← Back to EduAI

Privacy & Data Protection Policy

Last updated: January 20, 2025

Our Commitment to Privacy

EduAI is built for classrooms and communities with privacy, equity, and safety at its core. We ensure that student and teacher data is processed securely and responsibly, with local control wherever possible. We prioritize your trust and the protection of educational data above all else.

1. What Data We Collect

EduAI may process the following types of data to provide educational services:

Student Inputs

  • Answers to educational questions
  • Homework submissions and assignments
  • Images and drawings created during learning activities
  • Text interactions with AI tutoring systems

Teacher Inputs

  • Lesson plans and educational materials
  • Assessment criteria and rubrics
  • Student feedback and grading data
  • Classroom management information

Optional Audio/Video

When explicitly enabled by teachers for features like speech interaction or emotion detection, we may process audio or video. This data is:

  • Processed only during the active session
  • Never stored permanently without explicit consent
  • Used solely for educational analysis
  • Deleted immediately after analysis (unless saved by teacher request)

Account Information

  • Name and email address (for Teachers and Administrators)
  • Student names or pseudonyms (as provided by institution)
  • Institution and grade level information
  • User role (Student, Teacher, Administrator)

We do NOT request or store:

  • Physical home addresses
  • Financial information or payment details (institutional billing only)
  • Social security numbers or government IDs
  • Unnecessary personal identifiers

2. How Data Is Processed (Local-First Design)

EduAI is designed to keep data close to the learner through our Local-First Architecture:

Local AI Models (Preferred)

EduAI can run entirely on local infrastructure:

  • Local servers: School-hosted servers within your network
  • Offline devices: Computers or tablets without internet
  • Open-source AI: Models like Mistral, LLaMA, or other community models

When using Local AI, sensitive student information never leaves the local environment.

Secure Managed AI (Optional)

When using cloud services (Vertex AI, Azure AI, or NGO-hosted infrastructure), strict privacy rules apply:

  • Data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Data is processed only for the educational session
  • No training of external LLMs occurs on student data
  • Data processing agreements (DPAs) are in place with all providers

EduAI never sends raw student data directly to global commercial LLM providers like OpenAI or Anthropic.

3. How Data Is Used

• To deliver tutoring: Provide AI-powered tutoring, adaptive feedback, and personalized learning experiences

• To support teachers: Help with lesson preparation, assessments, and classroom management

• To improve outcomes: Track progress and adapt to diverse learning needs

• To enhance the platform: Improve service quality and fix technical issues (anonymized data only)

What We Never Do:

  • • Data is never sold to any third party
  • • Data is never used for targeted advertising
  • • Data is never shared with unrelated third parties

4. Data Storage & Retention

Temporary Use (Default)

By default, EduAI processes data only during the active session. Session data is automatically deleted when the session ends or after a short retention period (typically 24-48 hours for troubleshooting purposes).

Local Storage (Optional)

Teachers or schools may choose to save progress records for monitoring learning growth. When saved:

  • Data remains under institutional control
  • Stored on institution-controlled servers (for Local AI deployments)
  • Subject to institutional data retention policies
  • Can be deleted at any time upon request

Deletion Rights

Parents, students, or schools can request data deletion at any time by contacting:

  • Your school administrator (for locally stored data)
  • EduAI at info@z2one.ai (for cloud-stored data)

Deletion requests are processed within 30 days, except where retention is required by law.

5. Who Has Access to Data

Teachers and School Staff

Authorized teachers and administrators can access student records for educational purposes only

NGO/Education Authority Administrators

Local administrators may access data for oversight and institutional compliance

EduAI Technical Staff (Cloud deployments only)

Limited to troubleshooting and system maintenance, under strict confidentiality agreements

No external AI provider receives identifiable student data

All data sent to AI services is anonymized and encrypted

6. Protecting Children's Rights

EduAI aligns with international child protection standards:

UNCRC

United Nations Convention on the Rights of the Child

COPPA

Children's Online Privacy Protection Act (USA)

GDPR

General Data Protection Regulation (EU)

FERPA

Family Educational Rights and Privacy Act (USA)

• Parental/school consent: Required for under-13 learners where mandated by law

• Intellectual property: Children's work is respected as their intellectual property

• Age-appropriate design: Interface and content adapted for different age groups

7. Your Rights

You have the following rights regarding your data:

Right to Access

Request a copy of all data we have about you

Right to Rectification

Correct or update inaccurate records

Right to Deletion

Request deletion of your data (subject to legal retention requirements)

Right to Data Portability

Export your data in a machine-readable format

Right to Object

Opt out of saving data altogether (session-only processing)

To exercise any of these rights, please contact your school administrator or email us at info@z2one.ai

8. Security Measures

We implement industry-standard security measures to protect your data:

Encryption

  • • TLS/SSL for data in transit
  • • AES-256 for data at rest
  • • End-to-end encryption where applicable

Access Controls

  • • Role-based access control (RBAC)
  • • Multi-factor authentication (MFA)
  • • Principle of least privilege

Monitoring

  • • 24/7 security monitoring
  • • Regular security audits
  • • Intrusion detection systems

Backup & Recovery

  • • Regular encrypted backups
  • • Disaster recovery plans
  • • 99.9% uptime guarantee

9. Third-Party Services

EduAI may use carefully vetted third-party services to provide our platform:

Cloud Infrastructure (Optional)

Google Cloud Platform (Vertex AI), Microsoft Azure, or NGO-hosted servers - all with data processing agreements (DPAs) in place

Analytics (Anonymized)

Anonymized usage analytics to improve platform performance - no personally identifiable information

All third-party services are bound by strict confidentiality and data protection agreements. We never share identifiable student data with commercial LLM providers.

10. International Data Transfers

If your institution is located outside the United States and uses cloud-based EduAI, your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission for EU institutions.

For maximum data sovereignty, we recommend local deployment options where data never leaves your country or institution.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated at least 30 days in advance via email to institutional administrators and posted prominently on the platform. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

Contact for Privacy Questions

If you have questions or concerns about this Privacy Policy or our data practices:

Z2ONE AI LLC

3609 Chain Bridge Road, Suite C

Fairfax, VA 22030

United States

Email: info@z2one.ai

Website: z2one.ai

We will respond to all inquiries within 30 days.

© 2025 Z2ONE AI LLC. All Rights Reserved.

Privacy PolicyTerms and Conditions