Our Privacy Policy

Privacy Policy for AI Chatbot Assistant Service

This Privacy Policy describes in detail the data collection, processing, protection, and disclosure practices carried out by Haya Digital (“we,” “us,” or “our”) in relation to the AI chatbot assistant service. We leverage advanced AI technology, including ChatGPT and Retrieval-Augmented Generation (RAG), to support students in grammar, vocabulary, translation, and school-specific inquiries.

As a company operating in Europe, we comply strictly with the General Data Protection Regulation (GDPR) to protect the privacy and data rights of users.

Data Controller

Haya Digital acts as the Data Controller responsible for deciding how personal data is processed. For inquiries or concerns about your data, please contact our Data Protection Officer (DPO) directly at the contact information provided below.

Legal Basis for Data Processing

Under GDPR, the lawful bases for our data processing include:

  • Consent (Article 6(1)(a)): Obtained clearly and explicitly where required.

  • Legitimate Interests (Article 6(1)(f)): For enhancing and providing our chatbot services effectively.

  • Performance of Contract (Article 6(1)(b)): To fulfill our contractual obligations to schools.

Data Collection and Processing

Student interactions and queries with our chatbot are processed through OpenAI’s servers. Please refer to OpenAI’s Privacy Policy and OpenAI’s API Data Usage Policies for more information on their data collection and handling practices. All data transmitted is encrypted both in transit and at rest. We strictly regulate data handling practices and enforce robust security protocols to meet GDPR standards.

We use Google Analytics to monitor and analyze website traffic and user interaction to improve our services. Google Analytics may collect user behavior data, IP addresses, and related browsing information. More information can be found in Google’s Privacy Policy.

We also use Stripe for secure payment processing from our customers. For payment processing and invoicing, we collect and store customer information, including name, address, fiscal information, phone number, and email address. Please refer to Stripe’s Privacy Policy for further information.

Appropriate Use of the Assistant

The AI assistant is strictly intended for general grammar, vocabulary, translation, and school-related informational support. Students should not provide confidential or sensitive personal information through interactions with the chatbot.

How We Use Collected Data

  • Answer Generation: Queries are processed solely for generating accurate chatbot responses.

  • Monthly Reports: Interaction data is compiled into secure monthly conversation transcripts provided exclusively to authorized school administrators.

  • AI Model Retraining: Anonymized interaction data may be utilized monthly to retrain and enhance chatbot accuracy and relevance.

Data Security and Protection Measures

We employ rigorous security measures compliant with GDPR requirements:

  • Encryption: Industry-standard encryption secures data transmission and storage.

  • Strict Access Controls: Access to data is limited to explicitly authorized Haya Digital and school personnel.

  • Regular Security Audits: Our systems and processes undergo regular audits to maintain high security standards.

Data Retention and Deletion

We retain personal data only as long as necessary to fulfill the purposes described herein, or as required by law. Schools can request the deletion or anonymization of their data at any point.

Data Subject Rights

Under GDPR, individuals have the following rights concerning their data:

  • Right of Access

  • Right to Rectification

  • Right to Erasure (“Right to be Forgotten”)

  • Right to Restrict Processing

  • Right to Data Portability

  • Right to Object

Requests to exercise these rights should be submitted directly to our DPO.

Disclosure to Third Parties

We do not sell, rent, or trade student data. Any data processed through OpenAI is strictly limited to chatbot functionality requirements, with contractual safeguards ensuring GDPR compliance.

Transparency and Accountability

We commit to complete transparency regarding our data practices and will promptly inform affected parties of any data breaches or policy changes, in accordance with GDPR obligations.

Liability and Compliance

We maintain full compliance with GDPR and all applicable privacy laws, taking responsibility for lawful data handling practices. Liability for misuse or breaches resulting from user negligence or misconduct rests with the responsible user or school.

Changes to This Privacy Policy

This Privacy Policy may be updated periodically. Any changes will be promptly communicated to users and schools.

Contact Information

For any data protection questions or concerns, please contact our Data Protection Officer:

Haya Digital Data Protection Officer
[Insert DPO Name]
[Insert Contact Information]
[Insert Email Address]

By utilizing our AI chatbot assistant service, you acknowledge and consent to the terms outlined in this Privacy Policy.