PRIVACY
Privacy policy
EduForgeAI Inc. ("EduForgeAI", "we", "us") respects your privacy and is committed to protecting personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. This policy describes how we collect, use, disclose and safeguard information when you visit eduforgeai.pro, use our enterprise AI learning platform, or communicate with our team.
1. Accountability
Our Privacy Officer oversees compliance with this policy and PIPEDA principles. Contact: [email protected]. EduForgeAI Inc., 80 Stone Road West, Suite 310, Guelph, ON N1G 0A2, Canada.
2. Information we collect
We may collect: identity and contact information (name, email, organisation, phone); account credentials for platform administrators; educator and student data processed under district agreements; technical logs (IP address, browser type, device identifiers); usage analytics from platform interactions; and communications you send through contact forms or support channels.
Student data is collected only under written agreements with educational institutions that remain the data controllers for learner records. EduForgeAI acts as a service provider processing data on documented instructions.
3. Purposes of collection
We use personal information to: provide and improve our AI learning platform; deliver adaptive learning, intelligent tutoring and analytics features; respond to demo requests and support enquiries; administer contracts and billing; ensure platform security and fraud prevention; comply with legal obligations; and conduct aggregated, de-identified research on learning science outcomes.
4. Consent
We obtain meaningful consent before collecting personal information except where permitted by law. Website contact forms require explicit PIPEDA consent via checkbox. District deployments rely on institutional authority and student privacy frameworks established by the educational organisation.
5. Limiting collection and use
We collect only information reasonably necessary for identified purposes. Student analytics are processed with data minimisation principles. We do not sell personal information. We do not use student data for unrelated advertising or marketing profiling.
6. Disclosure to third parties
We may share information with: cloud infrastructure providers hosting Canadian and North American data centres; integration partners necessary for LMS connectivity under strict data processing agreements; professional advisors bound by confidentiality; and authorities when required by law. All subprocessors are vetted for PIPEDA-aligned safeguards.
7. Cross-border transfers
Where data may be processed outside Canada, we implement contractual protections, conduct transfer impact assessments and notify institutional customers. Districts may elect Canadian-only residency options in enterprise agreements.
8. Retention
Contact form data is retained for twenty-four months unless a business relationship continues. Platform data retention follows institutional agreements and provincial education record requirements. Analytics logs are retained up to eighteen months in de-identified form.
9. Security safeguards
We employ encryption in transit and at rest, role-based access controls, multi-factor authentication for administrators, intrusion detection, regular penetration testing and employee privacy training. Incident response procedures include breach notification to affected institutions and the Privacy Commissioner of Canada when required.
10. Individual access and correction
You may request access to personal information we hold about you, subject to legal exceptions. Correction requests will be processed promptly. Students and families should contact their educational institution as primary data controller for learner records.
11. Cookies and tracking
Our website uses cookies for essential functionality, analytics and preference storage. See our Cookie Policy for categories, durations and opt-out mechanisms.
12. Children's privacy
Platform features involving minors are deployed only through schools and districts with appropriate consent frameworks. We do not knowingly collect personal information directly from children under thirteen through our marketing website.
13. Automated decision-making
Our adaptive learning and assessment features use algorithmic recommendations. Educators retain override authority. We provide transparency documentation explaining how recommendations are generated and how to challenge automated outputs through institutional channels.
14. Changes to this policy
We may update this policy to reflect legal or operational changes. Material updates will be posted on this page with a revised "Last updated" date. Continued use after changes constitutes acceptance for website visitors; institutional customers receive direct notice.
15. Complaints
Privacy concerns may be directed to our Privacy Officer. If unresolved, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.
16. Platform-specific processing
When districts deploy adaptive learning pathways or intelligent tutoring modules, we process interaction logs, assessment responses and roster identifiers strictly under institutional instructions. Data fields are documented in deployment data maps reviewed during onboarding. Educators may export learner progress reports subject to role permissions configured by district administrators.
17. Marketing communications
With consent, we may send product updates, event invitations and research summaries to professional contacts. You may unsubscribe via link in any email or by contacting [email protected]. Transactional messages related to active agreements are not marketing and cannot be opted out of while services continue.
18. De-identification and research
We may create aggregated, de-identified datasets to improve learning science models and publish anonymised trend reports. Individual learners cannot be re-identified from these datasets. Institutional customers may opt out of contributing de-identified analytics to product improvement research.
19. Vendor management
Subprocessors undergo security questionnaires, privacy reviews and contractual data protection obligations before engagement. A current subprocessor list is available to enterprise customers upon request. Material changes trigger notification per data processing agreements.
20. Accessibility of privacy notices
We provide this policy in accessible HTML format. Alternate formats are available upon request to support educators and administrators with disabilities. We review readability annually as part of our privacy governance programme.
21. Biometric and special category data
EduForgeAI does not collect biometric identifiers through our standard platform modules. If future features require special category data, we will conduct privacy impact assessments, obtain explicit consent where required and limit processing to documented educational purposes approved by institutional data controllers.
22. International institutional partners
Canadian institutions remain our primary focus. Where international research collaborations involve personal information, we apply PIPEDA-compatible safeguards and execute cross-border transfer agreements before any data leaves Canadian hosting environments unless institutions direct otherwise in writing.
23. Record of processing activities
We maintain internal records describing processing purposes, data categories, retention periods and recipients. Enterprise customers may request summaries relevant to their deployments during annual privacy reviews or regulatory audits conducted by provincial education authorities.
24. Training and awareness
Employees with access to personal information complete privacy and security training upon hire and annually thereafter. Engineering teams receive additional guidance on privacy-by-design principles when developing adaptive learning algorithms, automated assessment scoring and student success analytics features.
25. Contact for data subject requests
Submit access, correction or deletion requests to [email protected] with sufficient detail to verify identity. We respond within thirty days unless extension is permitted under PIPEDA. Complex institutional requests may require coordination with your district data protection officer.
26. Definitions
"Personal information" means information about an identifiable individual as defined under PIPEDA. "Platform" means EduForgeAI enterprise AI learning software and associated services. "Institution" means a school district, university, training organisation or corporate L&D department contracting with EduForgeAI.
27. Openness
We make this policy readily available on our website without charge. Material changes are communicated through prominent notice on eduforgeai.pro and direct email to registered institutional contacts where practicable.
28. Challenging compliance
Individuals who believe we have not adhered to this policy may escalate concerns to our Privacy Officer and subsequently to the Office of the Privacy Commissioner of Canada. We investigate all complaints in good faith and document remediation actions taken to address identified gaps in our privacy programme.
29. Schedule of retention
Website contact submissions: twenty-four months. Support tickets: thirty-six months. Contract records: seven years post-termination. Security logs: twelve months. De-identified analytics aggregates: indefinite when re-identification is not reasonably foreseeable. Institutional customers may negotiate custom retention schedules in enterprise data processing addenda aligned with provincial education record requirements.
30. Policy version
This privacy policy version 2026.07 applies from 10 July 2026 and supersedes all prior versions published on eduforgeai.pro. Archived copies are available upon request for institutional audit, compliance review and legal purposes.