AILearn360 AI Privacy Policy

Version 3.3
Effective: October 11, 2025Last Updated: February 18, 2026

Data Residency And Infrastructure

Account and Materials Storage

Secure data centers located within the European Union (EU)

AI Processing

Content you submit for AI features is processed through OpenRouter using only Zero Data Retention (ZDR) certified providers, which may involve international data transfers outside the EU.

Important Note

EU residency applies to stored account data and study materials, not to real-time AI inference.

Infrastructure

Hosting: Our platform is hosted on secure infrastructure compliant with GDPR and industry-standard security practices.

Privacy Mode: Strict Privacy Mode is always enabled and cannot be disabled by users.

Storage Scope: Account data, study materials, and chat history are stored in EU-based systems with encrypted databases and TLS 1.3 transport.

Executive Summary For Eu Users

What We Control

Account data and study materials are stored in Italy (EU). We select privacy-focused AI providers and configure maximum privacy settings.

What We Don't Control

When you use AI features, processing is performed by OpenRouter with ZDR-certified providers, which may involve international transfers we cannot monitor in real time.

Transfer Safeguards

We use EU Standard Contractual Clauses, encryption, Data Processing Agreements, and an essential-cookies-only posture compliant with the ePrivacy Directive.

Your Rights

Full GDPR rights: access, deletion, export, withdrawal of consent. You can disable AI while keeping your account.

Retention Highlights

Chat

Up to 3 years (see main Privacy Policy)

Materials

While your account is active

Logs

90 days for security and abuse monitoring

Service Suitability

Recommended For:

Adults (18+) using their own study materials for personal learning, comfortable with SCC-based international transfers.

Not Suitable For:

Users needing strict EU-only processing, healthcare/education institutions needing HIPAA/FERPA compliance, users under 18, or anyone handling highly sensitive/confidential data.

Overview

Purpose

This AI Privacy Policy explains how AI features work, what data is sent to third parties, and what we can and cannot guarantee.

Controller vs Processors

AILearn360 controls account data and chooses providers. Third-party AI providers operate their own infrastructure under their privacy policies and our DPAs.

Critical Legal Notice

Target Audience

AILearn360 is designed for individual users aged 18+ for personal educational use.

Age Requirements and Law

Platform Policy

All users must be 18+.

Italian Reference

Italian Legislative Decree 101/2018 sets 14 as digital consent age, but we apply a stricter 18+ requirement globally.

Age Verification

Age is self-declared during registration; we rely on user honesty and do not knowingly collect data from users under 18.

Underage Enforcement

Steps If Detected

  • Immediate account suspension
  • Deletion of all personal data, study materials, and chat history within ~48 hours
  • Notification (if possible) that the account was terminated due to age restrictions
  • Retention of minimal data only if legally required for defense

Reporting Channel

Report suspected underage accounts to [email protected] for review.

Not Intended For

  • Educational institutions (schools, universities) requiring FERPA compliance or institutional audit trails
  • Healthcare organizations requiring HIPAA BAAs or PHI handling
  • Users under 18 (or under 14 in Italy without parental consent; we require 18+ regardless)
  • Processing of highly sensitive, confidential, or regulated data

As-Is Disclaimer

AI features are provided as-is. AI may hallucinate, produce biased content, or include factual errors. You must verify all AI-generated information before relying on it.

Liability Ceiling

Maximum liability is $100 USD or the subscription fees you paid, whichever is greater, except where GDPR or other mandatory law applies.

Institutional Compliance Limitations

Why No Institutional Mode

AILearn360 is designed for individual adult learners, not institutions.

Infrastructure vs Platform

While our ZDR AI providers may support HIPAA/FERPA in principle, AILearn360 is not certified for institutional compliance and does not offer Business Associate Agreements (BAAs), FERPA guarantees, or institutional audit trails.

Prohibited Content Types

  • Student educational records covered by FERPA
  • Protected Health Information (PHI) covered by HIPAA
  • Employee personal data (if you are an employer)
  • Data belonging to minors under 18
  • Any regulated or confidential data requiring institutional compliance guarantees

Bottom Line

The platform is for your own personal study materials only.

Roles and Responsibilities

What We Control

  • Application security and EU storage of account data and study materials
  • Selection of privacy-focused AI providers
  • Configuration of strict privacy settings (data_collection: 'deny')
  • Maintaining Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs)

What Third Parties Control

  • Their infrastructure and operational details
  • Their retention windows and internal security logs
  • Their policy changes and service availability

Your Responsibility

  • Review third-party privacy policies before using AI features
  • Make sure you have rights to the materials you upload
  • Do not upload highly sensitive or confidential data
  • Comply with all applicable laws in your jurisdiction

Data Processing Agreements

Status

AILearn360 maintains written DPAs with OpenRouter and Google Cloud that satisfy GDPR Article 28.

Content

  • Purpose limitation (AI assistance for educational content only)
  • Data type limits (prompts, questions, excerpts from study materials)
  • Security measures (encryption, access controls, audit trails)
  • Sub-processor authorization and transparency
  • Data subject rights assistance (access, deletion, portability)
  • Breach notification obligations
  • Secure deletion of data on termination
  • Audit rights to verify processor compliance

Controller Accountability

Even though we rely on sub-processors, we remain responsible for ensuring they provide sufficient guarantees under GDPR Article 28.

Data Protection Impact Assessment

Summary

We performed a Data Protection Impact Assessment (DPIA) for AI processing, covering necessity, proportionality, risks to users, encryption, minimization, and safeguards.

Availability

A summary can be shared with supervisory authorities, affected users on request, and compliance auditors (under NDA).

Update Cycle

  • Reviewed annually as part of our privacy review cycle
  • Re-reviewed when adding new AI features or providers
  • Re-reviewed after relevant legal or regulatory changes
  • Re-reviewed following any security incident

Why Required

Our AI features process user study materials, personalize content, and involve international transfers. This is considered high-risk processing under GDPR Article 35(3), requiring a DPIA.

Service Delivery Model

Model

Software-as-a-Service (SaaS)

Who Runs It

AILearn360 operates infrastructure, storage, and security. Users access through a browser.

Implication

Users are not responsible for configuring infrastructure, but are responsible for lawful use of the service.

Plain Language Summary

In Simple Terms

We use AI to help you learn. We send parts of your study materials and questions to trusted AI providers to generate answers for you.

What We Do

  • We send your questions and study material excerpts to ZDR-certified AI providers (via OpenRouter) for processing
  • We work to remove personal identifiers before sending
  • We store inputs and outputs (question + AI answer) in your account so you can review them later
  • You can turn off AI features at any time by withdrawing consent in settings

What You Need to Know

  • Your content is processed by external AI companies we don't fully control
  • We choose providers that commit not to train on your data
  • You are responsible for having rights to the materials you upload
  • We do not sell your personal data or your study materials

Key Privacy Protections

  • We do not train our own models on your data
  • We apply strong encryption and access controls
  • Your study materials are private to you by default
  • You can delete your data at any time

How We Use AI and Your Data

AI Use Cases

  • Intelligent tutoring and personalized explanations
  • Quiz generation from uploaded materials
  • Content summarization of long documents
  • Study recommendations and guidance
  • Document analysis for key concepts and definitions

Data Sent to AI

  • Study material excerpts
  • Your questions and prompts
  • Limited recent chat context (for continuity, ~last 10 messages)

Data Not Sent to AI

  • Email addresses
  • Passwords
  • Payment card data (handled by PCI-DSS compliant payment processors)
  • IP addresses
  • Device fingerprint details
  • Full legal names where we can safely strip them

Processing Flow

  • You ask a question or upload a document
  • We sanitize and minimize data (remove personal info where possible)
  • We securely send only what's needed to the AI provider
  • The AI provider processes and returns an answer
  • We show you the answer
  • We store question/answer pairs in your account per retention rules

Data Retention

Platform Retention

Chat Conversations

Stored in your account for context and review, following the retention rules in the main Privacy Policy (up to ~3 years).

API Logs

Request metadata (timestamps, request IDs, rate limiting data) retained for ~90 days for troubleshooting and abuse prevention. These logs do not include full prompt/response text.

Backups

Encrypted backups typically retained for ~30 days, then purged.

Third Party Retention

OpenRouter

Retains limited data for up to 55 days for abuse monitoring; does not store prompts/responses for paid API usage, and does not use such data for training.

Zdr Providers

ZDR-certified providers do not retain prompt/response data; contractual guarantee that customer data is not used to train models.

We Do Not Store

We do not have access to third-party providers' internal inference logs, intermediate states, or internal debugging traces.

Your Controls

  • Delete chat history or delete the associated study material to remove stored AI conversations
  • Delete your entire account and all data in settings
  • Withdraw consent to disable AI processing while keeping your account active

User Controls

Disable AI

You can withdraw your consent in settings to disable all AI processing without deleting your account.

Clear Chat History

You can delete stored AI conversation history immediately.

Privacy Mode

Strict Privacy Mode is enforced by default and cannot be disabled by users.

User Acknowledgment and Consent

Third Party Processing

By using AI features, you agree that your study materials and questions may be processed by OpenRouter and ZDR-certified AI providers.

Policies to Review

  • https://openrouter.ai/privacy
  • https://cloud.google.com/privacy
  • https://cloud.google.com/terms/cloud-privacy-notice
  • https://cloud.google.com/generative-ai-app-builder/docs/data-governance

Content Responsibility

  • You must have the right to submit the content you upload
  • Do not submit highly sensitive/confidential data
  • Do not upload copyrighted materials without authorization
  • Understand that AI processing involves third-party services

Liability Context

We configure maximum privacy via strict routing and data minimization, but we do not control third-party providers' internal systems.

What We Guarantee

Commitments

  • We avoid collecting your personal data for our own purposes beyond providing the service
  • We do NOT train our own AI models on your data
  • We apply strong application security (password hashing, secure sessions, RBAC)
  • We select AI providers with published privacy commitments and configure them to deny data collection when possible
  • Your study materials are private and visible only to you (unless you choose to share)
  • We scan uploaded files for malware (no solution is 100% effective)
  • We rate-limit requests to prevent abuse
  • We protect infrastructure using TLS 1.3, WAF, and DDoS mitigation

We Do Not Guarantee

See EU Data Residency and Data Retention for details on where and how AI providers may process data.

Service Warranty and Liability Limitations

As-Is Service

  • AI features are provided 'as-is' and 'as available' with no express or implied warranties
  • We do not guarantee accuracy, completeness, non-infringement, or fitness for a particular purpose
  • We do not guarantee uninterrupted, error-free, or bias-free AI output
  • We do not guarantee the security, uptime, or availability of third-party AI providers

AI Content Disclaimer

  • AI-generated content may contain factual errors, outdated information, bias, or hallucinations
  • You must verify AI-generated content before relying on it

Limitation of Liability

Maximum Liability

For AI features, our total liability is limited to the lesser of (a) what you paid in the 12 months before the claim, or (b) $100 USD.

Legal Theories

This limit applies to all legal theories (warranty, contract, tort, etc.).

GDPR and Mandatory Law Exceptions

  • This limitation does not apply to GDPR Article 82 compensation for data protection violations
  • This limitation does not apply to mandatory consumer protection rights
  • This limitation does not apply to death/personal injury caused by our negligence
  • This limitation does not apply to fraud or fraudulent misrepresentation
  • This limitation does not apply to any liability that cannot be excluded under applicable law

Excluded Damages

  • Indirect, incidental, special, consequential, or punitive damages
  • Loss of profits, data, use, goodwill, or other intangible losses
  • Damages caused by third-party AI service failures
  • Damages caused by your content or your use of AI features
  • Damages arising from unauthorized access or breach at a third-party AI provider

Exceptions Note

These exclusions do not apply to damages arising from GDPR violations or mandatory EU data protection obligations.

Consumer Protection

Nothing in this policy limits liability where such limitation would be unlawful.

Third Party AI Services

OpenRouter

Role

Routes AI requests to privacy-focused model providers.

Privacy Policy

https://openrouter.ai/privacy

Data Handling

Does not store prompts/responses for paid API usage; keeps limited abuse-monitoring data up to ~55 days.

Provider Slug

ZDR-certified providers via zdr: true

Configuration

Data Collection

deny

Privacy Mode

strict

Fallback Providers

disabled

Key Privacy Features

  • No training on paid prompts/responses
  • Abuse monitoring retention capped (~55 days)
  • Uses providers that maintain SOC 2 Type II or equivalent security certifications.
  • Routes requests according to privacy preferences

Zdr Providers

Role

ZDR-certified AI model providers for generation and reasoning, selected via OpenRouter with zdr: true.

Privacy Resources

  • https://openrouter.ai/docs/provider-routing
  • https://openrouter.ai/docs/providers

Key Privacy Commitments

  • Contractual guarantee: no training on customer data
  • Zero Data Retention (ZDR) certification — no prompt/response data retained
  • Some providers may be HIPAA-capable at infrastructure level, but AILearn360 does not itself offer HIPAA/FERPA compliance for institutional use
  • GDPR-compliant providers with EU data residency options where available
  • Providers maintain SOC 2, ISO 27001 or equivalent compliance
  • Treats generated outputs as customer data under your control

Acceptance of Terms

Acknowledgement

  • You accept the AI Privacy Policy terms, limitations, and disclaimers
  • You acknowledge that AI services are provided 'as-is' without warranties
  • You accept the liability limitation (subscription fees or $100 USD, whichever is greater)
  • You take responsibility for legal compliance regarding uploaded content
  • You agree that AI-generated content may contain errors and must be verified

If You Disagree

If you do not accept these terms, do not use AI features.

Liability and User Responsibility Notice

As Is

AI features are provided as-is with no warranty of accuracy, completeness, or suitability.

Liability Cap

Our liability for AI features is capped at $100 USD or your subscription fees (whichever is greater), except where GDPR or mandatory law applies.

You Are Responsible for

  • Having the right to process the content you upload
  • Complying with GDPR, FERPA, HIPAA, COPPA, copyright law, etc.
  • Not submitting highly sensitive or confidential data
  • Reviewing and accepting the privacy policies of OpenRouter and Google Cloud
  • Verifying AI-generated content before using it

Indemnification

By using AI features, you agree to indemnify us for claims that arise from your use, except where such indemnification is restricted by applicable law.

Available Languages

English
en
Italiano
it
Español
es
Français
fr
Deutsch
de
Português
pt

Contact Information

For questions about this AI Privacy Policy or to exercise your rights, please contact us at [email protected]