Privacy Policy& Data Protection

We are committed to protecting your privacy and ensuring compliance with GDPR and all applicable data protection laws. This policy explains how we collect, use, and safeguard your information.

Last updated: January 2025

Data Controller Information

NeuroBridgeEDU acts as the data controller for personal information collected through our AI-powered educational transcription platform. When serving educational institutions, we operate as a data processor under institutional control and as a “school official” under FERPA for US institutions. We are committed to processing your data lawfully, fairly, and transparently in accordance with GDPR, FERPA, and applicable data protection regulations.

For privacy-related inquiries, contact our Data Protection Officer at: contact@neurobridgeedu.eu or our FERPA Compliance Officer at: contact@neurobridgeedu.eu

Educational Data Protection Compliance

NeuroBridgeEDU provides specialized data protection for educational institutions, ensuring compliance with educational privacy laws including FERPA (US) and the European Accessibility Act while maintaining GDPR standards.

FERPA Compliance (US Institutions)

  • • School official designation under institutional control
  • • Educational purpose limitation for all data processing
  • • No redisclosure without institutional authorization
  • • Student/parent rights support through institutions

European Educational Privacy

  • • EU data residency options available
  • • European Accessibility Act compliance by June 2025
  • • GDPR Article 28 processor agreements
  • • Student data sovereignty and local processing

AI Model Training & Transparency

  • • No AI training on student data without explicit consent
  • • Institution-scoped models available for sensitive data
  • • Opt-out mechanisms for all AI model improvement
  • • Transparent accuracy reporting and quality metrics

Institutional Partnership Framework

  • • Data Processing Agreements (DPA) for all institutions
  • • Customizable data retention and deletion schedules
  • • Audit trail and compliance reporting capabilities
  • • Dedicated educational privacy support team

How We Handle Your Data

Transparency is at the core of our data protection practices. Here's how we collect, process, and protect your information.

What Data We Collect

  • Account information (name, email address, institutional affiliation)
  • Audio recordings and generated transcriptions
  • Educational records from institutional partners (when acting as school official)
  • Usage analytics and service interactions
  • Technical data (IP address, browser type, device information)
  • Student data when provided by educational institutions under FERPA authorization

How We Use Your Data

  • Provide AI-powered transcription and summarization services
  • Support educational activities and accessibility accommodations
  • Ensure platform security and prevent misuse
  • Comply with legal and regulatory requirements (FERPA, GDPR, EAA)
  • Improve service quality (with appropriate safeguards for educational data)
  • Communicate service updates and support to institutional administrators

Legal Basis for Processing

  • Contractual necessity for service delivery to educational institutions
  • Public task/official authority for public educational institutions
  • FERPA school official designation for US educational institutions
  • Legitimate interest for service improvement and security (with safeguards)
  • Legal compliance for regulatory requirements (FERPA, GDPR, accessibility laws)
  • Consent for marketing communications and optional AI model improvement

Data Sharing & Third Parties

  • Cloud infrastructure providers (with appropriate safeguards)
  • AI service providers for transcription processing
  • Analytics providers for service improvement
  • Legal authorities when required by law
  • No sale or sharing of personal data for marketing purposes

Data Retention

  • Account data retained while account is active
  • Transcription data retained as per institutional agreement
  • Analytics data retained for 24 months maximum
  • Legal compliance data retained as required by law
  • Right to request earlier deletion under GDPR

Educational Privacy Compliance (FERPA)

  • Act as 'school official' under direct institutional control
  • Process educational records solely for legitimate educational purposes
  • Prohibit redisclosure of student information without institutional authorization
  • Support student/parent rights through institutional processes
  • Return or destroy educational records upon contract termination
  • Maintain audit trails of educational record access and use

AI Transparency & Quality

  • Transcription accuracy rates: typically 95-98% for clear audio
  • Model limitations: accents, background noise, technical terminology may affect accuracy
  • Human review available for critical educational content
  • No AI training on customer data without explicit institutional consent
  • Bias monitoring and error correction procedures implemented
  • Quality metrics and accuracy reporting available to institutions

Your Data Protection Rights

Under GDPR, you have comprehensive rights regarding your personal data. We are committed to honoring these rights and responding to requests within the legally required timeframes.

Right to access your personal data
Right to rectify inaccurate information
Right to erasure (right to be forgotten, subject to educational record requirements)
Right to restrict processing
Right to data portability
Right to object to processing (with educational purpose limitations)
Right to withdraw consent (where consent is the legal basis)
Right to lodge a complaint with supervisory authority
FERPA rights: inspect, review, and request amendment of educational records
Right to opt-out of AI model training on your data

Security Measures

We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Technical Safeguards

  • • End-to-end encryption for all data transmission
  • • AES-256 encryption for data at rest
  • • Regular security audits and penetration testing
  • • Multi-factor authentication requirements

Organizational Measures

  • • Staff training on data protection principles
  • • Access controls and need-to-know basis
  • • Regular review of data processing activities
  • • Incident response and breach notification procedures

Questions About Your Privacy?

If you have any questions about this privacy policy, your data rights, or how we process your information, please don't hesitate to contact us.

Email: contact@neurobridgeedu.eu

Response Time: We respond to all privacy requests within 30 days as required by GDPR

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal data in accordance with applicable law.