Privacy Policy

This is a placeholder. Please have the text reviewed by someone with privacy expertise before going live.

1. Controller

[Operator name], [address], [email]. Please replace with real contact details.

2. What data we process

Email address, name, role (learner or supervisor), submitted work/files, progress data, Isla chat transcripts, session cookies, and an audit log with hashed IP for abuse detection.

3. Legal basis

Processing is based on contract fulfilment (GDPR Art. 6(1)(b)) and your explicit consent at registration (GDPR Art. 6(1)(a)).

4. Cookies

We use strictly necessary cookies (session, language preference, consent). Optional cookies are only set if you choose "Accept all" in the cookie banner.

5. Your rights (GDPR Art. 15-21)

You have the right of access, rectification, erasure, restriction, portability, and objection. You can trigger access and erasure yourself in "My profile" via "Export my data" or "Delete account".

6. Retention

Account data is stored until you delete your account. When you delete your account, audit-log entries are anonymised (user ID set to null) and are then permanently deleted automatically after at most 365 days (storage-limitation principle, GDPR Art. 5(1)(e)).

7. Third parties

For Isla responses we use the OpenAI API. Only your chat inputs are transmitted, never account or contact data. Hosting: Replit.

8. Contact

For questions please contact [privacy@example.com].