NumericaLTI

Privacy Policy

Effective date: May 21, 2025 · NumericaLTI Learning Inc.

1. Introduction

NumericaLTI Learning Inc. ("we," "our," "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data. We are designed with FERPA compliance in mind for educational use.

2. Data We Collect

We collect only what is necessary to operate the Service: (a) Account data — email address, hashed password, institutional affiliation, and role (student/instructor); (b) Usage data — problems solved, algorithms used, and iteration history; (c) LTI data — Canvas user ID, course ID, and assignment context provided by your institution during LTI launches; (d) Payment data — handled entirely by Stripe. We never see or store full card numbers.

3. What We Do Not Collect

We do not collect Social Security numbers, government IDs, biometric data, grades from other courses, or any information beyond what is needed to provide the Service. We do not run behavioral advertising or sell your data to any third party.

4. How We Use Your Data

Your data is used to: authenticate your account, render your problem history, pass grades back to Canvas via LTI AGS 2.0, send transactional emails (e.g., email confirmation, billing receipts), and improve the Service through aggregate analytics.

5. Data Storage and Security

Data is stored in Supabase PostgreSQL (hosted on AWS) with Row-Level Security (RLS) policies ensuring users can only access their own records. All data is encrypted in transit via HTTPS/TLS and at rest using AES-256. API keys are stored as environment variables and never exposed to the client.

6. FERPA Compliance

NumericaLTI acts as a "school official" under FERPA when accessed via Canvas LTI. We use student educational records solely to provide the agreed-upon educational service and do not disclose them to third parties without consent. For data processing inquiries, contact support@numericalti.com.

7. Cookies and Session Data

We use HTTP-only session cookies issued by Supabase Auth to maintain your login state. We do not use third-party tracking cookies or advertising pixels.

8. Third-Party Services

We use: Supabase (database and auth), Stripe (payments), and Vercel (hosting). Each has their own privacy policy. We do not share your personal data with any other third parties.

9. Data Retention

Account data is retained as long as your account is active. Upon account deletion, personal data is permanently removed within 30 days. Anonymized aggregate usage statistics may be retained indefinitely.

10. Your Rights

You have the right to access, correct, export, or delete your personal data at any time. Submit requests to support@numericalti.com. EU/EEA users may also lodge a complaint with their local supervisory authority.

11. Children's Privacy

The Service is not directed at children under 13. If you believe a child has provided us with personal data, contact us immediately and we will delete it.

12. Changes to This Policy

We will notify you of material changes via email or in-app notice at least 14 days before they take effect.

13. Contact

Privacy questions or requests: support@numericalti.com