Privacy Policy.

Welcome to the Privacy Policy of EducAI Inc. ("EducAI", "we", "us", or "our"), a federally incorporated Canadian business entity (Incorporation Date: June 5, 2026). EducAI provides a highly secure, localized artificial intelligence platform tailored specifically for Canadian higher education institutions. We are committed to protecting the privacy, security, and digital sovereignty of universities, their faculty, and their students.

This Privacy Policy is designed to comply with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and aligns with provincial public-sector privacy standards (e.g., FIPPA in Ontario and British Columbia, and FIPPA/LAIPSPA equivalent frameworks across Canada). It outlines our strict data handling practices, emphasizing our local deployment and sovereign cloud architecture.

1. Canadian Data Residency & Cloud Sovereignty

EducAI strictly enforces sovereign data residency boundaries to prevent cross-border data vulnerability. We guarantee that:

• 100% Local Storage: All customer data, including uploaded course materials, user logs, institutional vector databases, meta-indices, and user interactions, are stored and hosted exclusively on the local institution's secure local servers.
• No Offshore Transmission: No data processed by EducAI is ever routed, stored, or processed outside the sovereign boundaries of Canada. This directly protects universities from the jurisdictional reach of foreign data access regulations (such as the US PATRIOT Act).

2. Zero-Third-Party Model API Policy

Unlike commercial AI platforms that route sensitive educational material to external third-party companies, EducAI maintains a closed-loop system:

• No Third-Party APIs: We do not transmit any personal information, course assets, or student queries to external third-party LLM providers (e.g., OpenAI, Anthropic, Google, or Microsoft).
• Sovereign Local Inference: All machine learning inference is performed locally within our secure containers. We utilize optimized local models powered by the ONNX runtime on the local machine. Your data remains strictly within your institution’s virtual private cloud (VPC) environment.
• Zero Training on Your Data: Your institutional documents, lecture recordings, quizzes, and chat prompts are never used to train open-source or commercial base models.

3. Compliance with PIPEDA Fair Information Principles

In accordance with PIPEDA, EducAI complies with the ten Fair Information Principles as follows:

Principle 1: Accountability

EducAI Inc. has designated a Privacy Officer to oversee compliance with this policy. We take full responsibility for personal information under our control and enforce strict non-disclosure agreements and secure protocols with all staff members.

Principle 2: Identifying Purposes

We identify the purposes for which personal information is collected at or before the time of collection. Personal information (e.g., student name, email, and academic queries) is collected solely to provide secure, customized virtual study aids and teaching assistant features.

Principle 3: Consent

EducAI operates as a service provider (Data Processor) under contract with Canadian higher education institutions (Data Controllers). Consent is established through institutional agreements and terms, ensuring compliance with university policies. Students and faculty are informed of data usage prior to logging in.

Principle 4: Limiting Collection

We limit the collection of personal information to that which is strictly necessary for the operation of the platform. We do not gather secondary profiling data, nor do we track users across external websites.

Principle 5: Limiting Use, Disclosure, and Retention

Personal information is not used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. We retain data only as long as necessary to fulfill the educational objectives of the licensed semester or academic term, after which all data is securely deleted or anonymized.

Principle 6: Accuracy

We ensure that student and faculty registration data is accurate, complete, and up-to-date as provided by the university's Learning Management System (LMS) integration.

Principle 7: Safeguards

We implement industry-leading security controls. All data in transit is encrypted using TLS 1.3, and all data at rest is protected using AES-256 encryption. Our secure local containers run under strict least-privilege access rules on the local institution's secure local storage.

Principle 8: Openness

We make detailed information about our privacy management practices readily available to administrators, faculty, and students. Our system architecture, data flow diagrams, and localized compliance certifications are transparently disclosed to partner universities.

Principle 9: Individual Access

Upon request, individuals will be informed of the existence, use, and disclosure of their personal information and will be given access to that information. Because EducAI acts as a service provider, requests for access or correction should be initiated through the respective university’s registrar or IT compliance office, and we will assist promptly.

Principle 10: Challenging Compliance

Individuals can address any challenges concerning our compliance with PIPEDA principles to our Privacy Officer. Contact inquiries can be sent to: soham@educai.info.

4. Types of Information We Process

We process two categories of data on behalf of our university clients:

1. Academic Content (Non-Personal): Faculty-supplied syllabi, lecture transcripts, slide decks, and reference documents used to generate study resources.
2. User Account & Session Data (Personal): Standard directory information (name, institutional email, and system-assigned unique identifier) and secure interactive chat logs between students and the virtual teaching assistant.

5. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our compliance with PIPEDA, please contact us at:

EducAI Inc.
Attn: Privacy Officer & Compliance Department
Email: soham@educai.info