Privacy Policy
Last updated: May 31, 2026
1. Overview
EduGears AI LTI is an AI-powered educational tool platform that integrates with Learning Management Systems (LMS) via the LTI 1.3 standard. This Privacy Policy explains what data we collect, how we use it, how we protect it, and your rights as a user or institutional administrator. We are committed to handling all personal and institutional data with transparency, care, and full compliance with applicable data protection laws.
2. Information We Collect
We collect only the minimum data required to provide the EduGears AI LTI service. Through the LTI 1.3 launch, we receive: your name, email address, LMS role (admin, instructor, or student), and course context (course ID and title). We also collect LTI session logs including user identity, role, timestamp, course context, and launch origin. When you use AI-powered features, we store the prompts submitted, AI responses generated, grading outputs, and any errors that occur. We do not collect LMS credentials, passwords, or any data beyond what is required to deliver the features you use.
3. How We Use Your Information
We use the data we collect to authenticate you through your LMS, deliver AI tools and features within your course context, pass grades back to your LMS gradebook when AGS is enabled, improve reliability and diagnose errors, and communicate with institutional administrators about service updates. We do not sell your personal information to third parties. Your data is never used to train AI models by EduGears AI or any of our AI provider partners.
4. Data Storage and Retention
All data is stored and processed on secure cloud infrastructure. Submission data — including audio recordings, video, images, and PDFs submitted for AI processing — is purged the same day after processing is complete. Documents uploaded for question generation are retained for up to 7 days and then permanently deleted. LTI session logs and AI interaction logs are retained for operational purposes and deleted on a rolling schedule. Institutional administrators may contact us to request earlier deletion of their institution's data.
5. Security Architecture
EduGears AI LTI is built with a security-first architecture. All data in transit is encrypted using TLS 1.3. All data at rest — including API keys, submissions, and user records — is encrypted using AES-256. Multi-tenant data isolation is enforced at the database engine layer through Row Level Security (RLS): each institution's data is architecturally separated, making cross-tenant data access impossible by design, not just by policy. No EduGears AI staff have direct access to tenant data; all access is mediated programmatically through the application and scoped to the appropriate tenant. Role-based access control (RBAC) enforces distinct permissions for admin, teacher, and student roles within each institution.
6. AI Providers and Bring Your Own Key (BYOK)
EduGears AI LTI integrates with third-party AI providers including OpenAI, Anthropic (Claude), Google (Gemini), DeepSeek, and Sarvam AI to power its AI features. When using EduGears AI-managed AI access, your data is transmitted to the selected provider solely to fulfil your request and is not shared further or used for model training. If you use the Bring Your Own Key (BYOK) option, your API key is encrypted at rest using AES-256 and used exclusively to make requests to your chosen provider on your behalf. You remain responsible for your provider's terms of service and any usage costs incurred under your key.
7. LTI 1.3 Security and Authentication
Authentication is handled entirely through your LMS via the LTI 1.3 Advantage standard. We use RSA key pairs and JSON Web Tokens (JWT) for cryptographic authentication, an OpenID Connect (OIDC) handshake to establish trusted sessions, and nonce and timestamp validation to prevent replay attacks. We never receive, store, or transmit your LMS login credentials. The data passed at launch is limited to what your LMS provides in the LTI claims: name, email, role, and course context. EduGears AI LTI also supports Moodle's anonymised launch mode for institutions requiring additional student privacy controls.
8. FERPA and COPPA Compliance
EduGears AI LTI is compliant with the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA). We act as a school official under FERPA, using student education records only for the purposes for which they were provided. We do not disclose student data to third parties except to AI providers as necessary to deliver the service. We do not knowingly collect personal information from children under 13 outside of an institutional educational context. Institutional administrators are responsible for ensuring appropriate authorisations are in place for student use. A Data Processing Agreement (DPA) is available for institutional partners upon request.
9. Your Rights
Institutional administrators may request access to, correction of, or deletion of their institution's data by contacting support@edugears.ai. Students and instructors should direct data requests through their institutional LMS administrator. You may withdraw your institution's customer reference consent at any time by emailing us. Where applicable law provides additional rights — such as under GDPR or applicable Indian data protection law — we will honour those rights within the timeframes required.
10. Contact Us
If you have questions about this Privacy Policy, wish to request data deletion, or need a Data Processing Agreement, please contact us at support@edugears.ai.