Privacy Policy
Last Updated: 22 April 2025 π
Welcome to Chalkie AI (https://chalkie.ai/)! π This privacy notice outlines how Chalkie ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our Software-as-a-Service product and website. It also details how we comply with relevant data protection regulations, including the General Data Protection Regulation (GDPR) πͺπΊ, the Family Educational Rights and Privacy Act (FERPA) πΊπΈ, and the Australian Privacy Act 1988 (Cth) π¦πΊ.
π Contact Details
For any privacy-related questions or requests, please contact us:
Address: 49 Rustlings Road, SHEFFIELD, S11 7AA, GB
Email: hello@chalkie.ai
π What Information We Collect and Why
We collect and process information necessary to provide, maintain, and improve Chalkie AI. This includes:
Information You Provide Directly:
Account Information: Your name, email address, password, and potentially your institution or role (if applicable) when you register an account. Why: To create and manage your account, provide access to the service, and communicate with you.
Payment Information: Billing details when you subscribe to paid services. Note: Payment processing is handled by our secure third-party partner Stripe. We do not directly store your full credit card or bank details. Why: To process payments for subscriptions.
User-Generated Content: The prompts you enter, text, lesson plans, presentation content, and other information you create or upload while using Chalkie AI (e.g., generating slides). Why: To provide the core functionality of the service (generating content based on your input).
Communications: Information you provide when you contact us for support or other inquiries. Why: To respond to your requests and provide assistance.
Marketing Preferences & Consent: Your preferences for receiving marketing communications and records of consent you have provided. Why: To send relevant updates and offers (where consented) and respect your choices.
Information Collected Automatically:
Usage Data: Information about how you interact with our website and service, such as features used, pages visited, clicks, time spent, and user journeys. This may involve tools like Microsoft Clarity. Why: To understand user behaviour, improve the service, troubleshoot issues, and enhance user experience.
Device and Connection Information: IP addresses, browser type, operating system, and other technical details about your device and connection. Why: For security purposes, analytics, and optimizing service delivery.
Cookies and Similar Technologies: We use cookies and similar tracking technologies. For detailed information, please see our "Cookies" section below. Why: To enable website functionality, remember preferences, perform analytics, and potentially for marketing.
π Legal Bases for Processing (GDPR)
We rely on the following lawful bases under GDPR to process your personal data:
Contract: Processing necessary to perform our service contract with you (e.g., managing your account, generating content, processing payments).
Legitimate Interests: Processing necessary for our legitimate interests, provided these do not override your fundamental rights and freedoms (e.g., improving our service, security monitoring, analyzing usage trends, limited marketing communications about similar services).
Consent: Where required by law, or for specific purposes like non-essential cookies or certain marketing communications, we will rely on your explicit consent. You can withdraw consent at any time.
Legal Obligation: Processing necessary to comply with our legal obligations (e.g., financial record-keeping).
We process your data only when we have a valid legal basis, applying the appropriate basis depending on the specific processing activity.
π Where We Get Personal Information From
Directly from you: When you sign up, use the service, make payments, or contact us.
Automatically: Through your use of our website and service (e.g., usage data, cookies).
Third Parties: Such as Google for authentication purposes if you choose to sign in via Google.
π Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention periods are as follows:
You may request deletion of your data at any time, subject to legal or operational requirements. See "Your Data Protection Rights" below.
π€ Who We Share Information With
We do not sell your personal data. We only share information with trusted third-party partners who help us operate and provide Chalkie AI, under strict confidentiality and data processing agreements:
OpenAI : We send the prompts and content you provide to OpenAI's API to generate lesson content and other outputs as requested by you. No personal identifiers (like your name or email) are sent with this content. Please review OpenAI's policies for how they handle data received via their API: https://openai.com/policies/usage-policies/
DigitalOcean : Hosts our application servers, website, and stores service data securely.
Google : Manages authentication if you sign in with Google. Used for exporting content to Google Slides if you use that feature. We comply with the Google API Services User Data Policy, including the Limited Use requirements.
Stripe : Handles payment processing securely. We do not store your full card details.
Microsoft Clarity : Provides aggregated and anonymized insights into user journeys and website behaviour to help us improve usability.
YouTube API Services : Used if our service allows embedding or retrieving YouTube content. Use of such features is governed by the YouTube Terms of Service and Google Privacy Policy.
We may also share data if required by law, to protect rights and safety, or in connection with a business transfer (e.g., merger or acquisition), ensuring appropriate safeguards are in place.
π Data Hosting & International Transfers
Our primary servers, hosted by DigitalOcean, are located in Amsterdam, Netherlands π³π±. Data storage and processing comply with GDPR standards.
If we transfer personal data outside the UK, EEA, or Australia (e.g., through our use of third-party services like OpenAI based in the US), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the relevant authorities or verifying the recipient's participation in a recognized adequacy framework, to protect your data in accordance with UK GDPR, EU GDPR, and the Australian Privacy Principles (APPs).
πͺ Cookies and Similar Technologies
We use cookies (small text files placed on your device) and similar technologies (like web beacons or pixels) to operate our website, remember your preferences, analyze performance, and potentially for marketing purposes. These may include:
Essential Cookies: Necessary for the website and service to function (e.g., login sessions).
Analytics Cookies: Help us understand how users interact with our service (e.g., Google Analytics, Microsoft Clarity).
Preference Cookies: Remember choices you make (e.g., language).
Marketing Cookies: Used to deliver relevant advertising (if applicable).
You can typically manage cookie preferences through your browser settings. For more detailed information on the specific cookies we use, their purposes, and how to manage your consent, please contact us.
π FERPA Compliance (U.S. Educational Institutions)
If Chalkie AI is used by a U.S. school or district ("School"):
School Official Status: Where applicable under a contract with a School, Chalkie acts as a "school official" with legitimate educational interests under FERPA (34 CFR Β§ 99.31(a)(1)).
Educational Purpose: We collect and use "student data" (if any is provided by the School or its users) solely for the educational purpose of providing the Chalkie AI service as contracted by the School. We do not use student data for commercial purposes like targeted advertising.
Student PII: Chalkie AI is not intended for the direct collection or storage of sensitive personally identifiable information (PII) from student education records within the user-generated content itself (e.g., student names, grades, ID numbers within lesson plans or slides). Schools and their users (e.g., teachers) are responsible for the content they input and should avoid entering sensitive student PII into Chalkie AI prompts or generated materials. We implement reasonable security measures, but the School remains the primary controller of student data under FERPA.
Data Access & Deletion: The School can request access to, review, or request deletion of student data associated with their contract by contacting us. We will comply with such requests within a reasonable timeframe.
Data Security: We implement administrative, physical, and technical safeguards to protect any data processed, consistent with industry standards.
Data Breach: In the event of a data breach potentially involving student data, we will notify the affected School(s) promptly.
π¦πΊ Australian Privacy Act Compliance
For users in Australia, we are committed to complying with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs):
Collection: We only collect personal information reasonably necessary for our functions and activities.
Notification: As outlined in this policy, we inform you about the types of data collected, purposes, third-party sharing, and that data is primarily stored securely in Amsterdam, Netherlands.
Access and Correction: You have the right to request access to and correction of your personal information we hold (see "Your Data Protection Rights").
Data Security: We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorized access, modification, or disclosure.
Cross-border Disclosure: We take reasonable steps to ensure overseas recipients (like OpenAI or DigitalOcean) handle your data in accordance with the APPs, typically through contractual clauses.
Notifiable Data Breaches (NDB): We comply with the NDB scheme requirements in case of eligible data breaches.
π Your Data Protection Rights
Depending on your location and applicable law (particularly under GDPR and similar regulations), you have rights regarding your personal data:
Right of Access: Request a copy of the personal data we hold about you. π₯
Right to Rectification: Ask us to correct inaccurate or incomplete information. βοΈ
Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data under certain conditions (e.g., it's no longer needed for the purpose it was collected). ποΈ
Right to Restrict Processing: Ask us to limit how we process your data in specific circumstances. β
Right to Object: Object to processing based on legitimate interests or for direct marketing. π
Right to Data Portability: Request your data be transferred to you or another organization in a structured, commonly used, machine-readable format (where processing is based on consent or contract and automated). π
Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time (this won't affect past processing). β
There is usually no fee to exercise these rights. We aim to respond to verifiable requests within one calendar month. π
π¬ To make a request, please contact us using the details at the top of this policy. We may need to verify your identity before fulfilling your request.
π£ How to Complain
We hope to resolve any concerns you have directly. Please contact us first using the details provided above.
However, if you are unsatisfied with our response or believe we are not processing your data in accordance with the law, you have the right to lodge a complaint with your local data protection supervisory authority:
In the UK: Information Commissionerβs Office (ICO)
Website: https://www.ico.org.uk/make-a-complaint
Helpline: 0303 123 1113 βοΈ
In Australia: Office of the Australian Information Commissioner (OAIC)
Website: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us
In the EU: Contact the data protection authority in your member state.
In the U.S.: FERPA complaints are typically handled through the educational institution or the U.S. Department of Education's Student Privacy Policy Office (SPPO).
π Changes to This Policy
We may update this privacy policy from time to time. The "Last Updated" date at the top indicates the latest revision. We encourage you to review this policy periodically. For significant changes, we may notify you via email or through the service.
π Thank you for using Chalkie AI!