Policy

Privacy Policy

Back to sign in

Privacy Policy for Tetta AI

This Privacy Policy explains how Tetta AI collects, uses, shares, and protects information when you use our web application and services (the "Service"). We are currently operating as an independent app and are not an institutional system of record. We have not been formally reviewed for FERPA or other regulatory compliance at this time. If your school or institution later provides access to the Service, your use may also be governed by your institution's policies.

If you are an instructor, you are responsible for informing students about the use of the Service in your course. Students should also review course-specific disclosures shown in the app.

1) Scope and roles

The Service is designed for higher education and course-related workflows. Today, Tetta AI operates independently and is not an institutional system of record. In future institutional deployments, the institution may act as the data controller and Tetta AI may act as a service provider/processor under contract.

2) Information we collect

We collect information from three sources: (a) directly from you, (b) from your instructor or course owner (if applicable), and (c) automatically from your use of the Service.

2.1 Account and profile data

  • Name, email, and role (student, instructor, admin).
  • Course enrollment and identifiers provided by instructors or course setup.

2.2 Course and assignment data

  • Course materials, assignment prompts, rubrics, and resources uploaded by instructors.
  • Student submissions or responses if submitted through the Service.

2.3 AI interaction data

  • Messages you send to AI tutors and AI responses.
  • Assignment context or question references used by the tutor.
  • Basic interaction metadata (timestamps, course/assignment identifiers, response types, and operational metadata).

2.4 Usage, device, and log data

  • Session data, feature usage, and performance metrics.
  • IP address, browser type, and device information for security and fraud prevention (we may minimize or hash identifiers where configured).
  • Error logs and audit logs.

2.5 Cookies and session management

We use cookies or similar technologies to keep you signed in and protect the Service. Sessions are typically managed by server-set cookies and used for authentication, session continuity, and security (e.g., CSRF protection). Depending on deployment, cookies may be set with security attributes such as HttpOnly, Secure, and SameSite, and are not accessible to client-side scripts. You can adjust browser settings to block cookies, but some features may not work.

2.6 Consent and administrative records

  • AI disclosure acknowledgements and audit trails for compliance.

3) How we use information

We use information to:

  • Provide and operate the Service (including AI tutoring and course workflows).
  • Improve quality, reliability, and safety of the Service, using de-identified or aggregated data where possible.
  • Provide analytics to instructors (typically de-identified summaries or aggregated insights).
  • Enforce access controls so instructors only see data for their own courses and students only see their own data.
  • Support and troubleshoot issues.
  • Comply with legal obligations and enforce our terms.

4) AI features and data handling

When AI features are enabled by an instructor, your requests may be sent to third-party AI model providers to generate responses. We take steps to reduce the inclusion of direct identifiers (such as names or emails) where feasible. If you enter personal information in your prompt, that content may be transmitted as part of your message.

Instructor views are designed to show de-identified summaries or excerpts and aggregated insights by default. Full raw transcripts are restricted to administrators and are only available when explicitly enabled for support, security, or compliance. "De-identified" means direct identifiers are removed, but complete anonymity cannot be guaranteed if you include identifying details.

5) Sharing and disclosures

We may share information with:

  • Service providers to operate the Service (for example, Google Cloud for application hosting and Amazon S3 for uploaded file storage).
  • Email delivery providers (SendGrid) to send account and service communications.
  • AI model providers when AI tutoring is enabled.
  • Your instructor, limited to data for their own courses and students.
  • Legal or regulatory authorities when required by law.

We do not share personal information with advertisers or data brokers, and we do not sell personal information. Students can access only their own data, and instructors can access only data for students enrolled in their courses.

6) Data retention

Retention varies by data type. Typical retention targets are:

  • Raw chat history: up to 12 months after course end or archival.
  • De-identified interaction logs: up to 12 months.
  • Usage and cost logs: up to 24 months.
  • Disclosure/consent records: up to 4 years.

We may retain data longer if required for legal, security, or audit purposes.

7) Security

We use administrative, technical, and physical safeguards to protect data, including access controls, encryption in transit, and audit logging. No system is perfectly secure, and we cannot guarantee absolute security.

8) Your choices

  • You can choose not to use AI tutor features where participation is optional.
  • You can avoid sharing sensitive personal information in AI prompts.
  • You can request access, correction, or deletion of your account data, subject to course record retention needs.

9) Student privacy and compliance

We are not currently formally reviewed for FERPA, GDPR, or other regulatory compliance programs. If you are an instructor or student, you should only use the Service in ways that align with your institution's policies and any applicable laws.

Although not officially reviewed, we design the Service with FERPA-aligned practices in mind, including:

  • Role-based access controls that limit instructors to their own courses and students.
  • Student access limited to their own records and interactions.
  • Use of data for educational purposes only (course operations and learning support).
  • Minimization of data shared in AI workflows and de-identified summaries for instructor analytics by default.
  • Clear disclosure and consent for AI tutor interactions.
  • Audit logging and security monitoring to detect misuse or unauthorized access.
  • Time-bound retention targets and deletion practices aligned to course lifecycles.

10) Children and student privacy

The Service is intended for adult learners (18+) and is not directed to children under 13. If you believe a child has used the Service, contact us to request deletion.

11) International data transfers

Your information may be processed in the countries where we or our service providers operate. We take steps to ensure appropriate safeguards where required.

12) Changes to this policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date and, where appropriate, provide notice through the Service or your institution.

13) Contact

For questions about this Privacy Policy, contact:

Tetta AI Privacy Contact Email: asimae@udel.edu