Skip to main content Privacy Policy - EduGPT Skip to main content
EduGPT
Privacy Policy

Your Privacy is Our Priority

At EduGPT, protecting your data is central to everything we do. This privacy policy describes how we handle personal data and how we comply with the European GDPR.

Last updated: September 10, 2025
Version: 1.0

Our Privacy Promise in Brief

No Tracking: We use no tracking or advertising cookies on our website.
Data in the EU: All data you enter in EduGPT stays guaranteed within the European Union.
Your Data is Yours: We never use your input to train AI models. Your data is treated strictly confidentially.
You Have Control: You can always view, correct, export, or delete your data.

1. Introduction

CivAI B.V. i.o. (trading as EduGPT, hereinafter: "EduGPT", "we", "us" or "our") respects your privacy and is committed to protecting your personal data. This privacy policy informs you about how we handle personal data when you visit our website, use our services, or otherwise communicate with us.

This policy applies to all services we offer, including our AI platform for education, and is drafted in accordance with the European GDPR.

2. Data Controller

CivAI B.V. i.o.

Chamber of Commerce: In application

Address: The Hague, The Netherlands

Email: privacy@edugpt.nl

Phone: +31 6 2199 1666

3. What Data We Collect

3.1 Website Visitors

When visiting our website, we collect:

No tracking cookies: We do not use analytical or tracking cookies
Functional preferences: Only your theme preference (light/dark mode) is stored locally
Server logs: Temporary technical data for security (IP address, browser type) that is automatically deleted

3.2 Customers and Service Users

To deliver our services, we process:

Contact details: Name, email address, phone number, position
Organization details: Organization name, department, address
Account information: Username, password (encrypted), access rights
Usage data: Login details, feature usage, platform interactions
Communication: Emails, support requests, feedback

3.3 AI Interactions

Important: All data you enter in our AI platform stays within the EU and is NEVER used for training AI models. Your data is and remains yours.

4. How We Use Your Data

We use your personal data for the following purposes:

Service Delivery

Providing our AI services, account management, and technical support

Communication

Contact about our services, answering questions, sending service messages

Improvement

Analyzing usage to improve our services (always anonymized)

Legal Obligations

Complying with legal obligations, such as administration and tax filing

Security

Detection and prevention of fraud, abuse, and security incidents

5. AI Processing and Data Security

100% Data Sovereignty

All data stays within the EU (servers in the Netherlands and Germany)
No data to American or Chinese servers
Full compliance with EU AI Act and GDPR
Data is NEVER used for AI training

Technical Safeguards

End-to-end encryption of all data
Strict access controls and audit logging
Regular security audits by independent parties
ISO 27001 and NEN 7510: Certification process planned for Q2 2026
Compliance with BIO 2.0 framework

6. Retention Periods

We do not retain your personal data longer than necessary for the purposes for which it was collected:

Data Type Retention Period
Account data During contract term + 3 months
AI interactions 30 days (configurable per organization)
Financial records 7 years (legal obligation)
Server logs 90 days

7. Data Sharing

We never sell your personal data to third parties. We only share data in the following cases:

With Your Consent

Only when you have explicitly given consent

Processors

Carefully selected EU partners for hosting and infrastructure, always under strict processor agreements

Legal Obligation

When we are legally required to provide data to competent authorities

7.1 Sub-processors

We use the following sub-processors that comply with the highest security and privacy standards:

Microsoft Azure (West Europe)

For secure, certified cloud hosting of our platform and your data. All data storage is configured to remain within this EU region.

SendGrid (EU Servers)

For sending transactional emails and system notifications. Data processing exclusively within the EU.

All sub-processors are bound by strict processor agreements in accordance with Article 28 GDPR.

8. Security

We take the protection of your data very seriously and have implemented appropriate technical and organizational measures:

Encryption

TLS 1.3 for transport, AES-256 for storage

Access Control

Multi-factor authentication, role-based access

Monitoring

24/7 security monitoring and incident response

Backup

Regular backups with encryption

9. Your Rights

Under the GDPR, you have the following rights with respect to your personal data:

To exercise these rights, you can contact us at privacy@edugpt.nl. We will respond to your request within 4 weeks.

10. Cookies

Privacy-Friendly Website

We use no tracking cookies or analytical cookies. No Google Analytics, no Facebook Pixel, no retargeting.

We only store one functional cookie:

Theme preference: Remembers whether you prefer light or dark mode

11. Changes to This Privacy Policy

We may update this privacy policy from time to time to keep it current. You will always find the most recent version on this page. For substantial changes, we will inform active users by email.

This policy was last updated on: September 10, 2025

12. Contact and Complaints

Questions About Privacy?

Do you have questions about this privacy policy or how we handle your data? Please feel free to contact us:

Email: privacy@edugpt.nl
Phone: +31 6 2199 1666
Mail: CivAI B.V. i.o., The Hague, The Netherlands

File a Complaint with the DPA

You also have the right to file a complaint with the Dutch Data Protection Authority. More information can be found at autoriteitpersoonsgegevens.nl

Privacy & Trust Are Central

Do you have questions about our privacy policy or want to learn more about our security measures?

Contact Privacy Team View Security Measures