreements: We have DPAs with all sub-processors that include Standard Contractual Clauses (SCCs)
• Access Controls: Strict role-based access limits who can view personal data
• Data Minimization: We only transfer data necessary for the service

11.2 Your Consent

By creating an account and using our platform, you explicitly consent to the transfer of your personal data to the United States. You may withdraw this consent at any time by deleting your account, though this will prevent you from using our services.

12. FERPA Compliance (U.S. Educational Institutions)

12.1 School Official Exception

When used by educational institutions, StudySite.ai operates under the "school official" exception to FERPA. This means we:

• Act as a service provider performing functions the school would otherwise perform
• Use student education records only for the purposes specified in our agreement with the school
• Are under direct control of the school regarding use and maintenance of education records
• Do not disclose student information to third parties except as permitted by FERPA

12.2 Education Records

The following data collected by StudySite.ai may constitute "education records" under FERPA:

• Learning progress and objective completions
• Assignment submissions and grades (if integrated)
• Learning conversations with AI tutors
• Time spent on learning activities

12.3 Parental and Student Rights

Under FERPA, parents (or eligible students 18+) have the right to:

• Inspect and review their child's education records
• Request amendments to records they believe are inaccurate
• Consent to disclosures of personally identifiable information (with exceptions)
• File complaints with the U.S. Department of Education

To exercise these rights, contact your educational institution or email us at privacy@studysite.ai.

12.4 Data Security for Education Records

We implement appropriate safeguards to protect education records:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Role-based access controls limiting who can view student data
• Audit logging of access to education records
• Regular security assessments and updates
• Data Processing Agreements with all sub-processors

12.5 Institutional Agreements

Educational institutions may enter into Data Processing Agreements (DPAs) with us that include:

• Specific terms for FERPA compliance
• Data retention and deletion requirements
• Security incident notification procedures
• Limitations on data use and disclosure

Contact support@studysite.ai for institutional agreements.

13. AI-Generated Data (California AB 1008)

13.1 What AI-Generated Data We Create

Our AI systems generate the following data about you:

• Progress assessments: AI-determined evaluations of your understanding of learning objectives
• Learning profiles: Inferred learning style, pace, and preferences
• Progress predictions: Estimated completion times and success likelihood
• Personalization data: Content difficulty adjustments and recommendations
• Struggling indicators: Detection of when you may need additional support

13.2 Your Rights Over AI-Generated Data

You have the same rights over AI-generated data as other personal information:

• Access: Request a copy of AI-generated insights about you
• Deletion: Request deletion of AI-generated profiles and assessments
• Correction: Contest inaccurate AI-generated assessments
• Portability: Export AI-generated data in machine-readable format

13.3 Inclusion in Data Exports

When you request a data export via our Privacy Settings, it includes all AI-generated data about you, including:

• Progress scores and assessment history
• Learning profile and inferred preferences
• Progress tracking and completion data
• Any AI-generated recommendations or insights

14. Cookies and Tracking

We use cookies and similar technologies. Here's a summary:

You can manage your cookie preferences via our cookie banner or in Privacy Settings. See our full Cookie Policy for details.

15. How We Obtain Consent

15.1 Account Creation

When you create an account, you consent to our processing of your data as described in this policy. This consent is obtained through:

• Clear presentation of this Privacy Policy during signup
• Checkbox acknowledgment that you have read and agree to the policy
• Link to this policy in our Terms of Service

15.2 Cookie Consent

For non-essential cookies, we obtain explicit consent through:

• Cookie consent banner on first visit
• Granular options to accept/reject each cookie category
• Ability to change preferences at any time

15.3 Withdrawing Consent

You can withdraw consent at any time by:

• Updating your preferences in Privacy Settings
• Deleting your account
• Contacting us at privacy@studysite.ai

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy with a new "Last Updated" date
• Sending an email notification to registered users
• Displaying a prominent notice on the platform

Your continued use of the platform after changes indicates your acceptance of the updated policy.

17. Contact Us

For privacy-related questions, concerns, or to exercise your rights:

We aim to respond to all privacy inquiries within 30 days. For GDPR-related requests, we will respond within the legally required timeframe.