Privacy Policy

Last updated: January 10, 2026

1. Information We Collect

We collect information you provide directly to us when you create an account, use our services, or communicate with us. This includes:

  • Account information (name, email address, educational institution)
  • Usage data (interactions with courses, battle performance, AI usage)
  • Payment information (processed securely through Stripe)
  • Content you create (course materials, questions, annotations)

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process payments and manage subscriptions
  • Generate analytics to help instructors understand student progress
  • Power AI features (course generation, study assistance, adaptive questions)
  • Send you technical notices and support messages
  • Comply with legal obligations

3. AI and Data Processing

LRNRS uses artificial intelligence to provide educational features. When you use AI features:

  • Your content may be processed by third-party AI providers (OpenAI, Google)
  • We do not use your data to train AI models
  • AI-generated content is provided as-is and may contain errors
  • You retain ownership of all content you create

4. Information Sharing

We do not sell your personal information. We may share your information with:

  • Service providers (Stripe for payments, cloud hosting providers)
  • AI providers (OpenAI, Google) to power AI features
  • Instructors (if you are a student in their course - limited to course-related data)
  • Law enforcement when required by law

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information. However, no method of transmission over the Internet is 100% secure.

6. Your Rights

You have the right to:

  • Access and export your data
  • Correct inaccurate data
  • Delete your account and associated data
  • Opt out of marketing communications
  • Withdraw consent for data processing (where applicable)

7. Student Privacy & FERPA Compliance

FERPA Compliance Overview

LRNRS complies with the Family Educational Rights and Privacy Act (FERPA) and acts as a "School Official" when integrated with your institution's Learning Management System (Canvas, Blackboard, etc.) via LTI (Learning Tools Interoperability).

LMS Integration Data Handling

When your institution integrates LRNRS with Canvas, Blackboard, or other LMS platforms via LTI 1.3, we receive the following data:

  • Student Information: Student identifiers (as provided by your institution), names, email addresses, and course enrollment status
  • Assessment Data: Assignment scores, quiz responses, submission timestamps, and question-level performance data
  • Course Context: Course identifiers, assignment metadata, and learning outcome mappings
  • Launch Context: User roles (student, instructor, TA), course navigation context, and session information

How We Use LMS Data

We use data received through LTI integration to:

  • Generate per-concept mastery analytics using AI-powered concept detection
  • Provide targeted practice recommendations based on student performance gaps
  • Help instructors identify students needing additional support
  • Create adaptive remediation quizzes aligned with course learning outcomes
  • Track student progress across multiple assessment modalities

FERPA "School Official" Status

When your institution authorizes LRNRS via LTI integration, we perform functions under the direct control of your institution and meet the FERPA definition of a "School Official." This means:

  • We access student education records only for legitimate educational purposes
  • We do not re-disclose student data to third parties without institutional consent
  • Your institution retains full control and can revoke access at any time
  • We maintain student data in accordance with your institution's retention policies

Third-Party AI Processing

LRNRS uses OpenAI and Google AI services to power concept detection and adaptive question generation. When processing LMS data:

  • De-identification: Student personally identifiable information (PII) is removed before sending assignment content to AI providers
  • No Training Data: We do not permit AI providers to use student data for model training
  • Contractual Safeguards: We maintain data processing agreements with AI providers that prohibit unauthorized use or disclosure
  • Scope Limitation: Only assignment questions and rubric content are processed, not student responses or grades

Student & Institutional Rights

Educational institutions and students have the following rights:

  • Institutional Control: Institutions can disable LTI integration at any time, immediately revoking LRNRS access to LMS data
  • Data Audit: Institutions can request a full audit of student data collection and usage
  • Student Deletion Rights: Students can request deletion of their LRNRS account and all associated data
  • Instructor Control: Instructors decide which assignments are analyzed for concept detection and which students see mastery analytics
  • Opt-Out Options: Students can disable sharing of reading analytics and practice session data via privacy settings

Data Retention

  • Active Courses: Data retained while course is active and students are enrolled
  • Course Completion: Data archived when course ends, retained per institutional policy (typically 3-7 years)
  • Integration Removal: If institution removes LTI integration, student data is retained for 30 days to allow data export, then permanently deleted
  • Student Requests: Individual student data deletion requests processed within 30 days

Data Security Measures

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Row-level security ensures students and instructors only access their authorized data
  • Authentication: LTI 1.3 OAuth 2.0 with JWT validation for all LMS launches
  • Audit Logging: All data access logged for institutional compliance audits
  • Regular Reviews: Quarterly security audits and annual penetration testing

Data Breach Notification

In the event of a data breach involving student education records, we will notify affected institutions within 72 hours and cooperate fully with institutional notification procedures as required by FERPA and state laws.

COPPA Compliance

LRNRS is not directed to children under 13 years of age. We require all users to be at least 13 years old to create an account. We verify age during the signup process and do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete such information.

Standalone Mode (Non-LTI)

When used as a standalone web application without LTI integration, LRNRS does not have access to institutional education records. Instructors manually create courses and control student enrollment. In this mode, we are a direct service provider to the instructor, not a School Official.

8. Cookies and Tracking

What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our service. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a set period).

Types of Cookies We Use

Essential Cookies (Always Active)

These cookies are necessary for the service to function and cannot be disabled:

  • Authentication: Clerk session cookies to keep you logged in
  • Security: CSRF protection and secure session management
  • Preferences: Your language, theme, and interface settings

Analytics Cookies (Optional)

These cookies help us understand how users interact with our service to improve it:

  • Usage Analytics: Track which features are used most often
  • Performance Monitoring: Identify and fix technical issues
  • User Experience: Understand user flows and improve design

You can opt out of analytics cookies through our cookie consent banner or browser settings.

Managing Cookies

You have several options to manage cookies:

  • Cookie Consent Banner: When you first visit LRNRS, you can choose to accept or reject optional cookies through our consent banner.
  • Browser Settings: Most browsers allow you to refuse or delete cookies. However, disabling essential cookies may prevent parts of the service from working properly.
  • Do Not Track: We respect browser Do Not Track signals for analytics cookies.

Third-Party Cookies

We do not use third-party advertising cookies. The only third-party cookies we may use are:

  • Clerk (Authentication): For secure login and session management
  • Stripe (Payments): For secure payment processing (only on checkout pages)

These third-party services have their own privacy policies governing their use of cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the service.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at:

ITS LLC DBA LRNRS
Email: hello@lrnrs.ai