FERMI - PRIVACY POLICY

1. Introduction

Fermi AI Pte Ltd ("we," "our," "us") provides an AI-powered STEM tutoring platform designed to help students learn through problem solving, adaptive hints, simulations, and mastery-based practice.

This Privacy Policy explains how we collect, use, store, process, and protect your personal information across our website, mobile applications, and learning services ("Services").

Data Controller vs. Data Processor

• For Personal Accounts, Fermi AI Pte. Ltd. is the Data Controller.
• For School Accounts, the School (school, district, or authorized teacher) is the Data Controller, and Fermi acts as a Data Processor, handling Student Data only as instructed by the School.

By using the Services, you acknowledge that your data will be processed as described in this Policy.

2. Definitions

• Student Data: Information relating to a student, including name, email, homework uploads, problem-solving attempts, audio queries, mastery history, and usage logs.
• Learning Behavior Data: Step-by-step reasoning patterns, hint usage, correctness, latency between steps, pacing, struggle points, correction loops, group study behavior, and revision patterns.
• School Account: Account created by or for a school, district, or teacher ("School Official").
• Personal Account: Account created directly by a student or parent.
• De-Identified Data: Data stripped of direct and indirect identifiers, protected by technical controls preventing re-identification.
• Training Data: Data used to improve our AI models — only applicable to users who opt-in.

3. Information We Collect

A. Information You Provide

• Account Info: Name, email, password, date of birth (for age verification).
• Homework & Study Content: Photos of handwritten work, problem-solving attempts, notes, videos, attachments.
• Voice Data: Audio queries for voice-based tutoring.
• Communications: Emails, support messages, and feedback.

B. Automatically Collected

• Usage Data: Time spent on tasks, mastery path, attempts, concepts studied, error patterns, revision behavior, hint interactions.
• Device Data: IP address, browser type, operating system, device model.
• Generated Content: AI-generated explanations, scoring metadata, hint trees.

4. How We Use Your Information

A. School Accounts — Strict Educational Use Only

We process Student Data solely to:

• Deliver the Services requested by the School.
• Provide dashboards, mastery tracking, and learning analytics.
• Maintain and secure the platform.
• Support teacher workflows including homework assignment, grading, and class insights.
• Ensure compliance with School policies.

We do NOT use Student Data for:

• Model training
• Advertising or behavioral profiling
• Commercial purposes
• Selling or sharing with unauthorized third parties

B. Personal Accounts

We use your data to:

• Provide tutoring, adaptive hints, and personalized learning paths.
• Generate mastery maps, revision tasks, and study plans.
• Improve service quality and detect misuse.

Training Data (model improvement):

• Only De-Identified Data is used.
• Users can choose to opt-out if they want.

5. Artificial Intelligence & Third-Party Processors

We use external LLM providers (e.g., OpenAI, Anthropic, Google Gemini) to power explanations and reasoning.

To protect your data:

• We send only the minimum necessary data to fulfill the AI task.
• Providers are contractually prohibited from training their foundation models on your data.
• Student Data from School Accounts is never used for training, even in De-Identified form.

6. Data Sharing & Disclosure

We share data only in these situations:

Required Operational Sharing

• Cloud hosting providers (AWS, GCP, Azure)
• AI inference providers
• Error monitoring & security vendors

School Access

Teachers, administrators, and school officials may access Student Data, mastery progress, and class analytics.

Legal

We may disclose data to comply with valid legal requests or protect safety (e.g., self-harm signals).

What We Never Do

• No third-party advertising
• No behavioral ads
• No selling of Personal or Student Data
• No cross-site tracking

7. Global Compliance

United States

• FERPA: Fermi acts as a "School Official" with legitimate educational interest.
• COPPA: Children under 13 require verifiable parental consent or School authorization.

India (DPDP 2023)

• Minors require parental consent.
• Data may be processed outside India, consistent with DPDP.
• A Grievance Officer is designated.

UK / EU (GDPR)

Legal bases: Contractual necessity, Legitimate Interest (for Personal Accounts), and Consent (for opt-in features).

Enhanced children's rights:

• No automated decision-making with significant effects
• Clear right to object to profiling

UAE

• Data transfer allowed with adequate safeguards.
• Processing in Singapore/US is disclosed.

8. Data Security

We use:

• Encryption at rest and in transit
• Role-based access control
• Audit logs
• Regular penetration testing
• Internal access monitoring

Student Data access is strictly limited to authorized personnel.

9. Data Retention

• School Accounts: Deleted within 45 days of school instruction or contract termination. Backups cleared within 90 days.
• Personal Accounts: Deleted upon request or account closure.
• De-Identified Data: May be retained indefinitely for research and improvement.

10. Children's Rights

Parents may:

• Access, correct, or delete their child's data
• Withdraw consent at any time
• Request account closure

11. Contact Information