← Back to Home

Privacy Policy

Last updated: April 2026

Our Commitment

Saya is deployed inside live K–12 classrooms. We take student data protection seriously and operate in accordance with FERPA (Family Educational Rights and Privacy Act) and COPPA (Children's Online Privacy Protection Act). This policy explains what data we collect, why, and how it is protected.

1. What We Collect

Teacher account data: Name, email, school name, and hashed password at registration.

Session configuration: Grade level, subject, topic, persona, language, and class size settings created by the teacher.

Session transcripts: All messages typed or spoken during a classroom session, including teacher narration, student contributions (attributed by name if provided), and Saya's responses.

Usage metrics: Token counts, provider latency, and cost estimates for internal monitoring. No personally identifiable information is included in these metrics.

2. What We Do Not Collect

  • We do not collect student names, emails, dates of birth, or any other directly identifying student information — student participation is recorded only if the teacher types a name
  • We do not collect payment card details (handled by Stripe, a PCI-DSS compliant processor)
  • We do not use cookies for tracking or advertising
  • We do not sell, rent, or share any data with third parties for commercial purposes

3. How Data Is Used

  • Session transcripts are used exclusively to generate Saya's classroom responses and end-of-session analytics
  • Transcripts are passed to a third-party AI inference provider (Anthropic, Groq, Google, etc.) solely for the purpose of generating responses — these providers process data under their own GDPR/enterprise data processing agreements
  • We do not use classroom transcripts to train or fine-tune any AI model
  • Analytics data is displayed only to the authenticated teacher who created the session

4. Data Access & Partitioning

Every session, message, and analytics record is linked to the teacher's account ID. No teacher can access another teacher's sessions or student data. School administrators do not have access to individual session transcripts unless the teacher shares them.

5. Data Retention & Deletion

Session data is retained for as long as the teacher's account is active. Teachers can delete individual sessions from their dashboard at any time. Account deletion removes all associated sessions, messages, and analytics permanently. Deletion requests can also be submitted to waqas.shah88@gmail.com and will be processed within 30 days.

6. FERPA Compliance

Saya operates as a "school official" under FERPA when contracted by a school or district — we process education records only for legitimate educational purposes and under the direction of the institution. We do not disclose education records to third parties without appropriate consent or a valid FERPA exception.

7. COPPA Compliance

Saya accounts are created by teachers, not students. No child under 13 is asked to create an account or provide personal information directly to Saya. Student contributions visible in the classroom feed are entered by their teacher and are not collected from students directly.

8. Security

Passwords are hashed using bcrypt (cost factor 12). All data in transit is encrypted via TLS 1.2+. Database access is restricted to authenticated application servers. We conduct periodic security reviews and will notify affected users within 72 hours of a confirmed data breach.

9. Contact

Privacy questions or deletion requests: waqas.shah88@gmail.com

Terms of ServiceSafety