Privacy Policy

1. Who We Are

Wizar Learning Inc. ("Wizar," "we," "us," or "our") is a Canadian-incorporated educational technology company headquartered in Vancouver, British Columbia, Canada. We operate the Learnverse platform and related services (collectively, the "Platform" or "Service").

Data Controller: Wizar Learning Inc., Vancouver, BC, Canada.
Contact: privacy@wizar.io

2. Scope of This Policy

This Privacy Policy applies to all users of the Learnverse platform, including students, parents and guardians, teachers, school administrators, and any other individuals who access or use our Service through web browsers, mobile applications, or any other means. It covers data collected through the Platform, our website (wizar.io), and any associated services.

3. Personal Data We Collect

We collect personal data — meaning information that can identify an individual — in the following categories:

We do not collect: biometric data, precise geolocation, financial information from students, social media profiles of students, or any data not necessary for the educational purpose of the Platform.

4. Why We Collect Personal Data (Purpose)

Every piece of personal data we collect serves a specific educational purpose:

• To provide the Service: Creating accounts, authenticating users, delivering personalised learning paths, and tracking progress through the AI literacy curriculum.
• To support educators: Providing teachers and administrators with dashboards, analytics, and portfolio reports to monitor student learning and inform instruction.
• To improve learning outcomes: Analysing aggregated and anonymised learning data to improve curriculum design, identify effective pedagogies, and enhance Platform features.
• To communicate: Sending essential service notifications (e.g., password resets, account updates, privacy policy changes) and, with consent, educational updates.
• To ensure safety: Detecting and preventing unauthorised access, abuse, or misuse of the Platform.
• To comply with legal obligations: Meeting regulatory requirements under applicable privacy laws.

5. How We Use Personal Data

Personal data is used solely to fulfil the purposes stated above. Specifically:

• Learning data powers adaptive content delivery, formative assessments, and competency tracking within the Platform.
• Account data is used for authentication, role-based access, and connecting students to their teachers and schools.
• Aggregated, de-identified data may be used for research to improve educational outcomes. Such data cannot be traced back to any individual.

6. Non-Personal Data We Collect

We also collect non-personal (anonymous or aggregated) data that cannot identify any individual:

• Device and browser information: Device type, operating system, browser type, screen resolution.
• Usage analytics: Pages visited, features used, session duration, interaction patterns (clicks, scrolls).
• Performance data: Page load times, error logs, crash reports.
• Aggregated learning statistics: Class-level or school-level performance metrics, curriculum completion rates, feature engagement patterns.

7. How We Use Non-Personal Data

Non-personal data is used to:

• Monitor and improve Platform performance, stability, and user experience.
• Understand how features are used and prioritise product development.
• Generate aggregated reports for schools and partners on overall usage and impact.
• Conduct educational research using de-identified data to advance the field of AI literacy education.

Non-personal data is never sold to third parties or used for advertising.

8. Children's Privacy

Protecting children is at the core of everything we do. Learnverse is designed for learners in Grades 3–8 (approximately ages 8–13), and we take the following measures:

• Parental/guardian consent: For children under the age of 13 (or the applicable age of consent in the child's jurisdiction), we require verifiable parental or guardian consent before collecting any personal data, unless the account is created and managed by the child's school under an educational agreement.
• School-managed accounts: When schools create student accounts, the school acts as the agent of the parent and provides consent on behalf of families, as permitted under COPPA and equivalent regulations.
• No marketing to children: Children's data is never used for marketing, advertising, or promotional purposes — by us or by any third party.
• No behavioural targeting: We do not build behavioural profiles of children for any non-educational purpose.
• No external advertisements: The Platform does not display any third-party advertisements.
• Minimal data collection: We collect only the data necessary to provide the educational service.
• Age-appropriate design: The Platform is designed with age-appropriate experiences, content, and interactions.
• Parental access: Parents and guardians may review, request correction of, or request deletion of their child's personal data at any time by contacting us.

9. Consent and Privacy by Default

Explicit consent: We obtain clear, affirmative consent before collecting personal data. Consent is requested at the point of data collection through clear, age-appropriate language. Users are informed of what data is being collected, why, and how it will be used before they provide consent.

Privacy by default: Our Platform enforces privacy by default. This means:

• Data collection settings default to the minimum necessary.
• Optional data sharing features are turned off by default.
• Student profiles and learning data are private by default and visible only to the student, their assigned teacher(s), and school administrators.
• Analytics and research use only de-identified, aggregated data unless explicit additional consent is given.

Withdrawing consent: Users (or parents/guardians on behalf of children) may withdraw consent at any time by contacting us at privacy@wizar.io. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

10. Data Sharing and Third Parties

We do not sell personal or non-personal data to any third party.

We may share limited data with the following categories of service providers, solely to operate and improve the Platform:

All third-party service providers are bound by data processing agreements that require them to:

• Process data only on our instructions and for the specified purpose.
• Implement appropriate security measures.
• Not use data for their own purposes, including marketing.
• Delete or return data upon termination of the relationship.

We may also disclose data if required by law, regulation, legal process, or governmental request.

11. AI, Machine Learning, and Data

Learnverse utilises AI technologies to enhance the learning experience:

• Adaptive learning paths: AI analyses student progress data to personalise content sequencing and difficulty.
• Generative AI features: Certain curriculum modules incorporate generative AI (e.g., for creative AI exercises like story writing or image generation). These features use third-party AI models (e.g., from providers like OpenAI) with the following safeguards:
  • No student personal data is sent to third-party AI providers. Interactions are anonymised.
  • AI guardrails and safety controls are in place to ensure age-appropriate outputs.
  • Machine-generated content is reviewed and sampled for accuracy and appropriateness.
• Dataset origin: Our curriculum content was developed by our team of educators and subject matter experts. AI models used are third-party models accessed via API; we do not train proprietary models on student data.

12. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy:

Users (or parents/guardians) may request earlier deletion at any time. Schools may request bulk deletion of student data when a partnership ends.

13. Data Security

We implement industry-standard technical and organisational measures to protect data:

• Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Access controls: Role-based access ensures employees only access data necessary for their function.
• Infrastructure: Hosted on SOC 2-compliant cloud infrastructure with regular security audits.
• Vulnerability management: Regular patching, dependency scanning, and penetration testing.
• Incident response: Documented incident response procedures. In the event of a data breach that poses a risk to users, we will notify affected individuals and relevant authorities within 72 hours as required by applicable law.
• Employee training: All team members receive data protection and security awareness training.

14. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you (or your child).
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): Request deletion of your personal data.
• Right to data portability: Request your data in a structured, machine-readable format.
• Right to restrict processing: Request limitation of how we use your data.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent.
• Right to lodge a complaint: File a complaint with your local data protection authority.

To exercise any of these rights, contact us at privacy@wizar.io. We will respond within 30 days (or sooner if required by applicable law).

15. GDPR Compliance (European Users)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we comply with the General Data Protection Regulation (GDPR):

• Legal bases for processing: We process personal data based on: (a) consent, (b) performance of a contract (providing the Service), (c) compliance with legal obligations, and (d) legitimate interests (Platform improvement), balanced against the individual's rights.
• Data Protection Officer: Enquiries can be directed to privacy@wizar.io.
• Supervisory authority: You have the right to lodge a complaint with your local data protection authority.
• Cross-border transfers: See Section 18 (International Data Transfers).

16. COPPA Compliance (United States)

For users in the United States, we comply with the Children's Online Privacy Protection Act (COPPA):

• We obtain verifiable parental consent before collecting personal information from children under 13, except where schools provide consent under the school official exception.
• Parents can review their child's personal information, request its deletion, and refuse further collection.
• We do not condition a child's participation on providing more personal information than is reasonably necessary.
• We maintain reasonable procedures to protect the confidentiality, security, and integrity of children's personal information.

17. PIPEDA Compliance (Canada)

As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation:

• We obtain meaningful consent for the collection, use, and disclosure of personal information.
• We collect personal information only for purposes that a reasonable person would consider appropriate.
• Individuals may access their personal information and challenge its accuracy.
• Personal information is protected by appropriate security safeguards.
• Our privacy practices are open and transparent.

18. International Data Transfers

Wizar Learning operates in Canada and India. Your data may be processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.
• Data processing agreements with all service providers that mandate equivalent protections.
• Storage on infrastructure that complies with local data protection requirements.

19. Cookies and Tracking Technologies

We use cookies and similar technologies for essential Platform functionality:

• Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
• Analytics cookies: Used to understand Platform usage and improve performance. These are opt-in and use anonymised data.
• No advertising cookies: We do not use cookies for advertising or cross-site tracking.

You can manage cookie preferences through your browser settings or through our cookie consent banner.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

• Notify you via email (for registered users) and through a prominent notice on the Platform.
• Provide a summary of changes at the top of the updated policy.
• Update the "Last updated" date at the top of this page.
• Provide at least 30 days' notice before changes take effect for substantive modifications.
• Where required by law, obtain renewed consent for any material changes to data processing.

21. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Wizar Learning Inc.
Email: privacy@wizar.io
Website: www.wizar.io
Vancouver, BC, Canada

We aim to respond to all privacy enquiries within 30 days.