Privacy Policy

1. Introduction

Learnify EduOS (“Learnify,” “we,” “us,” or “our”) is committed to protecting the privacy of our users, especially students who are minors. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our AI-powered learning platform.

We comply with applicable data protection laws including GDPR (General Data Protection Regulation), COPPA (Children's Online Privacy Protection Act), FERPA (Family Educational Rights and Privacy Act), and POPIA (Protection of Personal Information Act) where applicable.

2. Information We Collect

2.1 Account Information

• Name (first and last)
• Email address
• Username and password (password stored as a salted hash, never in plaintext)
• User role (student, guide, or administrator)
• Organization/school affiliation

2.2 Learning Data

• Concept mastery scores and assessment results
• Time spent on learning activities
• Question responses and grading outcomes
• Learning path progress and prerequisite completion
• Spaced repetition review schedules and ratings
• Time bank balances and efficiency metrics

2.3 AI Tutoring Data

• Messages exchanged with the AI Socratic Tutor during learning sessions
• Scaffolding levels and adaptive tutoring parameters
• Feedback interactions and hint requests

2.4 Technical Data

• Browser type and version
• Device type and operating system
• IP address (anonymized after 30 days)
• Session identifiers

3. How We Use Your Information

We use collected information exclusively for educational purposes:

• Personalized learning: Adapting the AI tutor, question difficulty, and learning paths to each student's level and progress
• Mastery tracking: Recording assessment results and enforcing mastery gates to ensure deep understanding
• Spaced repetition: Scheduling review sessions based on retention science to optimize long-term memory
• Guide dashboards: Providing educators with aggregated insights into student progress and areas needing attention
• Platform improvement: Analyzing anonymized, aggregated usage patterns to improve the learning experience
• Security: Detecting and preventing unauthorized access, fraud, and abuse

4. What We Never Do

5. Data Sharing

We share personal information only in the following limited circumstances:

• With your school/organization: Guides and administrators within your organization can view student progress data for educational purposes
• AI processing: Student messages are sent to our AI service for tutoring responses. These are processed in real time and not stored beyond the session unless required for the learning record
• Legal requirements: We may disclose information if required by law, court order, or to protect the safety of our users

6. Data Security

We implement industry-standard security measures to protect your data:

• All data transmitted over HTTPS/TLS encryption
• Passwords stored using industry-standard hashing (PBKDF2 with SHA-256)
• JWT-based authentication with short-lived access tokens
• Rate limiting and brute-force protection on all endpoints
• Role-based access control (students, guides, administrators)
• Multi-tenant data isolation between organizations
• Regular security audits and dependency vulnerability scanning
• Database backups encrypted at rest

7. Data Retention

• Active accounts: Learning data is retained for the duration of the student's enrollment in their organization
• Deleted accounts: Personal data is deleted within 30 days of account deletion. Anonymized, aggregated statistics may be retained
• AI tutoring sessions: Conversation logs are retained for up to 12 months for learning continuity, then automatically purged
• Technical logs: Server and access logs are retained for 90 days for security purposes, then deleted

8. Children's Privacy

Learnify is designed for use in educational settings and may be used by children under 13 with parental or school consent. We comply with COPPA requirements:

• Student accounts for children under 13 are created by schools or parents, not by the children directly
• We collect only the minimum information necessary for educational purposes
• Parents and guardians may review, modify, or delete their child's information by contacting their school administrator or us directly
• We do not condition participation on providing more information than is necessary

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data (“right to be forgotten”)
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request that we limit processing of your data
• Objection: Object to processing of your data for specific purposes
• Withdraw consent: Withdraw any previously given consent at any time

To exercise any of these rights, contact us at privacy@learnify.edu. We will respond within 30 days.

10. Cookies and Local Storage

Learnify uses minimal browser storage:

• Authentication tokens: Stored in localStorage to maintain your login session. These are cleared when you sign out
• Theme preference: Your light/dark mode preference is stored locally
• No third-party tracking cookies: We do not use advertising cookies, analytics cookies from third parties, or social media tracking pixels

11. International Data Transfers

If your data is transferred to servers outside your country, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by relevant authorities. We make every effort to store data in the region closest to your school's location.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify users through the platform and update the “Last updated” date at the top. Continued use of Learnify after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact: