Pedagion Inc. ("Pedagion," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your personal information when you use our website at pedagion.ai, our applications, and all related services (collectively, the "Service").
This policy applies to all users globally and is designed to comply with the General Data Protection Regulation (GDPR) (EU/EEA), the UK Data Protection Act 2018, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada), the Children's Online Privacy Protection Act (COPPA) (United States), the Australian Privacy Act 1988, Brazil's Lei Geral de Proteção de Dados (LGPD), and other applicable data protection laws.
Pedagion Inc. is the data controller for the personal information collected through the Service. For all privacy inquiries, contact:
Pedagion Inc.
Email: privacy@pedagion.ai
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, date of birth, country, password (hashed) | Account creation, authentication, age verification, service personalization |
| Payment Information | Billing details processed via Stripe | Subscription billing (we do not store full credit card numbers) |
| Uploaded Content | PDFs, documents, files you upload for curriculum generation | AI processing to generate educational content |
| Learning Activity | Completed chapters, quiz responses, XP earned, study time | Progress tracking, gamification, service improvement |
| Communications | Support requests, feedback submitted through contact forms | Customer support, service improvement |
| Data Type | Examples | Purpose |
|---|---|---|
| Device Information | Browser type, operating system, device type | Service optimization, security |
| Usage Data | Pages visited, features used, interaction patterns | Service improvement, analytics |
| Log Data | IP address, access times, error logs | Security monitoring, debugging, fraud prevention |
For users in the European Economic Area, United Kingdom, and other jurisdictions requiring a legal basis for data processing, we rely on the following:
| Legal Basis | Processing Activities |
|---|---|
| Contract Performance (Art. 6(1)(b) GDPR) | Account management, service delivery, billing, content generation |
| Legitimate Interest (Art. 6(1)(f) GDPR) | Service improvement, security monitoring, fraud prevention, analytics |
| Consent (Art. 6(1)(a) GDPR) | Marketing communications (where required), optional analytics cookies |
| Legal Obligation (Art. 6(1)(c) GDPR) | Tax records, regulatory compliance, responding to lawful requests |
We use collected information to:
We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Google Cloud Platform | Infrastructure hosting, data storage, AI processing | Data Processing Agreement, SOC 2 certified |
| Google AI (Gemini) | AI content generation | Data is processed per Google's AI Terms; not used to train Google's models |
| Stripe | Payment processing | PCI DSS Level 1 compliant |
| Firebase (Google) | Authentication, database | Data Processing Agreement |
| Law Enforcement | When required by valid legal process | We review all requests and challenge overbroad demands |
| Business Transfer | In connection with a merger, acquisition, or asset sale | Successor entity bound by this policy; users notified in advance |
Your data may be transferred to and processed in countries other than your country of residence, including the United States and Canada, where our infrastructure and service providers operate. For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, or other lawful transfer mechanisms. For transfers from other jurisdictions, we comply with applicable local data transfer requirements.
We retain your personal information only for as long as necessary to fulfill the purposes described in this policy:
Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information:
| Right | Description | Applicable Jurisdictions |
|---|---|---|
| Access | Request a copy of your personal data | Global (GDPR, CCPA, PIPEDA, LGPD) |
| Rectification | Correct inaccurate or incomplete data | Global |
| Erasure / Deletion | Request deletion of your personal data | GDPR, CCPA, LGPD, PIPEDA |
| Portability | Receive your data in a structured, machine-readable format | GDPR, LGPD |
| Restriction | Limit how we process your data | GDPR, LGPD |
| Objection | Object to processing based on legitimate interest | GDPR |
| Withdraw Consent | Withdraw previously given consent at any time | Global |
| Non-Discrimination | Not be discriminated against for exercising your rights | CCPA/CPRA |
| Lodge a Complaint | File a complaint with a supervisory authority | GDPR (DPA), LGPD (ANPD) |
To exercise any of these rights, contact us at privacy@pedagion.ai. We will respond within 30 days (or the shorter period required by your applicable law). We may request verification of your identity before processing your request.
Pedagion is designed for users aged 13 and older. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK without parental consent). If you are a parent or guardian and believe your child under 13 has provided personal information to us, please contact us at privacy@pedagion.ai and we will promptly delete such information.
For users between 13 and 18, we collect only the minimum information necessary to provide the Service and apply enhanced protections including content safety filters and restricted features.
Pedagion uses artificial intelligence to generate educational content, personalize learning paths, and assess quiz responses. This processing is necessary for the performance of our contract with you (providing the Service).
We do not use automated decision-making that produces legal or similarly significant effects on you. The AI does not make decisions about your eligibility for services, creditworthiness, or employment. XP calculations and content filtering use rule-based algorithms, not AI profiling.
Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that significantly affect you. If you believe any automated processing has significantly affected you, contact us to request human review.
We implement industry-standard technical and organizational measures to protect your personal information, including:
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with applicable law (within 72 hours for GDPR).
Pedagion uses minimal cookies and local storage for essential functionality:
If you are a California resident, you have the following additional rights under the CCPA/CPRA:
In the preceding 12 months, we have collected the categories of personal information described in Section 3. We have not sold personal information and do not intend to do so.
We may update this Privacy Policy from time to time. Material changes will be communicated via email to your registered address at least 30 days before the changes take effect. The "Last Updated" date at the top of this page indicates when the most recent revisions were made. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.
For any privacy-related questions, concerns, or requests, contact us at:
Pedagion Inc. — Privacy Team
Email: privacy@pedagion.ai
General Support: support@pedagion.ai
Website: pedagion.ai
For users in the EEA/UK, if you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.