Catius AI Learning

Legal

Privacy Policy

Effective date: May 9, 2026. Describes how Catius AI ("we", "us") handles personal information for Catius AI Learning at catiusai.com. Supplement this with district-specific agreements where required (for example FERPA).

1. Who we are

Data controller for this site: Catius AI. Contact: privacy@catiusai.com. Legal correspondence: legal@catiusai.com.

2. Information we collect

  • Account details from sign-in (for example name and email from Google or Microsoft OAuth when you choose those providers).
  • Profile and learning data you generate in the product (role, grade selections, lesson progress, diagnostic results, class enrollments, teacher-created links).
  • Technical data needed to operate the Service: IP address, approximate region from hosting logs, cookies and session tokens for authentication, and abuse-prevention signals (such as rate limiting metadata).
  • Payment-related metadata when you subscribe (processed by our payment processor; we do not store full payment card numbers).

3. How we use information

To provide and secure the Service; personalize pacing where applicable; display progress and reports to authorized teachers and students; process subscriptions; comply with law; and debug or improve reliability.

4. Subprocessors (representative)

We rely on vendors that process data on our behalf. Your deployment may use:

  • Vercel — hosting and serverless execution.
  • PostgreSQL provider (for example Neon, AWS RDS, or similar) — application database.
  • Stripe — payments and billing portals (if enabled).
  • Google / Microsoft — OAuth sign-in when configured.
  • Optional tutors or media providers when you enable those features (for example LLM or education APIs named in your deployment configuration).

Maintain an internal list that matches your actual vendors and DPAs.

5. Retention

We retain information while your account is active and for a reasonable period afterward for backups, disputes, and legal obligations. Exact schedules should match your backup and compliance program; honor deletion requests where applicable law requires.

6. Security

We use HTTPS in transit, access-controlled infrastructure, and hashed secrets for authentication material. No online service is perfectly secure.

7. Children and schools

Where the Service is used with students under 13 or within K–12 institutions, schools and guardians should follow applicable laws (including COPPA and FERPA in the United States). Configure roster and consent practices accordingly and contact us for a data processing addendum if needed.

8. International transfers

Data may be processed in the United States or other regions where subprocessors operate. Use appropriate safeguards (such as standard contractual clauses) when serving users in jurisdictions that require them.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, export, or restrict certain processing. Email privacy@catiusai.com with your request; we may verify identity before fulfilling it.

10. Changes

We may update this policy and will adjust the effective date. Material changes should be announced through the product or email when appropriate.