Skip to main content

Privacy Policy

Your privacy is our priority. Learn how we protect your personal information and ensure student data security in compliance with global privacy regulations.

Last updated: January 1, 2025 | Effective: January 1, 2025

Our Privacy Principles

Data Protection First

We implement industry-leading security measures to protect your personal information and student data.

Transparency

We clearly explain what data we collect, why we collect it, and how it's used.

Secure Storage

All data is encrypted in transit and at rest, with regular security audits and updates.

Your Control

You can access, modify, or delete your data at any time through your account settings.

Data Portability

Export your data in standard formats whenever you need it.

GDPR Compliant

Full compliance with European data protection regulations and other privacy laws.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, school/organization name, and role (teacher, administrator, etc.).

Usage Data

We collect information about how you use our service, including features accessed, time spent, and interaction patterns to improve our platform.

Student Data (Limited)

We only process student data that you voluntarily input for AI-powered feedback generation. We never collect student personal identifiers or contact information directly.

Technical Information

IP address, browser type, device information, and session data for security and technical optimization purposes.

2. How We Use Your Information

  • Service Delivery: Provide AI-powered teaching tools and feedback generation
  • Account Management: Manage your subscription, billing, and support requests
  • Platform Improvement: Analyze usage patterns to enhance features and user experience
  • Communication: Send important updates, security notifications, and optional educational content
  • Legal Compliance: Meet regulatory requirements and protect against misuse

3. Data Security & Storage

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

Data Centers

Data is stored in secure, SOC 2 compliant data centers in the European Union and United States.

Access Controls

Strict access controls ensure only authorized personnel can access data for legitimate business purposes.

Regular Audits

We conduct regular security audits and penetration testing to identify and address vulnerabilities.

4. Your Rights (GDPR & Privacy Laws)

Under GDPR and other privacy regulations, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Portability: Export your data in a machine-readable format
  • Right to Object: Object to processing of your personal data
  • Right to Restrict: Request restriction of processing

To exercise these rights, contact us at privacy@zaza.ai or use your account settings.

5. Data Sharing & Third Parties

We Never Sell Your Data

We never sell, rent, or trade your personal information or student data to third parties.

Limited Sharing

We only share data with:

  • Service Providers: Cloud hosting (Vercel), payment processing (Stripe), email services (Brevo)
  • Legal Requirements: When required by law or to protect our legal rights
  • Business Transfers: In case of merger or acquisition (with same privacy protections)

AI Processing

Student work samples are processed by AI services (OpenAI, Anthropic) under strict data processing agreements that prohibit data retention or training use.

6. Data Retention & Deletion

  • Account Data: Retained while your account is active plus 30 days after cancellation
  • Student Work Samples: Automatically deleted after feedback generation (not stored)
  • Usage Analytics: Aggregated and anonymized data retained for up to 2 years for platform improvement
  • Financial Records: Billing information retained for 7 years for legal compliance
  • Immediate Deletion: Contact us for immediate account and data deletion

7. Cookies & Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Account authentication and core functionality
  • Analytics Cookies: Understanding usage patterns (anonymized)
  • Preference Cookies: Remembering your settings and language choices

See our Cookie Policy for detailed information and opt-out options.

8. Student Privacy (FERPA & COPPA Compliance)

  • • We operate as a School Official under FERPA when processing student educational records
  • • Student data is only processed for legitimate educational purposes as directed by teachers
  • • We do not collect personal information from children under 13 without parental consent
  • • Student work samples are processed transiently and not stored in our systems
  • • Teachers maintain full control over what student data (if any) is processed through our platform

9. International Transfers

If you're located outside the United States, your data may be transferred to and processed in the US. We ensure adequate protection through:

  • • Standard Contractual Clauses (SCCs) approved by the European Commission
  • • Adequacy decisions where available
  • • Additional safeguards including encryption and access controls

10. Contact Us

For privacy-related questions or to exercise your rights:

Privacy Officer: Dr. Greg Blackburn

Email: greg@zazatechnologies.com

Address:
Zaza Technologies UG (haftungsbeschränkt)
Gumbertstraße 150
40229 Düsseldorf
Germany

Response Time: Within 30 days of receipt

EU residents can also contact your local data protection authority if you have concerns about our data processing practices.

production · feat/site-polish-20250921 · Build: 6337b1d