Privacy policy

Last updated: 05/06/2025

Overview

At EnlightenAI ('the company', 'we', or 'us'), we respect your privacy and are committed to protecting it through this privacy policy ('Policy' or the 'Privacy Policy'). We provide teachers and school staff with online access to generative artificial intelligence tools for grading, feedback, and data-driven instruction through our website and other services (collectively our "Services").

This policy describes the types of information we may collect from you or that you may provide when you use our product, EnlightenAI ('the product', 'the service', 'the website', 'the app', or 'product'), and our practices for collecting, using, maintaining, protecting, and disclosing that information. This Privacy Policy describes how we collect, use, disclose, share, or otherwise process your personally identifiable information ("PII" or "personal data") when you visit our website or use our other Services. For the purpose of this policy, Personal Information is defined as information that identifies, relates to or could reasonably be linked with or describes an individual or household, either directly or indirectly. The categories of information we collect and how it is used will depend on your interactions with us. By using or accessing the Platform in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and share your information as described in this Policy.

If you use our student-facing features or products, such as AI-powered feedback tools for students, please see our Student Data Policy to learn more about how we process Student Data. If you are a teacher, school, school district, or other educational institution (“Educational Institution”) that uses our student-facing Services (“Student-Facing Services”) for an educational purpose, then the use of the Student-Facing Services is subject to our Student Data Privacy Agreement. For all Student-Facing Services, the Student Data Privacy Agreement is incorporated herein by reference unless your Educational Institution has entered into a separate agreement with us that includes reasonably equivalent protections with regard to student data.

Our approach to data privacy and security

We’ve found that there is a specific set of critical questions teachers, educators, parents, and students often want to know about privacy and security. For your convenience, we’ve summarized our approach below.

  • We limit the personal information we collect to only what’s needed to provide you our Service.
  • We only use the information we collect to provide you with the Service.
  • We don’t rent, sell, or exchange any data to or with anyone.
  • We ensure you remain in control of your data.
  • We follow industry best practices to keep your data safe, and ensure your data is encrypted at rest and in transit.

Data we collect

EnlightenAI collects the following types of personal data when you visit our website or use our Services. We take steps to minimize the collection of personal data to only what is necessary to provide the services.

  • Information we may collect via technological means

    Our servers, which are hosted by a third-party service provider, collect certain technical data about your device and software, including your device's IP address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data. We automatically gather this data and store it in log files each time you visit our website or access an account on our network. Unless you have provided PII in connection with your use of the Services (for example, by creating an account), we cannot use such technical data to identify your name or contact information.

  • Cookies, web beacons, and other tracking technologies

    Our Product may use cookies, web beacons, or other tracking technologies to help you personalize your online experience. A “cookie” is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

    One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you register to use our Product, a cookie helps our Product to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the Product, the information you previously provided can be retrieved, so you can easily use the features that you customized. We do not collect data from users of the product or service for the purpose of tracking across the web.

    Necessary cookies: Enable the core operation of our Products and Services and cannot be switched off in our systems. They include cookies that we use to help control secure areas of our site and to make sure it is accessible to you. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as a result.

    Analytics cookies: These cookies allow us to collect information about patterns of behavior among people using the site. Analytics cookies allow us to count site visits and understand traffic sources so we can measure and improve the performance of our site. We never collect any information from analytics cookies that could be used to personally identify you.

  • Information provided by you when visiting our websites

    You may visit our Websites if you wish without creating an account or providing us with any information about yourself.

    However, if you decide to use certain Services, you may be asked for information that we need in order to provide you with the Services requested. For example, if you decide to sign up for newsletters from us, attend a demonstration or virtual event, create an individual account to use our Services, or apply as an organization to join one of our programs or other offerings, EnlightenAI may collect some or all of the following PII from you: (1) first and last name, (2) school or organization name, (3) role or job title, (4) email address, (5) phone number, and (6) location information including state/province and country. You may also be provided the opportunity to provide a profile image or other information for your account profile.

    If you provide us with feedback or contact us via email, we will collect your name and email address, as well as any other content or information included in or attached to your email, in order to send you a reply. If you order Services from us for a fee, we may also collect information needed for billing and payment purposes that will be processed through a secure third-party payment processor.

    We may combine the information we collect directly from you with information we obtain from public sources, partners, and other third parties and use such combined information in accordance with this Privacy Policy.

    Users can create or upload content, and we may ask for additional details to verify the identity of users on our platform. Some user information may be shared or revealed in order to participate in social interactions, such as sharing a rubric with a colleague. Social interactions of users are logged. User-created content is reviewed, screened, or monitored by the company.

    We may also directly collect analytics data, or use third-party analytics tools, such as Google Analytics, to help us measure traffic and usage trends in connection with the Services. We collect and use this analytics information in aggregate form such that it cannot reasonably be used to identify any particular individual. Aggregated or combined information, representing a collective summary of data, is treated with the same level of confidentiality and protection as personally identifiable information (PII) on our platform.

How we use the data we collect

Enlighten AI limits the collection and processing of data to only what is necessary to deliver the service. The use of personal information is limited to the purposes for which it was collected. This includes the following:

To provide and enhance our services:

  • Identify you as a user or visitor of our Services, facilitate the creation and security of your account, and manage user registrations.
  • Provide, administer, maintain, and improve your use of our Services, including enabling access to service functionalities for registered users.
  • Deliver products, services, or information you request, manage and fulfill service contracts, and respond to your inquiries and feedback.
  • Offer customer support and respond promptly to your requests.
  • Personalize and enhance your experience when interacting with our Services and communications.

To Communicate and Engage with Users

  • Send you a welcome email and verify ownership of your email address.
  • Provide updates, announcements, administrative email notifications (such as security alerts or support messages), newsletters, surveys, and other relevant communications.
  • Inform you about upgrades, special offers, or promotions tailored to your preferences.
  • Communicate via email, phone calls, SMS, or other electronic methods according to your selected communication preferences.

For Research and Development

  • Compile statistical or anonymized, non‑personally identifiable information, turning Personal Information into anonymous or aggregated data to support research purposes, improve our Services, and identify general usage trends.
  • Share aggregated, anonymized data publicly or with partners for lawful business purposes, provided such data is fully de‑identified.

For Legal Compliance and Protection

  • Comply with applicable laws, regulations, lawful requests, court orders, and legal processes.
  • Protect the rights, privacy, safety, and property of users, EnlightenAI, and others, including making and defending legal claims.
  • Enforce compliance with our Terms and Conditions and other contractual requirements.
  • Detect, prevent, investigate, and respond to misuse or abuse of our Services, including fraudulent, harmful, unauthorized, unethical, or illegal activities, such as cyberattacks and identity theft.
  • Audit our practices to ensure adherence to legal, regulatory, and contractual obligations.

How we disclose the data we collect

To the extent permitted by applicable law, EnlightenAI may disclose your PII in the following circumstances:

Service Providers. We may engage our affiliates or third-party organizations or individuals to support us in connection with the purposes listed above, such hosting providers, subcontractors, and third-party payment processors.

Law Enforcement. It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for EnlightenAI to disclose your PII. We may also disclose your PII if we determine disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.

Business Transfer. All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices. Please note that any Personal Data we collect that is subject to the Family Educational Rights and Privacy Act (“FERPA”), the Children’s Online Privacy Protection Act (“COPPA”) or other laws or regulations relating to the protection of students’ and/or children’ Personal Data will remain subject to such laws or regulations in the event that a third party assumes control of our business. To the extent that we are required to enter into a contract with a School under such laws or regulations, the contract will specify that any successor entity to EnlightenAI will be bound by the terms of such contract.

Prior Consent. We may also disclose your PII in other circumstances with your prior informed consent. Service providers acting on our behalf are obliged to adhere to confidentiality requirements no less protective than those set forth herein and will only receive access to your PII as necessary to perform their functions.

  • Third-party services

    Third-party services are used to support the product and process information as part of supporting the product. We screen third-party vendors to ensure they are limited to only processing data in support of delivering Enlighten AI’s product. We may share a user’s personal information with third-party providers for the purposes of product personalization, app functionality, analytics, and developer notifications as part of delivering the services. When user information is shared with a third-party vendor, it is done in an anonymous or de-identified format and strictly to provide our products and services. Partners and third-parties we may use are restricted from using data for their own purposes such as creating data profiles for personalized advertisements. Personal information is not shared for third-party marketing, nor is it sold or rented to third parties.

  • Third-Party AI Services

    We utilize application program interfaces ("API") to power the AI functionality of our Services from multiple AI vendors. A current list of these vendors can be found here. Specifically, parents wishing to retain more information about their child’s student records or other personal information processed by EnlightenAI should contact the educational institution which provided EnlightenAI access for their student in order to review, update, access, and otherwise delete any personal information about their child. Note that students may not directly sign up for our Platform, and thus we never directly collect personal information from students of any age.

    We prioritize data security and compliance with applicable data protection laws. However, we recommend reviewing the privacy policies of our AI providers to understand their specific data handling practices.

    No AI provider we use has the right to train models on any data processed on EnlightenAI’s behalf.

  • Other Third-Party Services

    It's important to us that we keep your information safe and secure. In order to help EnlightenAI provide, maintain, protect and improve our services, EnlightenAI shares information with other partners, vendors and trusted organizations to process it on our behalf in accordance with our instructions, Privacy Policy, and any other appropriate confidentiality, security or other requirements we deem appropriate. These companies will only have access to the information they need to provide the EnlightenAI service. You can find information on these partners and subprocessors we work with in our third-party subprocessors list here. This list may change over time, and we’ll work hard to keep it up-to-date.

    We do not share your personal data with third parties for their own marketing purposes, including direct marketing. We do not permit contextual advertisements, marketing, or other third-party advertising and promotion in our services. This policy applies to all users, regardless of location. Your personal data will only be shared with third-party service providers in order to fulfill the specific services you have requested from EnlightenAI and in compliance with this Privacy Policy.

    EnlightenAI's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy , including the Limited Use requirements.

  • Personalized Advertising

    We do not use or disclose Student Data for targeted advertising purposes. Specifically, personalized advertising (ads based on a user’s personal information) is not used or displayed in EnlightenAI’s products. We are committed to protecting the privacy and data of our students. We do not share student data with third-party advertisers or use it to create profiles for advertising purposes.

  • Sweepstakes, Contests and other Promotions

    We do not ask users to participate in any third-party sweepstakes, contests, or other similar promotions.

  • Automated Decision-Making

    EnlightenAI does not use in connection with the Services automated decision-making, including profiling, in a way that produces legal effects concerning you or which significantly affects you.

  • Data that is Not Personal Data

    We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Platform and promote our business, provided that we will not share such data in a manner that could identify you.

  • Links to Third-Party Sites

    Our provision of a link to any website or location outside of the Services is for your convenience and does not signify our endorsement of such other website or location or its contents. When you click on such a link, you will leave our site and go to another site. During this process, a third party may collect data, including PII, from you. We make reasonable efforts to inform you when you are leaving our site to a third-party site. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of data after you click on a link to a third party. We encourage you to carefully read the privacy statement of any other website you visit.

How we secure your data

We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. To further protect student data, EnlightenAI will conduct background checks on all employees who may have access to student data or sensitive information. We limit access to student data to only those employees with a legitimate need for such access to fulfill their job responsibilities. Access privileges are regularly reviewed and promptly revoked when no longer necessary or upon employee departure.You should also help protect your data by appropriately selecting and protecting your passwords and/or other sign-on mechanisms; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.

Data Retention
We retain Personal Data about you for as long as necessary to provide you with our Platform or to perform our business or commercial purposes for collecting your Personal Data. When establishing a retention period for specific categories of data, we consider who we collected the data from, our need for the Personal Data, why we collected the Personal Data, and the sensitivity of the Personal Data. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

For example:

  • We retain your profile information and credentials for as long as you have an active account with us.
  • We retain your content, such as rubrics, assignments, and feedback, for as long as you have an account with us.
  • We retain your device/IP data for as long as we need it to ensure that our systems are working appropriately, effectively and efficiently.

Data breaches
If EnlightenAI becomes aware of a systems security breach by an unauthorized party or that any user data was used for an unauthorized purpose, we will comply with relevant state and other data breach laws. We will notify users of any breach resulting in unauthorized release of data electronically, at minimum, and without unreasonable delay so that you can take appropriate steps. The notification will include: date of the breach, the types of information that were subject to the breach, general description of what occurred, and steps EnlightenAI is taking to address the breach.

Your Data, Your Choice
Your Data, Your Choice If you reside in California, kindly refer to additional information for California residents below for further details about your privacy protections under California legislation.

  • Opt-Out.
    We provide options regarding the gathering, usage, and distribution of your PII. Where allowed by relevant legislation, we might occasionally send you complimentary newsletters and electronic messages that directly advocate the usage of our products or services. Upon receiving newsletters or promotional correspondence from us, you can express a preference to cease receiving additional communications from us and you will have the chance to "opt-out" by adhering to the unsubscribe directions provided in the electronic message you receive or by reaching out to us directly. Regardless of your indicated electronic message preferences for other matters, we might send you operational notices such as revisions to our Terms of Use or Privacy Policy and similar account alerts.
  • Your Rights to Access, Correct, or Delete Your Personal Information.
    You can modify any of your PII in your account on the Services, including contact details and/or notification preferences, by updating your account profile. You might possess the right to make additional requests under relevant legislation related to your personal details in our possession, and depending on applicable legislation, you might have the right to challenge our determination regarding your request. Reach out to us at privacy@enlightenme.ai if you have inquiries or a request concerning your personal details. Your entitlements may include a right to access your personal details that we handle and transfer it, amend it, remove it (erasure), restrict it or oppose its sale or use for direct marketing objectives, and to not face retaliation for exercising your entitlements. We will strive to fulfill your requests.

    EnlightenAI will employ commercially reasonable measures to grant you access to your Personal Information (to the extent we possess any) if you submit your access request via an electronic message to info@enlightenme.ai . Students wishing to access and modify their Personal Information must have the Educator submit a request on their behalf.

    Once the Educator registers a Student Account, the Educator may access, modify or remove the Students' information and any user-created content by choosing the sections of the site and information including student work submissions and feedback.

    You may ask that we remove your account information by sending an electronic message to privacy@enlightenme.ai , but please be aware that we may be obligated (by law or otherwise) to retain this information and not remove it (or to retain this information for a specific duration, in which case we will fulfill your removal request only after we have satisfied such obligations). EnlightenAI will address such requests within thirty (30) days or earlier if mandated by applicable legislation. When we remove account information, it will be deleted from the active database, but might remain in our archives for a limited duration. We will otherwise maintain your information for as long as your account is active, as required to provide you with the Services you have requested, or as necessary to fulfill our legal obligations, resolve disputes, and enforce our agreements.
  • Information Processed Under the Direction of Customers.
    If an educational institution or other entity has enrolled for the Services (a "Customer") and your PII has been gathered by EnlightenAI as a consequence of such entity's utilization of the Services, EnlightenAI gathers and processes any such PII of yours under the guidance of the relevant Customer. If these circumstances pertain to you and you want to access, edit, delete, or exercise any rights you may have under applicable data protection regulations regarding any PII that we have collected about you, please direct your inquiry to the relevant Customer as this may accelerate the completion of your request. We nonetheless offer reasonable support to our Customers to implement data subject rights as appropriate and mandated by applicable regulations.

Student Data Policy

When an Educational Institution customer makes our Student Services available to students for an educational purpose, EnlightenAI may process personal information that is directly related to an identifiable student that is: (i) provided to EnlightenAI by an Educational Institution, or (ii) collected or generated by EnlightenAI during the provision of Services to the Educational Institution (“Student Data”). Student Data may include information defined as “educational records” by the Family Educational Rights and Privacy Act (“FERPA”) or “covered information” under California’s Student Online Personal Data Protection Act (“SOPIPA”), or other information protected by similar student data privacy laws. To view a schedule of student data we collect, please refer to Exhibit_D in our Data Privacy Agreement.

We consider Student Data to be confidential and do not use Student Data for any purpose other than to provide our Services on the Educational Institution’s behalf, in accordance with contractual agreements with the Educational Institution.

  • We collect, maintain, use and share Student Data only for an authorized educational purpose and as described in our Agreement with the Educational Institution, or as directed by the Educational Institution or by the Student’s parent or legal guardian (each, a “Parent”).
  • We do not use or disclose Student Data for targeted advertising purposes. Specifically, personalized advertising (ads based on a user’s personal information) is not used or displayed in EnlightenAI’s products. We are committed to protecting the privacy and data of our students. We do not share student data with third-party advertisers or use it to create profiles for advertising purposes.
  • We do not build a personal profile of a Student other than in furtherance of an educational purpose.
  • We maintain a comprehensive data security program designed to protect the types of Student Data maintained by the Service.
  • We will clearly and transparently disclose our data policies and practices to our users.
  • We will never sell Student Data unless the sale is part of a corporate transaction, such as a merger, acquisition, bankruptcy, or other sale of assets, in which case we will require the new owner to continue to honor the terms provided in this Student Data Policy or we will provide the Educational Institution with notice and an opportunity to opt-out of the transfer of Student Data by deleting the Student Data before the transfer occurs.
  • We disclose Student Data solely as needed to provide our Services on behalf of specific Educational Institutions in accordance with our contractual agreements with those Educational Institutions or with the consent of the Educational Institution or Parent.
  • We may also generate, use, and disclose de-identified information for adaptive learning purposes or customized student learning purposes, to recommend content or services relating to Educational Institution purposes or other educational or employment purposes, to develop, research and improve our Services, or to demonstrate the effectiveness of our Services.
  • We will not knowingly retain Student Data beyond the time period required to support an educational purpose, unless authorized by the Educational Institution.

If you are a Parent or Student and wish to access Student Data, delete Student Data or close your account, please direct your request to your Educational Institution.

If you are a Parent or Student and have questions about specific practices relating to Student Data provided to EnlightenAI by an Educational Institution, please direct your questions to your Educational Institution.

Compliance with FERPA and COPPA

In the United States, the Children’s Online Privacy Protection Act (COPPA) requires online service providers like EnlightenAI to obtain verifiable parental consent and provide parents with a direct notice before collecting, using, or disclosing personal information from children under the age of 13, except in limited scenarios. Such a limited scenario takes place when using EnlightenAI in an educational context (i.e. using EnlightenAI for the use and benefit of the school and for no other commercial purpose). In the educational context, the Federal Trade Commission (FTC) allows educators, schools, and school districts (collectively “School/s” or “Educational Institution/s”) to act as the parent’s agent and consent to the collection of students’ personal information on the parent’s behalf. In order for EnlightenAI to rely on consent obtained from Educational Institutions instead of parents, EnlightenAI must provide Educational Institutions with the same type of direct notice regarding its practices (as to the collection, use, or disclosure of personal information from children) as it would otherwise provide to the parent. This process ensures that educators are fully informed under COPPA requirements when they use EnlightenAI for educational purposes.

In accordance with COPPA guidelines, EnlightenAI only collects personal information of children from an Organization (after obtaining consent from a School Official) reasonably necessary to provide the Platform so that children may receive our educational services, and will not collect personal information of children under 13 for any extraneous purposes. Parents have the right to withdraw their consent at any time, halting any further collection of their child's information.

EnlightenAI may receive information uploaded to the service by teachers that is considered an education record and subject to the Family Education Rights and Privacy Act (“FERPA”). EnlightenAI is a “School official” under FERPA and processes student information as such. As required by FERPA, we ensure that student education records are kept confidential and are only disclosed under lawful conditions.

Student records obtained by EnlightenAI from an educational institution continue to be the property of and under the control of the educational institution. The educational institution retains full ownership rights to the personal information and education records it provides to EnlightenAI.

State law privacy rights

If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your "personal information" (as defined in the California Consumer Privacy Act ("CCPA")).

  • How We Source, Use, and Disclose Information for Business Purposes.

    The chart below details the categories of personal information we collect, the sources of such personal information, and how we use and share such information for business purposes.

    Categories of Personal Information Collected Sources of Personal Information Purposes for Use of Personal Information (see "How We Use the Data We Collect" for more information) Disclosures of Personal Information for Business Purposes (see "Information Sharing and Disclosure" for more information)
    Contact information (e.g., name, email address, organization, role, phone number, mailing address including state/province, country)
    • You
    • Provide the services requested and customer service
    • Communicate with you
    • Analyze use of and personalize the services
    • Improve the services
    • Provide security, prevent fraud, and for de-bugging
    • Comply with legal requirements
    • Service providers
    • Law enforcement in the event of a lawful request
    • With entities in the event of a business transaction
    • With your consent
    Financial and transactional information (e.g., payment account information and donation history)
    • You
    • Payment processors
    • Process service fees
    • Communicate with you
    • Comply with legal requirements
    • Payment processors
    • Law enforcement in the event of a lawful request
    • With entities in the event of a business transaction
    • With your consent
    Login information (e.g., your account name)
    • You
    • Provide the services and customer service
    • Provide security, prevent fraud, and for de-bugging
    • Comply with legal requirements
    • Service providers
    • Law enforcement in the event of a lawful request
    • With entities in the event of a business transaction
    • With your consent
    Device and online identifier information (e.g., IP address, browser type, operating system, general location inferred from IP address, and similar information)
    • You, through your device
    • Provide the services and customer service
    • Analyze use of and personalize the services
    • Improve the services
    • Provide security, prevent fraud, and for de-bugging
    • Comply with legal requirements
    • Service providers
    • Law enforcement in the event of a lawful request
    • With entities in the event of a business transaction
    • With your consent
    Service usage information (e.g., the dates and times you use the services, how you use the services, and the content you interact with on the services)
    • You, through your device
    • Provide the services and customer service
    • Analyze use of and personalize the services
    • Improve the services
    • Provide security, prevent fraud, and for de-bugging
    • Comply with legal requirements
    • Service providers
    • Law enforcement in the event of a lawful request
    • With entities in the event of a business transaction
    • With your consent
  • Please note that the above chart does not describe the Student Data that we process. For more information about our privacy practices with regard to Student Data, please refer to our Student Data Policy. In short – Student Data are processed solely on behalf of specific Educational Institutions under a student data privacy agreement. If you have questions about an Educational Institution’s privacy practices, you should contact the Educational Institution directly.
  • Your California Privacy Rights.

    If you are a California resident, the CCPA allows you to make certain requests about your personal information. Specifically, the CCPA allows you to request us to:

    • Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information.
    • Provide access to and/or a copy of certain personal information we hold about you.
    • Delete certain personal information we have about you.
    • Provide you with information about the financial incentives that we offer to you, if any.

The CCPA further provides you with the right not to be discriminated (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide our services to you. We also will take reasonable steps to verify your identity before responding to a request. In doing so, we may ask you for verification information so that we can match at least two verification points with information we maintain in our files about you. If we are unable to verify you through this method, we shall have the right, but not the obligation, to request additional information from you. Please also note that if your personal information has been collected by EnlightenAI as a result of a Customer's (as defined above) use of our services, EnlightenAI collects and maintains your personal information under the directions of the relevant Customer. If these circumstances apply to you and you wish to access or delete any personal information that we have collected about you, please direct your query to the relevant Customer as this may expedite the completion of your request. We nevertheless provide reasonable assistance to our Customers to give effect to consumer choices as appropriate and required by applicable laws.

If you would like further information regarding your legal rights under California law or would like to exercise any of them, or if you are an authorized agent making a request on a California consumer's behalf, please contact us at privacy@enlightenme.ai

The CCPA provides certain rights if a company "sells" personal information, as such term is defined under the CCPA. We do not engage in activities that would be considered "sales" of personal information under the CCPA.

Shine the Light Disclosure: The California "Shine the Light" law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.

Do Not Track Signals: EnlightenAI does not track users over time and across third-party websites and therefore does not respond to Do Not Track ("DNT") signals from web browsers. Further, because there currently is no industry standard concerning what, if anything, a service should do when they receive such signals, we currently do not take action in response to these signals.

Changes to this Privacy Policy
We may revise our Privacy Policy from time to time. You can see when the last update was by looking at the "Last Updated" date at the top of this page. We won't reduce your rights under this Privacy Policy without your explicit consent. If we make any significant changes, we'll provide prominent notice by posting a notice on the EnlightenAI Service and notifying you by email (using the email address you provided) within 30 days before the change takes effect, so you can review and make sure you know about them.

We encourage you to review this Privacy Policy from time to time, to stay informed about our collection, use, and disclosure of personal information through the Service and EnlightenAI. If you don't agree with any changes to the Privacy Policy, you may terminate your account. By continuing to use the Service or the EnlightenAI after the revised Privacy Policy has become effective, you acknowledge that you accept and agree to the current version of the Privacy Policy.

Change of Control
Over time, EnlightenAI may grow and reorganize. We may share your information, including personal information with affiliates such as a parent company, subsidiaries, joint venture partners or other companies that we control or that are under common control with us, in which case we will require those companies to agree to use your personal information in a way that is consistent with this Privacy Policy.

In the event of a change to our organizations such that all or a portion of EnlightenAI or its assets are acquired by or merged with a third-party, or in any other situation where personal information that we have collected from users would be one of the assets transferred to or acquired by that third-party, this Privacy Policy will continue to apply to your information, and any acquirer would only be able to handle your personal information as per this policy (unless you give consent to a new policy). We will provide you with notice of an acquisition within thirty (30) days following the completion of such a transaction, by posting on our homepage and by email to your email address that you provided to us. If you do not consent to the use of your personal information by such a successor company, subject to applicable law, you may request its deletion from the company.

In the unlikely event that EnlightenAI goes out of business, or files for bankruptcy, we will protect your personal information, and will not sell it to any third-party.

Email: privacy@enlightenme.ai

Address: Teaching Lab Ventures, Inc.,
1802 Vernon St. NW
PMB 533
Washington, DC 20009

Third-party subprocessors

EnlightenAI uses select, vetted third-party subprocessors - other companies that we share information with to help us do business. These companies help us do things like manage our servers to make sure EnlightenAI is reliable and fast or provide software that powers our customer support. If you would like further information on the data collection and use practices of the subprocessors listed, please visit our Privacy Policy or contact us at privacy@enlightenme.ai

Service providers

Anthropic for AI API services
Info shared: Assignment details, student written work (without personally identifiable information)

Appsignal for analytics and event tracking
Info shared: Anonymized user session data, device/browser info, and application errors.

Fly.io for hosting services and storage
Info shared: Everything in EnlightenAI

Google Analytics for web analytics
Info shared: Anonymized web traffic, e.g., page views, session durations, device/browser info.

Google for single-sign on, Google Classroom integration, and importing and exporting from Drive
Info shared: EnlightenAI receives an authentication token and email for SSO but does not share information with Google; for Google Classroom, EnlightenAI receives rosters (names and emails), course names, topics, assignments, and submitted student work, but does not share data with Google.

Instructure for Canvas integration customers
Info shared: EnlightenAI receives rosters (names and emails), course names, assignments, and submitted student work; EnlightenAI posts scores and feedback comments for students at the user’s discretion.

Intercom for in-app chat support for users
Info shared: User names and email addresses.

Metabase for event tracking
Info shared: Anonymized user interactions within the app.

Microsoft for single-sign on
Info shared: EnlightenAI receives an authentication token and email for SSO but does not share information with Microsoft.

OpenAI for AI API services
Info shared: Assignment details, student written work (without personally identifiable information)

PostHog for app analytics
Info shared: Name, email, device information and actions or interactions with the app.

Sendgrid for customer communications
Info shared: Name and email address.

Sentry for event logging for analytics
Info shared: Anonymized user session data, device/browser info, and application errors.

TogetherAI for AI API services
Info shared: Assignment details, student written work (without personally identifiable information)