CyberScholar Terms & Conditions

At a Glance

We believe in "student data privacy as a top priority". Here is a summary of how we protect your information:

  • We Do Not Sell Data: CyberScholar will never sell or rent student personal data to third parties.

  • No Targeted Advertising: We do not use student data for any marketing or advertising purposes.

  • AI Safety: When our AI provides feedback, we do not send names or emails to external AI providers.

  • Data Minimization: We only collect the information "necessary for educational purposes," such as names, emails, and assignments.

  • Security: Your data is protected by industry-standard encryption (TLS/SSL) both in transit and at rest.

  • Your Rights: Parents and adult students have the right to inspect, correct, or request the deletion of their data.

  • Compliance: We are fully compliant with SOPPA, FERPA, COPPA, and GDPR.

Full Terms and Conditions

Last Updated: March 11, 2026

1. Introduction and Scope

Welcome to CyberScholar, an AI-powered educational platform for K–12 schools, colleges, and universities. These Terms and Conditions (“Terms”) govern the use of CyberScholar by educational institutions, student users, and educators. The scope of this document includes our data collection practices, usage policies, user rights, and security commitments. CyberScholar is designed with student data privacy as a top priority, adhering to the Illinois Student Online Personal Protection Act (“SOPPA”) and other applicable laws to ensure student information is handled responsibly. By using CyberScholar, you agree to these Terms on behalf of yourself and, if applicable, your organization or minor child.

1.1 Compliance with Privacy Laws: CyberScholar operates in full compliance with SOPPA and aligns with international best practices for student data privacy, including U.S. federal laws like FERPA and COPPA, and the EU’s GDPR. This means we implement strict safeguards and grant clear rights to users and parents regarding personal data. These Terms are written in clear language suitable for educational institutions and technology users, with a structure that makes key points easy to find.

1.2 Intended Users: CyberScholar is intended for use by students in grades 6–12 (including minor children with school authorization) as well as higher education students, and by teachers or school administrators. If you are under 18, you may use CyberScholar only with consent and oversight from a parent or school official, consistent with legal requirements. Schools and districts deploying CyberScholar must ensure any required parental consent is obtained for minor students’ use of the platform. These Terms form a binding agreement between CyberScholar and its educational users (including the institutions that license it). 

1.3 Definitions: For purposes of these Terms, the following definitions apply:

  • CyberScholar (also “we” or “us”) – The CyberScholar online learning platform and its owning/operator entity. CyberScholar is the “operator” of an educational online service as defined under SOPPA.

  • User (also “you”) – An individual who accesses CyberScholar. This includes Student Users (learners using the platform for coursework) and Educators or School Administrators (teachers, professors, or other authorized staff using the platform in an official capacity).

  • School/Institution – Any educational institution (K–12 school or district, college, or university) that has authorized use of CyberScholar for its students. A School typically enters into an agreement with CyberScholar to enable student use.

  • Parent – A parent or legal guardian of a Student User. In the context of minor students (generally K–12), parents have specific rights regarding their child’s data under SOPPA and other laws.

  • Covered Information – Any personally identifiable information or materials linked to an identified student that are not publicly available, and are collected through the use of CyberScholar for school purposes. This includes, for example, a student’s name, email address, work submissions, assessment results, feedback comments, and usage logs. “Covered Information” is synonymous with “student personal data” as used in these Terms.

  • Personal Data – Any information that relates to an identified or identifiable individual. For students, this generally overlaps with Covered Information. Personal Data may include contact information, account credentials, content created by the student, and metadata about usage.

  • FERPA – The U.S. Family Educational Rights and Privacy Act, a federal law protecting the privacy of student education records. Under FERPA, CyberScholar functions as a “school official” with a legitimate educational interest in student data, under the direct control of the School, and will use education records only for authorized educational purposes.

  • GDPR – The General Data Protection Regulation of the European Union. GDPR principles (such as lawfulness, transparency, data minimization, and security) inform CyberScholar’s data practices globally.

  • SOPPA Operator – An entity operating an online service for K–12 purposes in Illinois. CyberScholar is a SOPPA “operator” and thus is subject to SOPPA’s requirements for handling Covered Information.

 

2. Data Collection and Use: CyberScholar is built to enhance learning while minimizing the data we collect. We only collect data that is adequate, relevant, and necessary for educational purposes. All data is collected and used in accordance with these Terms and applicable privacy laws. Below is an outline of what information we collect, how we use it, and what we do not do with student data.

2.1 Types of Data We Collect:

  • Account Information: When an account is created, we collect the student’s name and email address (usually provided by the School or the student) for login and identification. CyberScholar does not require or collect school-issued student ID numbers or Social Security Numbers in order to use the platform, focusing only on basic identifiers like name and email.

  • Educational Content: We collect the content students create or upload on the platform, such as essays, assignments, project submissions, survey responses, and any other work product. This also includes teacher-provided materials like rubrics or feedback on student work.

  • Usage Data: CyberScholar automatically collects contextual usage data as students work. This may include timestamps of logins and submissions, keystroke data and revision history (used by our analytics to track learning progress), clickstream data (e.g. which features are used and how often), and system logs. All such CyberAnalytics data is used to provide formative feedback and track learning outcomes, and is visible to the learner and their educators for transparency. We emphasize transparency – this data is used to help students self-regulate their AI usage and improve their learning, not for any covert surveillance.

  • Device and Technical Data: Like most web-based services, we may collect technical information such as IP addresses, browser type, and cookies or similar identifiers for security, network integrity, and session management. This helps maintain platform stability and keep user sessions secure.

  • Teacher and School Data: If teachers or schools upload information (for example, adding a student roster with names/emails, or uploading reference materials to a class Knowledge Base), we collect and store that data to operate the service. Such information is treated as Covered Information if it contains student identifiers.

2.2 How We Use Collected Data:

  • Providing the Service: We use student Personal Data to operate CyberScholar’s core functionalities. This includes using students’ names and login information to authenticate users, and processing their assignment content and keystrokes to provide AI-powered feedback and writing support. The data students input (e.g. an essay draft) is analyzed by CyberScholar’s AI and rubric algorithms to generate constructive feedback, which is then displayed to the student and teacher. All of these uses are strictly for the educational purpose of improving student learning in real time.

  • Facilitating Teacher Guidance: Collected data allows teachers to monitor student progress and provide guidance. For example, teachers can see analytics on how a student’s draft evolved or how much AI assistance was utilized, enabling informed pedagogical interventions. CyberScholar uses the data to compile AI Composition Reports and progress dashboards for teachers and students.

  • Improving the Platform: CyberScholar may use aggregated, de-identified data to improve and refine our AI models and platform features. For instance, usage patterns or common feedback points might be analyzed (without personal identifiers) to enhance the accuracy of our AI feedback or the usability of the interface. Any such analysis excludes identifiable Covered Information, focusing on overall system performance and learning outcomes. This is in line with permissible “legitimate research purposes” and product improvement uses allowed by privacy laws, so long as individual students are not identified.

  • Support and Communication: We may use contact information (like a student’s or teacher’s email) to send service-related notifications, such as password resets or important updates about the platform. We do not send marketing emails to students. Schools may also receive communications from us about updates to terms or features as part of our service relationship.

  • Compliance and Safety: Data may be used to ensure users are complying with our Terms and acceptable use policies. It is also used to protect the security and integrity of the platform – for example, monitoring for or investigating any suspicious activities or potential breaches. If required, we may use data to comply with lawful requests or legal obligations (e.g. responding to a subpoena, or as required under state/federal law to share data with authorities under specific conditions).

2.3 What We Do NOT Do with Data:

  • No Commercial Sale or Advertising: CyberScholar will never sell or rent student personal data to third parties. We do not use student data to engage in any targeted advertising, nor do we profile students for advertising purposes. SOPPA explicitly prohibits operators from using student information for targeted ads, a prohibition we strictly uphold. You will not see ads on CyberScholar based on your personal information, and we do not monetize student data in any way.

  • No Unauthorized Disclosure: We do not disclose or share Covered Information with any third parties except as needed to operate and provide the CyberScholar service and only with proper protections in place (see Third-Party Service Providers below). Student data is not made available to other students or any external entity without permission. Within a given class or project on the platform, students may see each other’s contributions only in controlled, teacher-authorized ways (e.g. in a peer review activity), and these uses are under the teacher’s direction for educational purposes.

  • No Use Beyond Educational Purpose: We will not use student data for purposes unrelated to the school’s instruction. The data we collect is only processed for K–12 or authorized educational purposes and not further processed in incompatible ways. We do not repurpose student information for outside research, product marketing, or any purpose that is not in service of learning, except in a de-identified manner as described above.

  • No Sharing of Identifiable Data with AI Vendors: CyberScholar integrates advanced AI (e.g. Large Language Models) to provide writing feedback and other assistive features. Importantly, we do not send any personally identifiable student data to external AI model providers when using these features. All student learning data stays on CyberScholar’s secure servers. For example, if an AI model (like GPT) is used to generate feedback on a student’s essay, CyberScholar transmits only the essay content and relevant prompts without including the student’s name, email, or other identifiers. We also employ technical measures to strip out any incidental personal details that might appear in content before it is sent to an AI API. This ensures compliance with privacy rules and that outside AI services cannot retain or misuse student identities.

  • Restricted Third-Party Access: We do not grant third-party companies access to student data except as necessary for core services (such as cloud hosting or text analysis tools), and even then, only under strict contractual obligations. All such providers (our “subprocessors”) are bound by confidentiality and data protection agreements. They cannot use student data for any purpose except to provide services to us and ultimately to the user. We maintain a list of these approved service providers and, in compliance with SOPPA, we will provide or publish a list of any third parties to whom we disclose Covered Information. This list is updated at least annually (and whenever significant changes occur) and is available to Schools for review.

CyberScholar also publicly discloses our data practices through documents like these Terms and our Privacy Policy. We believe in transparency about what we collect and how we use it. By using CyberScholar, Schools and users acknowledge and consent to the data practices described above, all of which are aimed at supporting learning in a safe and privacy-protective manner.

 

3. Student and Parental Rights

3.1 Scope of Rights: CyberScholar is committed to upholding the rights of students and parents regarding personal data, in accordance with SOPPA, FERPA, and other applicable laws. We recognize that parents (or eligible students, as defined below) have significant rights to control and inspect their educational data. The following rights are guaranteed and will be facilitated through our platform and policies:

  • Right to Inspect and Review: Parents of K–12 students have the right to inspect and review their child’s covered information that is collected or generated by CyberScholar. This includes data maintained by the school, by us as the operator, or by any third party on our behalf. An eligible student (generally, a student 18 or older or enrolled in post-secondary education) has this right to inspect their own data in lieu of the parent.

  • Right to Obtain a Copy: Parents can request a paper or electronic copy of their student’s information. Upon request, CyberScholar (in coordination with the School) will provide a readable copy of all of the student’s personal data held, including any records stored on our servers. Electronic copies will be provided when feasible, to enable parents to easily review the information. We do not charge parents or eligible students for reasonable requests for copies of data (beyond any minimal cost permitted by law for extensive paper copies, though in most cases electronic access will be free).

  • Right to Request Corrections: If a parent or eligible student believes that some of the student’s personal data is factually inaccurate or incomplete, they have the right to request a correction. For example, if a student’s name is misspelled in our system or an assignment score is recorded incorrectly, a parent/student can ask to have it corrected. Upon receiving such a request (usually via the School), CyberScholar will work with the School to verify the accuracy and make the correction. If the data in question is maintained by us (the operator), we will correct any confirmed inaccuracies and inform the School of the correction within 90 calendar days of the request. The School will then confirm the correction to the parent. (If the data is maintained by the School, the School will handle the correction and notify the parent within 90 days.) We will promptly update our systems so that any reports or analytics reflect the corrected information.

  • Right to Request Deletion: Parents (or eligible students) may request deletion of the student’s Covered Information in our possession, when allowable by applicable state and federal record retention laws. If a student or parent wishes to have personal data removed (for instance, if the student is no longer using the platform, or certain content was uploaded in error), they can submit a deletion request through their School or directly to us. CyberScholar will comply by deleting the requested data from our active databases and systems, provided that such deletion is permitted by law and does not conflict with any legal obligations to retain records. We will also instruct any of our service providers who had access to the data to likewise delete it. If certain records must be maintained by the School under law (e.g. for transcript or auditing purposes), we will inform the requester that those records cannot be deleted and are retained by the School. In all cases, we will respond to deletion requests in a timely manner and will confirm with the School and/or requester once the data has been deleted.

  • Right to Know and Consent to Software Use: Parents of K–12 students have the right to know which online tools or applications are being used in their child’s classroom and to grant or withhold consent for their child’s use of those tools. We support this by being fully transparent with Schools about our data practices and by entering into SOPPA-compliant agreements with Schools. Schools in Illinois are required to post a list of all operators like CyberScholar with whom they share data. As an operator, CyberScholar agrees to any necessary procedures to enable parental notification and consent. For example, if a district’s policy requires parental consent for a student to use CyberScholar, we rely on the School to obtain and document that consent. If a parent does not consent to their child’s use of CyberScholar, the child should not use the platform, and we will work with the School to promptly disable the account to prevent any data collection.

  • Right to Be Notified of Data Breaches: In the unlikely event of a data breach that compromises a student’s Covered Information, parents have the right to be notified in a timely manner. CyberScholar is committed to supporting Schools in fulfilling this obligation. (See “Security and Breach Response” below for details on breach notifications.)

3.2 Exercise of Rights: Typically, parents of K–12 students should exercise these rights through their School, which serves as the primary custodian of the student’s education records. For example, a parent can contact the school’s administration or designated privacy contact to request access to or deletion of data held by CyberScholar. The School will then work with us to fulfil the request, as schools have direct administrative access to much of the student data on the platform. CyberScholar operators will promptly assist the School upon such requests, ensuring compliance within required timelines (e.g. providing data or completing corrections).

 If you are an eligible student (18 or older, or in college/university), you may exercise these rights directly by contacting CyberScholar or your institution. Under FERPA, once a student is in higher education or over 18, the rights belong to the student rather than the parent. CyberScholar will respond to such requests from adult students in the same manner as we do for parents of minors, verifying identity and authority as needed.

We have designated a Data Protection Contact (see Contact section below) to handle inquiries and requests related to student data. Whether you reach out to us directly or through your school, we will take all reasonable steps to honor your rights while keeping your data secure.

 

4. Security and Breach Response

4.1 Data Security Measures: CyberScholar takes the security of student data very seriously. We implement and maintain reasonable security procedures and practices that meet or exceed industry standards, in order to protect Covered Information from unauthorized access, use, disclosure, or destruction. Our security program is comprehensive and includes administrative, technical, and physical safeguards appropriate to the sensitivity of the data. Key aspects of our security measures include:

  • Encryption: All data transmitted between user devices and the CyberScholar servers is encrypted using modern encryption protocols (TLS/SSL). Additionally, we encrypt personal data at rest in our databases or storage systems. This means that student assignments, personal information, and other records are stored in an encrypted form or within secure, access-controlled environments to prevent unauthorized reading.

  • Access Controls: We strictly limit access to student data. Only authorized CyberScholar personnel who need to support the educational service (for example, technical support or system maintenance teams) can access Covered Information, and even then, only to the extent necessary. Every staff member with access to personal data is bound by confidentiality obligations. We use role-based access controls, strong authentication, and regular audits to ensure no one accesses data without proper authorization. Schools can also control access levels for their staff (teachers, admins) within the platform to ensure that each user sees only the data they are permitted to see.

  • Security Testing and Monitoring: We regularly test our systems for vulnerabilities and have an ongoing process of monitoring for potential security threats. Our infrastructure is protected by firewalls and intrusion detection systems. We keep our software and third-party libraries up-to-date to guard against emerging threats. Regular security audits (both internal and external, where applicable) are conducted to evaluate the effectiveness of our safeguards.

  • Employee Training and Policies: CyberScholar maintains strict internal policies on data privacy and security. Employees are trained in data protection best practices and are required to follow security procedures. Access to production systems containing student data is limited to a small, vetted team. We also have incident response policies so that if any suspicious activity is detected, it is addressed immediately.

  • Data Isolation: As noted in the Data Use section, we isolate personal identifying information from external systems. No identifiable student data is passed to the third-party AI models or other external services that could pose a privacy risk. For example, if we use cloud providers for hosting, we ensure those providers are reputable and meet stringent security standards (e.g., SOC 2, ISO 27001 certifications). All data remains within environments contractually required to protect it to the same standards we uphold.

  • Retention of Secure Servers: All student learning data is retained on CyberScholar’s secure servers (located in controlled data centers with robust physical security). We do not store student data on unsecured devices or locations. Backups of data are encrypted and stored securely to prevent data loss while still protecting confidentiality.

These measures are continually evaluated and updated as needed to respond to new security challenges. By implementing these safeguards, CyberScholar fulfills its duty under SOPPA to maintain strong security practices protecting student data. We are committed to preventing unauthorized data access and promptly addressing any issues that arise.

4.2 Data Breach Notification and Response: In the event of a data breach – defined as unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of Covered Information – CyberScholar has a clear response plan to protect users and comply with notification requirements.

  • Breach Response Actions: If CyberScholar becomes aware of a security incident that potentially includes a breach of student data, we will immediately initiate our incident response protocol. This includes: investigating the scope and nature of the breach, identifying the affected systems and data, and taking steps to contain and remediate the issue (such as shutting down or patching compromised systems, and preventing further unauthorized access). We will also inform the appropriate School officials as soon as possible so we can coordinate efforts.

  • Notification to Schools: CyberScholar will notify any affected School or Institution without unreasonable delay, and no later than 30 calendar days after making the determination that a breach of Covered Information has occurred. This notification will be provided to the designated contact person in the School’s data privacy or IT team as per our agreement. We understand that schools in Illinois are obligated to notify parents within 30 days of learning of a breach, so we commit to providing the school with timely and sufficient information to facilitate that notification. If law enforcement informs us that immediate notification would impede a criminal investigation, we may delay notification as permitted by law, but will notify the School as soon as the restriction is lifted.

4.3 Contents of Breach Notification: Our breach notice to the School will include all information required by SOPPA and other applicable laws. This will typically include:

  • The date or estimated date of the breach (or date range, if the incident occurred over a period).

  • A general description of the Covered Information compromised – for example, whether it involved names, emails, assignment files, etc., so that the School and parents understand what categories of data were affected. We will not include sensitive data in the notice itself, but will describe the types (e.g., “assignment submissions and feedback comments from course X were exposed”).

  • Information that the parent or user may use to contact CyberScholar and the School about the breach. We will provide our dedicated contact (such as a Data Protection Officer’s email/phone) and suggest that parents can also contact their School’s administration for further information.

  • We will also include, if known, how the breach occurred (for instance, “unauthorized access through a vulnerability in a third-party tool”), and what steps we have taken or will take to address it (such as confirming that the vulnerability has been fixed or the compromised account credentials have been reset). Our goal is to be transparent and helpful in the notification process, so that those affected understand the situation and any actions they should take.

CyberScholar will fully cooperate with the School’s efforts to notify affected parents/guardians. We understand that parents will be notified of breaches within 30 days of the School receiving notice of the breach, and we will provide any needed support or information to facilitate that. This includes working with the School to draft the parent notification if requested, and ensuring that our contact information is included for any parent inquiries.

4.4 Mitigation and Remedies: After a breach, CyberScholar will take all appropriate steps to mitigate harm and prevent similar incidents in the future. This may involve enhancing security measures, conducting a root cause analysis, and if applicable, offering identity protection services. In compliance with SOPPA, our contract with each School will address how costs and expenses related to breach investigation and remediation are allocated. CyberScholar acknowledges its responsibility in protecting student data, so if a breach is attributable to our failure (for example, a security lapse on our side), we will bear appropriate responsibility for the response. This can include reimbursing the School for expenses such as notifying parents and credit monitoring for affected individuals, as required by law. Our goal is to make sure the affected community is supported and that trust is restored.

4.5 Public and Regulatory Notification: Where required by law, CyberScholar or the School will also notify relevant regulatory agencies of the breach. Illinois law may require Schools to report breaches to the Illinois State Board of Education or post summary information on their website. CyberScholar will provide the School with the necessary details and documentation so that all such requirements are met. If CyberScholar is directly obligated to notify any state authority or if the breach triggers any consumer protection law notifications (such as under general data breach laws), we will handle those in coordination with the School to avoid duplication or confusion.

In summary, CyberScholar maintains robust security to prevent incidents, but in the unlikely event of a data breach affecting student information, we will respond swiftly, notify all necessary parties promptly, and take responsibility for protecting our users. Our breach response plan is designed to meet the stringent notification standards of SOPPA and to ensure parents and schools stay informed and supported.

 

5. Data Retention and Deletion

CyberScholar’s data retention practices are guided by the principle that we keep student data only for as long as is necessary to fulfill the educational purposes for which it was collected, and as required by law or by our agreement with each School. We do not retain personal data indefinitely or for unrelated purposes. Below is an outline of our retention and deletion policies:

  • Duration of Use: Active student data (accounts, assignments, analytics) is retained for the duration of the student’s enrollment in the class or program using CyberScholar. This allows students and teachers to refer back to past work and feedback, and to track progress longitudinally (a key feature of the platform). Teachers and students can access prior submissions and AI feedback over time as part of the learning record.

  • End of Course or School Year: At the conclusion of a course, semester, or school year, CyberScholar typically archives the course data. Archived data remains available to authorized School officials (and possibly the student) for a period as determined by the School’s policies – for example, a school might decide to keep the past year’s assignments accessible for one additional year for transcript or portfolio purposes. Archived data is still protected under these Terms. It is not actively used by CyberScholar except if needed for later reference by the user. After the archive period, data will be scheduled for deletion, unless the School requests extended retention.

  • Termination or Contract End: If a School’s contract with CyberScholar ends or a School discontinues use of the platform, we will deactivate the accounts and data related to that School. Unless otherwise instructed by the School, CyberScholar will delete or securely transfer back all Covered Information to the School when it is no longer needed for the purpose of our agreement. The standard procedure is deletion of personal data from our systems after a grace period for data transfer (for instance, we may give the School an opportunity to download student work or grades). The specific timeframe for deletion or return of data will be defined in our agreement (often within 30 or 60 days of contract termination). We ensure no student personal data is kept by us beyond that period, except for any data we are required to retain by law (see below). We will provide written certification of data deletion to the School if requested, to satisfy SOPPA’s requirements.

  • Parental/Student Deletion Requests: As noted in Student and Parental Rights, if we receive a valid request to delete specific data (and it is permissible to do so), we will carry out that deletion. This could occur, for example, if a parent withdraws consent for a particular piece of content to be stored, or if a student asks to remove an old project. Upon such requests, we will remove the data from active databases and cease using it. We will also ensure that any of our third-party service providers remove the data from their systems. CyberScholar will act on deletion requests within a reasonable time frame after verification, typically coordinating through the School. We note that deletion will be done in compliance with any record retention laws – meaning if a law or regulation prohibits deletion of certain education records for a period of time, we will inform the requestor that we cannot delete those records immediately and will instead limit their use until they can be deleted. For example, Illinois school record laws or federal laws might require retention of certain academic records for a number of years; in such cases, the data may be retained in an archived, secure state by the School rather than fully erased, and we will follow the School’s direction on handling it.

  • Routine Cleanup: CyberScholar may implement routine data cleanup processes. For instance, if a student account has been inactive for an extended period (say, a few years after graduation) and is not associated with any active School contract, we may reach out to the School to confirm whether the data should be deleted. We periodically review stored data and purge information that is no longer needed for any legitimate purpose. This helps minimize data retention in line with privacy principles (data minimization and storage limitation).

  • Backups and Residual Copies: When we delete data from our primary systems, it will also be removed from any accessible user interface. However, data might persist for a short period in backup systems. CyberScholar maintains encrypted backups for disaster recovery purposes, which are cycled and overwritten regularly. Any data in backups will naturally expire and be overwritten within a reasonable backup retention cycle. We do not use backup data for any active purpose, and if needed, we can expedite secure deletion from backups as well, except where retention is required by law.

  • De-identified Data: After a student’s personal data is deleted, CyberScholar may retain de-identified information (stripped of all personal identifiers) for research, statistical analysis, or product improvement. Such information is not considered personal data or Covered Information under SOPPA because it can no longer be linked to any individual student. For example, we might keep aggregated statistics like “average improvement in draft scores after AI feedback” across many students, without any names or IDs attached. This helps us refine the platform and demonstrate effectiveness, while respecting individual privacy. We ensure that any de-identified data cannot be re-identified to a specific student (by removing or masking not just obvious identifiers but also unique combinations of data). Per SOPPA, using de-identified data for improving educational products is generally allowed, and we will only use it in ways permitted by law.

In all cases, if a student, parent, or School needs confirmation of data deletion or specifics on how long certain data will be retained, they may contact us (see Contact Information below), and we will provide the requested information. CyberScholar’s data retention and deletion policies are designed to align with SOPPA’s requirements that operators delete student data upon request and when it’s no longer needed, as well as with best practices internationally for storage limitation.

 

6. International Compliance Alignment

CyberScholar is used in educational settings around the world. We are committed to complying not only with Illinois SOPPA and U.S. laws, but also with international data protection laws and best practices. Below we outline how our platform aligns with key privacy frameworks:

6.1 FERPA (U.S. Education Privacy): In the United States, we treat all student educational records in accordance with the Family Educational Rights and Privacy Act (FERPA). When CyberScholar is used by a FERPA-covered institution (almost all public K–12 schools and post-secondary institutions receiving federal funds), we operate as a “school official” under FERPA, meaning we: (a) perform an institutional service or function that would otherwise be done by school staff; (b) are under the direct control of the school with respect to use and maintenance of education records; and (c) use education records only for authorized educational purposes. We will not redisclose or share FERPA-protected data except as allowed by FERPA (for example, with consent of the parent/student, or as part of internal operations consistent with FERPA’s school official exception). We assist schools in fulfilling FERPA obligations – for instance, by providing data for annual FERPA notifications or supporting responses to any FERPA inquiries. Our commitment is that nothing in these Terms or our practices will require a school to violate FERPA. In fact, our policies (access, correction, etc.) complement FERPA’s requirements that parents/eligible students can access and seek amendment of records. Schools can confidently use CyberScholar knowing that student data remains under school control and is used only to further legitimate educational interests, in compliance with FERPA’s intent. 

6.2 COPPA (Children’s Online Privacy Protection Act): For our users under the age of 13, we comply with COPPA, which governs online collection of personal information from children in the U.S. CyberScholar does not collect personal information from children under 13 without appropriate consent. In a school setting, COPPA allows schools to provide consent on behalf of parents for the use of educational online services. We rely on each School to obtain any necessary parental consent for a student under 13 to use CyberScholar, or to act as the parent’s agent in providing consent for the student. Our registration processes for school accounts are designed such that a child under 13 cannot create an account on their own – the account must be created by or linked to the School’s authorization. We also provide schools with all information they need to inform parents about our data practices (consistent with COPPA’s requirement for clear privacy notices). If a parent of a child under 13 revokes consent, we will support the School in removing the child’s account and deleting the child’s personal data. We ensure that features like privacy policies are written in clear language and readily available, fulfilling COPPA’s transparency obligations. In short, CyberScholar’s handling of children’s data is fully COPPA-compliant: we obtain proper consent, we minimize data collection, and we allow parents to review and delete their child’s information at any time.

6.3 GDPR (General Data Protection Regulation): For users in the European Union (or where EU data protection law applies), CyberScholar adheres to GDPR principles and requirements. Although GDPR is a broad law not specific to education, its strong privacy safeguards align with our practices. Key points of alignment include:

  • Lawfulness, Fairness, Transparency: We process student data under lawful bases such as contractual necessity (providing the service to schools who have contracted with us) or consent (where a student or parent’s consent is obtained, especially outside of a school context). We are transparent about our data practices through these Terms and our privacy notices, satisfying the GDPR’s requirement of clear communication to data subjects.

  • Purpose Limitation and Data Minimization: We collect data solely for specified educational purposes and not beyond. As described above, we limit data collection to what is necessary for learning and platform functionality. We do not collect extraneous personal details. This aligns with GDPR’s purpose limitation and data minimization principles.

  • Accuracy: We enable corrections of data to keep it accurate, as described in the rights section. If any personal data is found to be incorrect, we will rectify it promptly, fulfilling the GDPR’s accuracy principle.

  • Storage Limitation: Our data retention policies ensure we don’t keep personal data longer than needed (see Data Retention section), which is in line with GDPR’s storage limitation obligation.

  • Integrity and Confidentiality: We protect personal data with appropriate security measures (GDPR’s “integrity and confidentiality” principle), by employing encryption, access controls, etc., as detailed in Security section. We also have policies for data breaches consistent with GDPR’s requirement to notify authorities and users in certain breach situations (where a breach poses significant risk to individuals’ rights, GDPR typically requires notification within 72 hours to regulators – we will comply with any such applicable requirement if our user base includes EU residents).

Additionally, GDPR provides certain rights to individuals (or their parents, in case of children) – the right of access, rectification, erasure (right to be forgotten), restriction of processing, data portability, and objection, among others. CyberScholar’s platform and policies enable these rights in substance: our access and correction rights mirror GDPR’s; our deletion rights (subject to law) mirror the right to erasure; we do not engage in marketing or profiling that would trigger objection rights, but in any case we would honor any request not to use data in certain ways. If a European user requested a copy of their data in a portable format, we would provide it (many of our data exports are already in common formats like CSV or PDF for educational records, which covers data portability). We also consider requests to restrict processing if, for example, a data accuracy contest is ongoing.

6.4 International Data Transfers: If CyberScholar transfers personal data from the EU/EEA or other countries to our servers (which may be in the United States), we will ensure that appropriate legal safeguards are in place. This may include using EU-approved Standard Contractual Clauses (SCCs) with our School customers or vendors, committing to high standards of privacy protection, and, if necessary, additional technical safeguards. We are monitoring developments in international data transfer law and will comply with any requirements to lawfully transfer and process student data across borders. Notably, because we do not share identifiable data with unrelated third parties, and because our primary processing activities occur either locally at the School or on our secure servers, cross-border data flows are limited and well-controlled.

6.5 Other International Laws: CyberScholar’s ethos is to respect user privacy everywhere. In regions like Canada, we follow principles similar to PIPEDA (obtaining consent via schools and limiting collection to necessary information). In Australia, we adhere to the Australian Privacy Principles, keeping personal information secure and giving individuals access to their data. In all jurisdictions, we endeavor to meet or exceed the local legal requirements for student data protection. If any provision of these Terms would contradict a compulsory law of your jurisdiction, we will adjust our compliance accordingly while still honoring the spirit of these Terms.

 

7. Data Protection Officer (DPO)

Given the nature of our service, CyberScholar may have a designated Data Protection Officer or similar privacy leader responsible for overseeing compliance with GDPR and other privacy laws. This person can be contacted via the information below for any questions or concerns. We also encourage Schools outside the U.S. to inform us of any specific local law requirements in their region so that we can ensure compliance (for example, a “parents’ bill of rights” under New York’s Education Law 2-d, which we would be happy to support by providing all required information to the School).

7.1 Contact Information for Data Protection Inquiries: CyberScholar has established a point of contact for all questions, concerns, or requests related to privacy and data protection. If you need to contact us for any reason related to these Terms or your data, please use the following contact information:

7.2 Data Protection Contact:
Email: privacy@cyberscholar.ai
Phone: 1- (217) 217-328-0405 (Mon–Fri, 9am–5pm Central Time)
Address: CyberScholar NFP
2001 South First Street
Champaign IL 61822, USA

7.3 Dispute Resolution: We anticipate that most questions or concerns can be resolved by contacting us directly. We are committed to working in good faith with our users and clients to address any issues. If you believe we have not adequately addressed your privacy-related concern, please let us know. Depending on your jurisdiction, you may also have the right to contact a supervisory authority or regulator (for example, a Data Protection Authority in the EU, or the Illinois Attorney General for SOPPA issues) to lodge a complaint. We would appreciate the opportunity to resolve the matter with you first.

You may contact us to exercise any of the rights described in these Terms (such as accessing or deleting data), to report a concern or potential issue, or simply to ask a question about how CyberScholar protects student privacy. We will respond to inquiries as promptly as possible, and in any event within any timeframe required by law. For security reasons, when you make a request regarding student data, we may take steps to verify your identity and authority (for instance, if you are a parent requesting data, we may need to confirm with the School).

If you are an educator or school administrator, you can also reach out to your CyberScholar account representative or support channel for assistance, but any privacy-specific queries can be directed to the privacy contact above.

 

8. Changes to These Terms

If we make material changes to these Terms or to our data practices, we will notify Schools and/or users in advance as required. Any changes will be made in compliance with applicable law (for instance, we would not retroactively reduce your rights or protections under SOPPA, FERPA, or other laws). The contact information above remains available for any questions about changes.

CyberScholar is aligned with international best practices in student data privacy. Our approach incorporates GDPR’s core principles (lawful, fair, and transparent processing; purpose limitation; data minimization; accuracy; security), and we ensure that rights granted under laws like FERPA and GDPR are mirrored in our platform functionalities. We continuously monitor the privacy landscape to update our practices so that whether you are in Illinois, elsewhere in the United States, or another country, you can trust that CyberScholar handles student data ethically, legally, and with respect for individual rights.

By using CyberScholar, schools and users acknowledge that they have read and understood these Terms and agree to abide by them. These Terms aim to protect students while enabling innovative learning experiences. CyberScholar will continue to uphold the trust placed in us by schools, students, and parents by keeping personal information safe and private in service of learning.