Privacy Policy

Authentiya LLC (“Authentiya,” “we,” “our,” or “us”) operates the Authentiya platform, a web-based educational technology service designed to help K-12 teachers set appropriate AI boundaries in the classroom, monitor student AI interactions, and build genuine AI literacy among students.

This Privacy Policy explains how we collect, use, disclose, and protect information about users of our platform, including teachers, school administrators, and students. It applies to all data collected through our website at authentiya.com and any related applications or services we operate (collectively, the “Service”).

By accessing or using the Service, you agree to this Privacy Policy. If you are a school or district using Authentiya on behalf of students, you represent that you have the authority to agree to this policy on behalf of your institution and its students.

We may update this policy from time to time. If we make material changes, we will notify registered users by email or through a notice within the platform. Continued use of the Service after changes become effective constitutes acceptance of the revised policy.

We collect only the information necessary to operate and improve the Service. The categories of information we collect depend on your role (teacher, student, or school administrator) and how you use the platform.

Account Information

When a teacher or school administrator registers for an account, we collect:

• Full name
• Email address
• Role (teacher, administrator)
• School or institution name (optional)
• Password (stored as a hashed credential; we never store your plain-text password)

When a student joins a class created by a teacher, the teacher provides or the student provides:

• Display name or first name
• Email address (where school authorization has been obtained)
• Class enrollment identifier (invite code)

We do not require students under 13 to provide personal information beyond what is necessary to participate in their class, and we collect that information only under the authorization of the student’s teacher or school. See Section 5 (COPPA Compliance) for details.

Usage Data

We automatically collect certain technical information when you use the Service, including:

• Browser type and version
• Operating system
• IP address (used for security and abuse prevention; not linked to student identities in logs)
• Pages viewed and features used within the platform
• Timestamps of activity
• Session duration

We use this data to operate the Service reliably, detect and prevent abuse, and understand how the platform is being used so we can improve it. We do not use behavioral tracking for advertising.

AI Interaction Logs

Authentiya’s core function involves students interacting with AI-powered learning tools under guidelines set by their teacher. We collect and store the content of these AI interactions, including:

• Student prompts (messages sent to the AI)
• AI responses
• Timestamps and session identifiers
• Content moderation flags generated by our safety systems
• The AI behavior level (boundary setting) applied to each session

AI interaction logs are visible to the student’s assigned teachers and to school administrators with appropriate permissions. These logs constitute education records under FERPA where applicable. See Section 4 (FERPA Compliance) for how we handle them.

Content You Submit

Teachers may upload or create educational content, including assignment instructions, module content, quizzes, and rubrics. We store this content to deliver the Service. Students may submit work or responses within assignments. We store this content to enable teacher review and student progress tracking.

We use the information we collect for the following purposes:

Service Delivery

• Creating and maintaining your account
• Authenticating your identity when you sign in
• Connecting students to their enrolled classes and assignments
• Delivering AI-powered learning features within the boundaries teachers have set
• Displaying teacher dashboards with student progress and AI interaction logs
• Sending transactional emails (password resets, account confirmations, class invitations)

Safety and Content Moderation

• Automatically screening AI interactions for content that may be harmful, inappropriate, or outside the teacher’s set boundaries
• Generating alerts for teachers when flagged content requires review
• Detecting and preventing abuse, unauthorized access, and misuse of AI features
• Maintaining platform security and integrity

Platform Improvement

• Analyzing aggregate, de-identified usage patterns to improve features and the overall experience
• Diagnosing technical issues and improving platform reliability
• Developing new educational features and content

We do not use student data to build advertising profiles, train general-purpose AI models for commercial resale, or any purpose unrelated to delivering educational services.

Communications

We may send teachers and administrators product updates, new feature announcements, and educational resources related to AI in the classroom. You can opt out of non-transactional communications at any time by clicking the unsubscribe link in any such email or contacting us at privacy@authentiya.com. We do not send marketing communications to students.

The Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, is a federal law that protects the privacy of student education records. Where Authentiya is used by schools or districts that receive federal funding, FERPA applies to student data processed through our platform.

Authentiya as a School Official

When Authentiya processes student education records on behalf of a school or district, we act as a “school official” with a legitimate educational interest under FERPA, as authorized by the school or district. We use student education records solely to provide the contracted educational services and for no other purpose.

What Constitutes Education Records on Authentiya

The following data on our platform may constitute education records under FERPA:

• AI interaction logs tied to a specific identifiable student
• Assignment submissions and responses
• Quiz and assessment results
• Progress and completion records
• Content moderation flags associated with a student account

Teacher and School Control

Consistent with FERPA, schools and teachers retain control over student education records within Authentiya. Teachers can view and, where appropriate, export or delete student records associated with their classes. Schools or districts may request deletion of all student data upon terminating their relationship with Authentiya.

No Sale of Student Data

We do not sell, rent, or lease student education records to any third party, under any circumstances. Student data is never monetized. It is never used for advertising. It is never disclosed to data brokers.

Access and Correction

Parents and eligible students (those 18 or older) have rights under FERPA to inspect and request correction of education records. Because education records on Authentiya are controlled by the school or district, requests to access or correct those records should be directed to the relevant school. We will cooperate fully with schools in responding to such requests.

The Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq., imposes requirements on operators of websites and online services directed to children under 13, or operators that have actual knowledge they are collecting personal information from children under 13.

Our Approach to Children Under 13

Authentiya is a platform operated for and through schools and teachers. We do not allow children under 13 to independently register for or access the platform. Students under 13 may use Authentiya only when:

• Their teacher or school administrator has created their account or issued an invitation, and
• The school or district has provided the necessary authorization under COPPA as the operator acting in loco parentis, or the school has otherwise obtained appropriate parental consent.

When Authentiya operates under a school’s authorization for students under 13, we rely on the school’s COPPA authorization on behalf of parents, consistent with the school exception under COPPA (16 C.F.R. § 312.5(b)(1)). Schools using Authentiya for students under 13 are responsible for obtaining any parental consent required by their own policies.

Minimum Data Collection

For students under 13, we collect only the information necessary to provide the requested educational services. We do not condition participation on disclosure of more personal information than is reasonably necessary.

Parental Rights

Parents of children under 13 have the right to review the personal information collected from their child, request that it be deleted, and refuse to permit further collection. To exercise these rights, parents should first contact their child’s school, which controls the student account. Parents may also contact us directly at privacy@authentiya.com, and we will coordinate with the school as appropriate.

We do not sell personal information. We do not share personal information for advertising purposes. We share information only as described below.

Service Providers

We use trusted third-party service providers to help us operate the platform. These providers process data only on our behalf and in accordance with our instructions:

• Supabase (database and authentication): We use Supabase to store user accounts, class data, AI interaction logs, and other platform data. Supabase is hosted on infrastructure that employs industry-standard security controls. Data is stored in the United States. Supabase acts as a data processor under our direction and does not use your data for any independent purpose.
• Anthropic (AI processing): Authentiya uses the Anthropic API to power AI chat and content features within the platform. Student messages and AI responses are processed by Anthropic’s API to generate educational AI interactions. Anthropic processes this data in accordance with its API usage policies and does not use inputs submitted via API to train its general models by default. We recommend reviewing Anthropic’s privacy policy at anthropic.com for details.

Within Your School or District

Teachers can see the AI interaction logs and progress data of students enrolled in their classes. School administrators with appropriate permissions may have access to data across their institution. This sharing is integral to the Service and is authorized by the school or district.

Legal Requirements

We may disclose information if required to do so by law or in the good-faith belief that such disclosure is necessary to: comply with a legal obligation; protect and defend the rights or property of Authentiya; prevent or investigate possible wrongdoing in connection with the Service; protect the personal safety of users or the public; or protect against legal liability. Where legally permitted, we will attempt to notify affected users before making such a disclosure.

Business Transfers

If Authentiya LLC is involved in a merger, acquisition, or asset sale, user data may be transferred as part of that transaction. We will provide notice before your data is transferred and becomes subject to a different privacy policy. In any such transaction, we will require that student data protections continue to apply.

No Sale to Third Parties

We do not sell, rent, or otherwise provide personal information — particularly student personal information or education records — to third parties for their own commercial purposes.

We retain personal information for as long as necessary to provide the Service and fulfill the purposes described in this policy, unless a longer retention period is required by law.

• Active account data (name, email, class records, AI interaction logs) is retained while your account remains active and as needed to provide the Service.
• Student data associated with a class is retained for the duration of the enrollment and for a reasonable period afterward to allow teachers to review records, unless the teacher or school requests earlier deletion.
• AI interaction logs are retained to enable teacher review and platform safety monitoring. They may be retained for up to two years after the interaction unless you request earlier deletion.
• Deleted accounts: When a teacher or school administrator deletes their account, we will delete or de-identify associated personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention or resolving disputes).

Schools and districts may request deletion of all student data associated with their institution upon terminating their use of the Service. We will process such requests within 30 days.

Depending on your location and the applicable laws, you may have certain rights with respect to your personal information.

Teachers and Administrators

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate personal information. You can update most account information directly within your account settings.
• Deletion: You may request deletion of your account and associated personal data. We will fulfill such requests within 30 days, subject to any legal retention obligations.
• Data portability: You may request an export of your data in a machine-readable format.
• Opt-out of communications: You may opt out of non-transactional communications at any time.

Students and Parents

Student rights with respect to education records are governed by FERPA (Section 4) and, for children under 13, by COPPA (Section 5). Students and parents should direct requests to inspect, correct, or delete education records to the student’s school in the first instance. We will cooperate fully with those requests.

How to Exercise Your Rights

To exercise any of the rights listed above, or to submit a privacy-related inquiry, contact us at:

We will respond to verified requests within 30 days. We may ask you to verify your identity before processing a request.

We take the security of user data seriously, particularly student data. We implement industry-standard technical and organizational measures to protect information against unauthorized access, alteration, disclosure, or destruction.

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
• Encryption at rest: Data stored in our Supabase-powered database is encrypted at rest using industry-standard encryption.
• Authentication: User accounts are protected by hashed passwords and secure session management. We support and encourage the use of strong passwords.
• Access controls: Access to user data within our systems is restricted to personnel who need it to operate and improve the Service. We do not grant broad internal access to student data.
• Third-party security: Our infrastructure providers, including Supabase, maintain their own comprehensive security programs including SOC 2 compliance and regular security audits.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting user data, we will notify affected users and, where required, relevant authorities, in accordance with applicable law.

If you discover a security vulnerability in the Service, please report it to us promptly at privacy@authentiya.com rather than disclosing it publicly.

Authentiya uses cookies and similar technologies to operate the Service. We use:

• Strictly necessary cookies: Session cookies required to authenticate users, maintain logged-in state, and protect against cross-site request forgery. These cannot be disabled without breaking the Service.
• Functional cookies: Cookies that remember user preferences (such as interface settings) to provide a better experience.

We do not use advertising cookies, tracking pixels, or third-party analytics services that would share student browsing behavior with advertisers or data brokers. We do not engage in cross-site tracking of students.

You can control cookies through your browser settings, though disabling strictly necessary cookies will prevent you from signing in to the Service.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

If you are a parent or guardian with concerns about your child’s data, we encourage you to first contact your child’s school or teacher, who can address many requests directly within the platform. You are always welcome to reach us at the email above.

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA). Please contact us at privacy@authentiya.com for more information about exercising California privacy rights.