Last Update: 2025/01/08

Table of Contents

  1. Introduction

  2. Information We Collect

  3. Large Language Model-Powered Response Generation

  4. Utilization of Collected Information

  5. Legal Grounds for Processing Personal Data within European Territories

  6. How We Share the Information We Collect

  7. Your Choices

  8. Third-Party Involvement

  9. Security Measures

  10. Retention of Personal Information

  11. California Residents’ Privacy Rights

  12. Children’s Privacy

  13. International Data Transfers

  14. Amendments to this Privacy Policy

Contact Information

1. Introduction

Astrid Education AB (“Astrid,” “we,” “us,” “our”) values your trust and privacy above all else and is committed to protecting your personal data. As outlined in our Terms of Service, we operate as both a data processor and data controller, depending on the context of data processing. We do not sell your information nor use it for advertising purposes.

This privacy policy should be read in conjunction with our Terms of Service and Data Processing Agreement, which provide additional context about our data handling practices. If there is any conflict between these documents, the order of precedence shall be: (1) the Service Agreement, (2) the Data Processing Agreement, and (3) this Privacy Policy.

If you have any questions or concerns regarding this privacy notice or our practices relating to your personal information, please contact us at support@withastrid.com.

2. Information We Collect

2.1 Information You Provide to Us

When you use our Services, you provide us with personally identifiable information (PII) as defined in our Terms of Service. This includes:

  • Account information (username, email address)
  • Voice recordings (when using our ASR Service)
  • Communication data
  • Service usage data
  • Payment-related information (processed by third-party providers)
  • Any other information you choose to provide

All data collection adheres to the principles outlined in Section 3.6 of our Terms of Service regarding AI systems and data processing compliance.

2.1.1 Communications

When you contact us, we collect:

  • Your name and email address
  • Message content and attachments
  • Communication history
  • Email engagement metrics (for service improvement only)

This information is processed in accordance with our data minimization principles and used solely for providing and improving our Services.

2.1.2 Payment Information

As specified in our Terms of Service, we do not directly collect or store payment information. All payment processing is handled by authorized third-party payment processors who have agreed to comply with our security and data protection requirements.

2.2 Information We Collect When You Visit Our Website

Our website collection practices align with Section 3.4 (Security Measures) of our Terms of Service. We collect:

  • IP addresses
  • Browser information
  • Operating system details
  • Technical usage data

We explicitly do not use tracking cookies or similar technologies for marketing purposes. All technical data collection is limited to what is necessary for service operation and security.

2.3 Collection of Information When You Use Our Services

In accordance with Section 3.4 of our Terms of Service regarding Security Measures, when you use our Services, we collect:

  1. Service Usage Data:
  • Account credentials
  • User interaction data
  • Performance metrics
  • Technical diagnostics
  1. Voice Data:
  • Voice recordings (only when actively initiated by you)
  • Speech analysis metrics
  • Performance data
  • Session information
  1. Device Information:
  • Device manufacturer and model
  • Operating system
  • Screen specifications
  • Locale and timezone settings

As specified in Section 5.8 of our Terms of Service, you have control over how your data is used for service improvement purposes and can opt-out at any time.

2.4 Information From Third-Party Services

In alignment with Section 5.4 of our Terms of Service regarding Non-Astrid Services, we may receive information when you:

  1. Connect Third-Party Services:
  • Google account integration data
  • Calendar synchronization information
  1. Authentication Services:
  • Basic profile information
  • Email verification data
  • Account linking details

We process this information in accordance with:

  • Our Terms of Service
  • Applicable data protection regulations
  • Third-party service providers’ terms

3. Large Language Model-Powered Response Generation

As detailed in Section 3.6 of our Terms of Service regarding AI Systems and Data Processing, our Astrid AI Assistant utilizes:

  1. Advanced Language Models:
  • Third-party LLM providers
  • Proprietary ASR technology
  • Linguistic analysis systems
  1. Data Processing:
  • Speech-to-text conversion
  • Linguistic metrics analysis
  • Personalized response generation
  1. Security Measures:
  • Data anonymization
  • Secure transmission protocols
  • Privacy-preserving processing

We commit to:

  • Operating AI systems in compliance with the EU AI Act
  • Maintaining appropriate human oversight
  • Promptly notifying users of significant changes
  • Processing personal data in accordance with GDPR requirements

4. Utilization of Collected Information

In accordance with Sections 3.6 and 4 of our Terms of Service, we use collected information to:

  1. Core Service Delivery:
  • Provide and maintain Services
  • Process and analyze usage patterns
  • Generate performance metrics
  • Deliver personalized experiences
  1. Service Improvement:
  • Enhance functionality
  • Develop new features
  • Optimize performance
  • Conduct research and development
  1. Communication:
  • Respond to inquiries
  • Provide support
  • Send service updates
  • Handle technical issues
  1. Legal and Security:
  • Prevent fraud and abuse
  • Ensure compliance
  • Maintain security
  • Meet legal obligations

All data utilization adheres to:

  • Explicit user consent requirements
  • Data protection regulations
  • Security measures outlined in Section 3.4
  • Privacy-preserving processing principles

In accordance with Section 13.1 of our Terms of Service regarding GDPR compliance, we process personal data under the following legal bases:

  • Explicit opt-in for data processing
  • Clear purpose specification
  • Right to withdraw consent
  • Separate consent for AI system data usage (per Section 5.8 of ToS)

5.2 Contractual Necessity

  • Service delivery requirements
  • Account management
  • Technical functionality
  • Payment processing
  • Regulatory requirements
  • Tax obligations
  • Data protection laws
  • EU AI Act compliance (per Section 3.6 of ToS)

5.4 Legitimate Interests

  • Service improvement
  • Security measures
  • Fraud prevention
  • Technical maintenance

6. How We Share the Information We Collect

As outlined in Section 3.3 of our Terms of Service regarding Personnel and Performance:

6.1 Vendors and Service Providers

We share information with:

  • Authorized subcontractors
  • Technical service providers
  • Cloud infrastructure providers
  • Analytics services

All sharing is subject to:

  • Data Processing Agreements
  • Security requirements
  • Confidentiality obligations
  • GDPR compliance measures

6.2 Analytics Partners

In alignment with Section 3.4 of ToS:

  • Limited to non-children’s services
  • Anonymized data only
  • Service improvement purposes
  • Technical performance monitoring

Information sharing as required by:

  • Court orders
  • Legal obligations
  • Regulatory requirements
  • Law enforcement requests

6.4 Corporate Transactions

As specified in Section 6.4 of ToS:

  • Merger scenarios
  • Acquisition contexts
  • Asset transfers
  • Business reorganizations
  • Explicit user authorization
  • Specific purpose limitation
  • Time-bounded permissions
  • Revocable consent options

7. Your Choices

Aligned with Section 5.8 of our Terms of Service regarding Data Usage Consent:

7.1 Controls

Users can:

  • Manage recording permissions
  • Access personal data
  • Update information
  • Delete certain data
  • Opt-out of data processing for service improvement

7.2 European Privacy Rights

In accordance with Section 13.1 of ToS:

  • Access rights
  • Rectification rights
  • Erasure rights
  • Data portability
  • Processing restrictions
  • Objection rights

7.3 Technical Controls

  • Recording controls
  • Data sharing preferences
  • Notification settings
  • Integration permissions

8. Third-Party Involvement

As detailed in Section 5.4 of our Terms of Service:

8.1 Third-Party Services

  • Integration capabilities
  • Data sharing limitations
  • Security requirements
  • Privacy obligations

8.2 Third-Party Responsibilities

  • Data protection compliance
  • Security measures
  • Confidentiality obligations
  • Service level agreements

8.3 User Control

  • Integration choices
  • Permission management
  • Data sharing controls
  • Service disconnection options

9. Security Measures

In alignment with Section 3.4 of our Terms of Service regarding Security Measures:

9.1 Technical Safeguards

  • Administrative controls
  • Physical security measures
  • Technical protections
  • Encryption protocols

9.2 Security Commitments

We maintain:

  • Industry-standard practices
  • Regular security audits
  • Incident response procedures
  • Access control systems

9.3 Malicious Code Prevention

As specified in ToS Section 3.4:

  • Protection against viruses
  • Worm prevention
  • Trojan detection
  • Time bomb safeguards

10. Retention of Personal Information

In accordance with Section 6.4 of our Terms of Service regarding Data Handling upon Termination:

10.1 Retention Periods

We retain data:

  • As long as necessary for service provision
  • As required by law
  • Per contractual obligations
  • According to legitimate business needs

10.2 Data Deletion

We implement:

  • Systematic deletion procedures
  • Data anonymization processes
  • Secure destruction methods
  • Verification protocols

10.3 Post-Termination Handling

As specified in ToS Section 6.4:

  • Data return options
  • Deletion timelines
  • Anonymization procedures
  • Compliance documentation

11. California Residents’ Privacy Rights

While our primary focus is European compliance, we respect California residents’ rights:

11.1 CCPA Compliance

  • Information access rights
  • Deletion requests
  • Data portability
  • Non-discrimination

12. Children’s Privacy

In alignment with Section 5.1 of our Terms of Service:

12.1 Age Restrictions

  • No intentional collection from under-18s
  • Parental consent requirements
  • Account termination procedures
  • Data deletion protocols

12.2 Protection Measures

  • Age verification systems
  • Content restrictions
  • Safety controls
  • Reporting mechanisms

13. International Data Transfers

As specified in our Terms of Service regarding data processing:

13.1 Transfer Mechanisms

  • Standard Contractual Clauses
  • Adequacy decisions
  • Appropriate safeguards
  • Security measures

13.2 Data Protection Standards

We ensure:

  • GDPR compliance
  • EU AI Act adherence
  • International standards
  • Local law compliance

13.3 Transfer Safeguards

  • Data encryption
  • Access controls
  • Security protocols
  • Monitoring systems

14. Amendments to this Privacy Policy

In accordance with Section 23 of our Terms of Service regarding Changes:

14.1 Update Procedures

  • 30-day notice period
  • Material change notifications
  • User communication
  • Opt-out rights

14.2 Version Control

We maintain:

  • Change logs
  • Previous versions
  • Update notifications
  • Effective dates

14.3 User Rights

Upon policy changes:

  • Right to terminate
  • 10-day notice period
  • Continued access options
  • Data portability

Contact Information

For privacy-related inquiries:

This privacy policy is effective as of 25/10/2024 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.