Privacy Policy

Last updated: May 31, 2025

At M∆THM∆TIΧ AI, we respect your privacy and are deeply committed to protecting your personal data, especially as an educational service. This Privacy Policy explains how we collect, use, disclose, and protect information submitted by users of our platform ("Service").

1. What Information We Collect

We collect information to provide and improve our Service. This includes:

• **Account Information:** Name (first, last), username, email address, and password hash (stored securely).
• **Educational Profile Data:** Grade level, current math course, learning style preferences, tone preferences, and interests.
• **Educational Records:** Your messages and interactions with the AI tutor (conversation history and content), AI-generated conversation summaries, and Individualized Education Program (IEP) plan details (accommodations, goals).
• **Gamification Data:** Experience points (XP), level, and active tutoring minutes.
• **Technical Data:** Limited technical data such as IP address (for security and anti-abuse purposes), device information, and browser type, collected automatically when you access the Service.

2. How We Use Your Data

We use the collected data solely for educational purposes and to enhance your learning experience:

• To provide, operate, and maintain the Service, including managing your account and delivering tutoring.
• To personalize your learning experience, including tailoring AI responses based on your learning style, tone preference, and IEP accommodations.
• To store and provide access to your session history and summaries for your review and for your assigned teacher (if applicable).
• To improve tutoring responses and the overall Service over time, by analyzing aggregated and anonymized usage data.
• To track your progress, XP, and level for gamification purposes.
• For security and anti-abuse purposes, to protect our Service and other users.
• To communicate with you regarding Service updates or support inquiries.

3. How We Share and Disclose Your Data

We do not sell or rent your personal data to third parties. We disclose data only in the following limited circumstances:

• **With Your School/Teacher:** If your account is associated with a school or assigned to a teacher, relevant education records (e.g., conversation summaries, IEP plan details, and progress data) may be shared with your assigned teacher or authorized school officials for legitimate educational purposes, as permitted by the Family Educational Rights and Privacy Act (FERPA).
• **Service Providers:** We may share data with trusted third-party service providers who perform services on our behalf (e.g., cloud hosting, analytics, email delivery). These providers are contractually obligated to protect your data and use it only for the purposes for which we provide it.
• **AI Services:** To provide AI tutoring, your messages are processed by third-party AI models. We currently use OpenAI (GPT-4o-mini for chat, Whisper for voice transcription), Anthropic (Claude for homework grading), and Mathpix (for math OCR from uploaded images). Before sending data to these providers, we strip personally identifiable information including student names, email addresses, and identifying details from IEP records. These AI providers receive anonymized educational context (grade level, learning style, accommodation types) but not information that identifies which student is being tutored. We do not send student data to any AI provider for model training. M∆THM∆TIΧ AI is designed to be compliant with the Children's Online Privacy Protection Act (COPPA).
• **Voice Services:** For optional voice features, we use Cartesia for text-to-speech. This service is only available to users aged 13 and older. Users under 13 use browser-native speech synthesis instead.
• **Legal Requirements:** We may disclose your data if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
• **Business Transfers:** In the event of a merger, acquisition, or asset sale, your data may be transferred as part of that transaction, provided that the new entity agrees to adhere to this Privacy Policy.

4. Children's Privacy (COPPA & FERPA)

M∆THM∆TIΧ AI is designed for educational use, including by children. We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA) for student data.

COPPA Compliance

• For users under the age of 13, we require verifiable parental consent or consent provided by a school, as permitted by COPPA.
• Parents may revoke consent at any time, which will restrict their child's access to AI features and trigger data retention review.

FERPA Compliance

When schools use the Service, we act as a "school official" under FERPA (34 CFR § 99.31(a)(1)), processing education records solely for authorized educational purposes as defined by our Data Processing Agreements (DPAs) with the school.

• **Right to Inspect and Review (34 CFR § 99.10):** Parents and eligible students may request to inspect and review education records within 45 days. Use the Data Export feature in the parent dashboard or contact support@mathmatix.ai.
• **Right to Request Amendment (34 CFR § 99.20):** Parents and eligible students may request amendment of records believed to be inaccurate or misleading. Submit requests through the parent dashboard under Privacy > Request Record Amendment. If a request is denied, you will be informed of your right to a formal hearing per 34 CFR § 99.21.
• **Right to Consent to Disclosure (34 CFR § 99.30):** We do not disclose personally identifiable information from education records without consent, except as authorized by FERPA (e.g., to school officials with legitimate educational interest, in connection with financial aid, to comply with judicial orders).
• **Directory Information (34 CFR § 99.37):** We may designate limited information as "directory information" (first name, grade level, math course, gamification level). Parents may opt out of directory information disclosure through the parent dashboard under Privacy > Directory Information. Opted-out students will appear anonymized on leaderboards and class displays.
• **Record Access Logging (34 CFR § 99.32):** We maintain a log of parties who access your child's education records. Parents may view this log through the parent dashboard under Privacy > Record Access Log.
• **Annual Notification (34 CFR § 99.7):** Parents and eligible students receive annual notification of their FERPA rights at the start of each school year and upon new enrollment.
• **Right to File a Complaint:** Complaints regarding FERPA violations may be filed with the Family Policy Compliance Office, U.S. Department of Education, 400 Maryland Avenue SW, Washington, DC 20202.

5. Your Rights Regarding Your Data

You have certain rights concerning your personal data:

• **Access and Review:** You (or your parent/guardian) may request to inspect and review your education records by contacting us.
• **Amendment:** You may request that we amend records that you believe are inaccurate or misleading.
• **Deletion:** You may request deletion of your account and associated personal data at any time by contacting us at the email below. We will delete your data, subject to any legal obligations to retain certain information.
• **Data Portability:** You may request a copy of your data in a structured, commonly used, and machine-readable format.

6. Data Security

We implement industry-standard security practices to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include:

• **Encryption:** Data is encrypted both in transit (using SSL/TLS) and at rest (storage-level encryption where feasible).
• **Access Controls:** Strict access controls and role-based permissions limit access to your data only to authorized personnel who need it for their job functions.
• **Secure Session Handling:** We utilize secure session management practices to protect your login sessions.
• **Regular Security Audits:** We regularly review our security practices and update them as necessary.

7. Data Retention

We retain your personal data for as long as necessary to provide the Service, fulfill the purposes outlined in this Privacy Policy, comply with our legal obligations (e.g., tax, accounting, or audit), and resolve disputes. Upon account termination or request for deletion, we will securely delete or anonymize your data, unless retention is required by law.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

9. Contact Us

For any questions or concerns about your privacy or this Privacy Policy, please contact us at:

support@mathmatix.ai