Privacy Policy
Last updated: May 31, 2026
1. Overview
EduGears AI is a 100% AI-powered Learning Management System (LMS) and a suite of AI-powered educational tools. You can run EduGears AI as a complete standalone LMS, or add its AI tools to the LMS your institution already uses. This Privacy Policy explains what data we collect, how we use it, how we protect it, and your rights as a user or institutional administrator. We are committed to handling all personal and institutional data with transparency, care, and full compliance with applicable data protection laws.
2. Information We Collect
We collect only the minimum data required to provide the EduGears AI service. When you use EduGears AI as a standalone LMS, we collect your account details — name, email address, and role (admin, instructor, or student) — along with the courses, content, and submissions you create. When you access EduGears AI through your existing LMS, we receive your name, email address, role, and course context (course ID and title) from that system, together with session logs covering user identity, role, timestamp, and course context. In both cases, when you use AI-powered features we store the prompts submitted, AI responses generated, grading outputs, and any errors that occur. We do not collect passwords from external systems or any data beyond what is required to deliver the features you use.
3. How We Use Your Information
We use the data we collect to authenticate you and provide secure access to your account or course, deliver AI tools and features within your learning environment, record grades and progress in your gradebook when that feature is enabled, improve reliability and diagnose errors, and communicate with institutional administrators about service updates. We do not sell your personal information to third parties. Your data is never used to train AI models by EduGears AI or any of our AI provider partners.
4. Data Storage and Retention
All data is stored and processed on secure cloud infrastructure. Submission data — including audio recordings, video, images, and PDFs submitted for AI processing — is purged the same day after processing is complete. Documents uploaded for question generation are retained for up to 7 days and then permanently deleted. Session logs and AI interaction logs are retained for operational purposes and deleted on a rolling schedule. Institutional administrators may contact us to request earlier deletion of their institution's data.
5. Security Architecture
EduGears AI is built with a security-first architecture. All data in transit is encrypted using TLS 1.3. All data at rest — including API keys, submissions, and user records — is encrypted using AES-256. Multi-tenant data isolation is enforced at the database engine layer through Row Level Security (RLS): each institution's data is architecturally separated, making cross-tenant data access impossible by design, not just by policy. No EduGears staff have direct access to tenant data; all access is mediated programmatically through the application and scoped to the appropriate tenant. Role-based access control (RBAC) enforces distinct permissions for admin, teacher, and student roles within each institution.
6. AI Providers and Bring Your Own Key (BYOK)
EduGears AI integrates with third-party AI providers including OpenAI, Anthropic (Claude), Google (Gemini), DeepSeek, and Sarvam AI to power its AI features. When using EduGears-managed AI access, your data is transmitted to the selected provider solely to fulfil your request and is not shared further or used for model training. If you use the Bring Your Own Key (BYOK) option, your API key is encrypted at rest using AES-256 and used exclusively to make requests to your chosen provider on your behalf. You remain responsible for your provider's terms of service and any usage costs incurred under your key.
7. Authentication and Access Security
Authentication and access are protected with industry-standard security. When you sign in to EduGears AI directly, your credentials are protected in transit and at rest, and sessions are secured against tampering and replay. When you access EduGears AI through your existing LMS, we establish trusted sessions using cryptographically signed tokens and a standards-based single sign-on handshake, and we never receive, store, or transmit your LMS login credentials — the only data passed is the identity and course context your LMS provides (name, email, role, and course context). Institutions requiring additional student privacy controls can enable anonymised access where supported.
8. FERPA and COPPA Compliance
EduGears AI is compliant with the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA). We act as a school official under FERPA, using student education records only for the purposes for which they were provided. We do not disclose student data to third parties except to AI providers as necessary to deliver the service. We do not knowingly collect personal information from children under 13 outside of an institutional educational context. Institutional administrators are responsible for ensuring appropriate authorisations are in place for student use. A Data Processing Agreement (DPA) is available for institutional partners upon request.
9. Your Rights
Institutional administrators may request access to, correction of, or deletion of their institution's data by contacting support@edugears.ai. Students and instructors should direct data requests to their institution's administrator. You may withdraw your institution's customer reference consent at any time by emailing us. Where applicable law provides additional rights — such as under GDPR or applicable Indian data protection law — we will honour those rights within the timeframes required.
10. Contact Us
If you have questions about this Privacy Policy, wish to request data deletion, or need a Data Processing Agreement, please contact us at support@edugears.ai.