ThirdSlate — Built for Students. Learning that Adapts to You.

Effective Date: January 1, 2026
Last Updated: January 1, 2026

1. Introduction & Overview

Welcome to ThirdSlate. We are committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your personal information.

ThirdSlate ("we," "us," or "our") operates as the data controller for the ThirdSlate platform—an AI-powered educational technology web application designed to enhance learning for students, educators, and academic institutions. Our platform provides personalized AI-driven learning experiences, study analytics, interactive practice questions, and contextual explanations based on your course materials.

This Privacy Policy describes how we handle your information across all access points, including our website, web application, mobile interfaces, and API services. It applies to all users of the ThirdSlate platform.

We are committed to:

Respecting your privacy rights under applicable laws
Maintaining transparency about our data practices
Providing you with meaningful control over your information
Implementing robust security measures to protect your data

Scope: This Privacy Policy governs all interactions with ThirdSlate services, including account creation, material uploads, AI chat interactions, practice question generation, and all related features.

Previous Versions: We maintain an archive of previous policy versions. You may request access to historical versions by contacting us at privacy@thirdslate.com.

2. Information We Collect

We collect various types of information to provide, improve, and secure our services. Below is a comprehensive breakdown of the data we collect:

Account Information

When you create a ThirdSlate account, we collect:

Full name
Email address
Password (stored as an encrypted hash)
University or educational institution affiliation
Optional profile information (profile picture, academic program, year of study)
Account preferences and settings

Usage Data

To understand how you interact with our platform and improve your experience, we collect:

Pages visited and features accessed
Time spent on different sections of the platform
Navigation patterns and click behavior
Session duration and frequency of visits
Log files containing access times and timestamps
Interaction metrics (e.g., number of chat queries, practice questions completed)
Feature usage statistics and engagement patterns

Learning & Content Data

To provide personalized educational experiences, we collect:

Course materials you upload (PDFs, DOCX, TXT, MD, and other supported formats)
Course selections and academic subject areas
AI-generated study materials, notes, and summaries
Chat conversation history with our AI assistant
Questions you ask and explanations you receive
Practice question sets generated for you
Your answers to practice questions and quiz results
Study progress and performance metrics
Bookmarks, favorites, and saved content

Device & Technical Data

To ensure platform functionality and security, we automatically collect:

IP address
Browser type and version
Operating system and device type
Device identifiers (mobile device ID, if applicable)
Screen resolution and display settings
Application performance logs and error reports
Network information and connection type
Referring URLs and exit pages

Cookies & Tracking Data

We use cookies and similar technologies to enhance your experience:

Session Cookies: Maintain your login state and active session
Analytics Cookies: Track usage patterns and platform performance
Preference Cookies: Remember your settings and customization choices
Functional Cookies: Enable specific features like saved courses and chat history

For detailed information, see our Cookies and Tracking Technologies section below.

Third-Party Sources

We may receive limited information from:

Single Sign-On (SSO) Providers: When you log in using Google or university authentication systems, we receive basic profile information (name, email, profile picture) as permitted by those services
Educational Institutions: If your institution partners with ThirdSlate, we may receive verification of your student status and institutional affiliation

3. How We Use Your Information

We use your information for legitimate, transparent purposes that enhance your educational experience and ensure platform functionality:

To Deliver Personalized Educational Experiences

Generate contextual explanations and study materials based on your uploaded content
Create personalized practice questions tailored to your learning materials
Provide AI-driven recommendations for study topics and areas requiring focus
Adapt content difficulty and pacing to your demonstrated knowledge level
Build learning pathways customized to your academic goals

To Improve AI Models, Accuracy, and Performance

Train and refine our AI algorithms to provide more accurate explanations
Enhance question generation quality and relevance
Improve natural language understanding for better chat interactions
Develop new features and learning methodologies
Conduct quality assurance testing and validation

Note: When used for AI improvement, personal identifiers are anonymized or removed wherever technically possible.

To Maintain Security, Prevent Fraud, and Enforce Acceptable Use

Detect and prevent unauthorized access to accounts
Monitor for suspicious activity and potential security threats
Enforce our Terms of Service and Acceptable Use Policy
Investigate violations and respond to reported abuse
Protect against spam, malware, and malicious behavior

To Provide Customer Support and Communications

Respond to your inquiries, feedback, and support requests
Send service-related notifications and platform updates
Communicate about new features, improvements, and educational content
Deliver account security alerts and important administrative messages
Provide technical assistance and troubleshooting

To Comply with Legal Obligations

Fulfill legal requirements for data retention and reporting
Respond to lawful requests from government authorities
Manage and document user consent preferences
Comply with court orders, subpoenas, and regulatory requirements

To Conduct Aggregate Analytics and Academic Research

Generate anonymized usage statistics and trend reports
Conduct educational research on learning effectiveness (using non-identifiable data only)
Analyze platform performance and user engagement patterns
Publish academic findings or case studies (with all personal identifiers removed)

4. Legal Bases for Processing

We process your personal information based on the following lawful grounds, as required by the General Data Protection Regulation (GDPR) and the Personal Information Protection and Electronic Documents Act (PIPEDA):

Consent

We rely on your explicit consent when:

You create an account and agree to our Terms of Service and Privacy Policy
You opt-in to receive marketing communications or newsletters
You enable optional features that require additional data processing
You provide sensitive information voluntarily

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal. To withdraw consent, visit your account settings or contact privacy@thirdslate.com.

Contractual Necessity

Processing is necessary to:

Provide the core services you've signed up for
Maintain your account and enable platform access
Process your uploaded materials and generate AI-based content
Deliver the features and functionality described in our Terms of Service

Legitimate Interests

We process certain data based on legitimate interests that are not overridden by your rights:

Improving platform functionality and user experience
Conducting security monitoring and fraud prevention
Performing analytics to understand usage patterns
Developing new features and services
Sending service-related communications

Legal Obligations

We process data when required to:

Comply with applicable laws and regulations
Respond to legal requests from authorities
Fulfill retention requirements for educational technology providers
Meet our obligations under data protection legislation

5. Data Storage & Security

Protecting your information is a top priority. We implement comprehensive security measures across technical, physical, and organizational domains.

Security Measures

Encryption:

All data is encrypted in transit using TLS 1.3 or higher
Sensitive data is encrypted at rest using AES-256 encryption
Passwords are hashed using industry-standard algorithms (bcrypt with salt)

Access Controls:

Role-based access control (RBAC) limits employee access to data
Multi-factor authentication (MFA) required for administrative access
Regular access audits and permission reviews
Principle of least privilege enforced throughout our systems

Infrastructure Security:

Secure cloud hosting with enterprise-grade security certifications
Regular security vulnerability assessments and penetration testing
Intrusion detection and prevention systems
Automated monitoring and alerting for suspicious activity
Regular security patch management and updates

Operational Security:

Employee training on data protection and privacy practices
Confidentiality agreements with all personnel
Secure development lifecycle practices
Incident response plan and procedures

Data Storage Locations

Your data is stored in secure data centers located primarily in:

Canada: Primary hosting for Canadian users
United States: Cloud infrastructure and backup facilities
Europe: For users in the European Economic Area (where applicable)

We select hosting providers based on their security certifications, compliance with international data protection standards, and contractual commitments to safeguard your information.

Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy:

Active Account Data: Retained while your account remains active and for legitimate operational purposes

Deleted Account Data: Upon account deletion, personal data is removed within 30-90 days, except where longer retention is required by law

Backup Systems: Data in backup systems is purged according to our backup retention schedule (typically within 90 days of primary deletion)

Legal Hold: Data may be retained longer when required for legal proceedings, investigations, or regulatory compliance

Security Incident Response

In the event of a data breach that poses a risk to your rights and freedoms:

We will notify affected users without undue delay
Notifications will include the nature of the breach, likely consequences, and mitigation measures
We will report incidents to relevant supervisory authorities as required by law
We maintain detailed incident logs and conduct post-incident reviews

If you have security concerns, please report them immediately to security@thirdslate.com.

6. Sharing & Disclosure of Information

We are committed to protecting your privacy and do not sell your personal information to third parties. We only share data with trusted service providers and partners who help us deliver and improve our services.

Service Providers & Subprocessors

We share information with carefully vetted third parties who provide essential services:

Hosting & Infrastructure Providers:

Cloud hosting and database providers
Content delivery networks

AI Service Providers:

AI model and language processing APIs
Vector database and semantic search providers

Analytics & Performance Tools:

Plausible Analytics (privacy-focused usage analytics)
Google Analytics (with anonymized IP addresses, if applicable)
Error tracking and performance monitoring services

Payment Processors (if applicable):

Secure payment gateways for subscription management
Payment processors comply with PCI DSS standards

Communication Services:

Email service providers for transactional messages
Customer support platforms for ticket management

Data Processing Agreements

All service providers and subprocessors are bound by:

Comprehensive data processing agreements (DPAs)
Contractual obligations to protect your information
Restrictions on using data for their own purposes
Requirements to implement appropriate security measures
Commitments to comply with applicable data protection laws

Legal & Regulatory Disclosures

We may disclose your information when required by law or to protect rights:

In response to lawful requests from government authorities, law enforcement, or courts
To comply with legal obligations, subpoenas, or court orders
To protect and defend our legal rights and property
To investigate potential violations of our Terms of Service
To protect the safety and security of our users and the public
In connection with a merger, acquisition, or sale of assets (with notice to affected users)

Educational Institutions

If your institution has a partnership or licensing agreement with ThirdSlate:

We may share aggregated, non-identifiable analytics about platform usage
We may verify your enrollment status with your institution
We do not share individual learning data without explicit consent
Institution agreements include strict data protection requirements

No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Any data sharing is limited to the purposes described in this section and governed by strict contractual protections.

7. User Rights & Controls

You have significant rights regarding your personal information. We provide accessible mechanisms to exercise these rights.

Access to Your Information

You have the right to:

View all personal information we hold about you
Receive a copy of your data in a structured, commonly used format
Understand how your data is being used

How to Access: Log in to your account and visit Settings > Privacy > Download My Data, or email privacy@thirdslate.com with your request.

Correction & Update

You have the right to:

Correct inaccurate or incomplete personal information
Update your profile details, preferences, and settings

How to Correct: Edit your information directly in your account settings, or contact support@thirdslate.com for assistance.

Deletion & Right to be Forgotten

You have the right to:

Request deletion of your account and associated personal data
Have your information erased when no longer necessary for the purposes collected
Be forgotten, subject to legal retention requirements

How to Delete: Navigate to Settings > Account > Delete Account, or email privacy@thirdslate.com with your deletion request. Please note that deletion is permanent and cannot be undone.

Important: Some data may be retained for legal, security, or operational purposes as described in our Data Retention Policy.

Data Portability

You have the right to:

Receive your data in a machine-readable format (JSON, CSV)
Transfer your data to another service provider

How to Export: Visit Settings > Privacy > Export My Data to download your information, including uploaded materials, chat history, and practice question results.

Opt-Out & Communication Preferences

You have the right to:

Unsubscribe from marketing and promotional emails
Opt out of certain analytics tracking
Manage cookie preferences

How to Opt Out:

Click "Unsubscribe" in any marketing email
Adjust preferences in Settings > Privacy > Communications
Use your browser settings to block or delete cookies (note: some features may not function properly)

Right to Withdraw Consent

You have the right to:

Withdraw consent for data processing based on consent at any time
Change your mind about optional data collection

How to Withdraw: Contact privacy@thirdslate.com or adjust settings in your account preferences. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

Right to Object

You have the right to:

Object to processing based on legitimate interests
Object to automated decision-making and profiling (if applicable)

How to Object: Email privacy@thirdslate.com with details of your objection.

Right to Lodge a Complaint

If you believe your privacy rights have been violated, you have the right to:

File a complaint with your local data protection authority
Contact the appropriate supervisory authority in your jurisdiction

Relevant Authorities:

Canada: Office of the Privacy Commissioner of Canada (www.priv.gc.ca)
European Union: Your national Data Protection Authority (www.edpb.europa.eu)
California: California Attorney General (www.oag.ca.gov)

We encourage you to contact us first at privacy@thirdslate.com so we can address your concerns directly.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to provide functionality, improve performance, and understand how you use our platform.

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us recognize you, remember your preferences, and provide a better user experience.

Types of Cookies We Use

Strictly Necessary Cookies:

Essential for basic platform functionality
Enable login and authentication
Maintain security and prevent fraud
Cannot be disabled without affecting core features

Functional Cookies:

Remember your preferences and settings
Store your course selections and favorites
Enable personalized features
Enhance user experience

Analytics Cookies:

Help us understand platform usage patterns
Measure feature performance and engagement
Identify areas for improvement
Generate aggregated, non-identifiable statistics

Session Cookies:

Temporary cookies that expire when you close your browser
Maintain your active session
Enable navigation between pages without repeated login

Persistent Cookies:

Remain on your device for a set period or until manually deleted
Remember you on return visits
Store long-term preferences

Third-Party Cookies

We use limited third-party cookies from:

Analytics providers (to measure platform performance)
Authentication services (to enable single sign-on)

These third parties have their own privacy policies governing their use of cookies.

Managing Cookies

Browser Controls: You can manage cookies through your browser settings:

Chrome: Settings > Privacy and Security > Cookies
Firefox: Preferences > Privacy & Security > Cookies
Safari: Preferences > Privacy > Cookies
Edge: Settings > Privacy > Cookies

Platform Controls: Visit Settings > Privacy > Cookie Preferences to adjust non-essential cookies.

Impact of Disabling Cookies: Disabling cookies may affect platform functionality, including:

Loss of personalized settings
Inability to stay logged in
Reduced feature availability
Less relevant recommendations

Cookie Policy

For comprehensive details about our cookie practices, please refer to our standalone Cookie Policy (if available) or contact privacy@thirdslate.com.

9. AI Data Usage Disclosure

ThirdSlate uses artificial intelligence to provide personalized learning experiences. This section explains how AI processes your data.

How AI Uses Your Data

Content Processing:

Your uploaded course materials are processed to extract key concepts and generate explanations
Documents are chunked, embedded, and stored in vector databases for semantic search
AI models analyze your materials to generate relevant practice questions

Chat Interactions:

Your questions and conversations with the AI assistant are processed to provide contextual responses
Chat history is used to maintain conversation continuity and improve response quality
Interactions may be used to refine AI accuracy (with anonymization where possible)

Learning Analytics:

Your performance on practice questions helps adapt difficulty and content
Study patterns are analyzed to provide personalized recommendations
Progress data informs AI-driven learning pathways

Personal Identifiers & Anonymization

We are committed to protecting your identity when using data for AI improvement:

Personal identifiers (name, email, student ID) are stripped or anonymized before AI training
Content is aggregated and de-identified for model improvement
Direct associations between your identity and specific learning materials are minimized where technically feasible

Important: While we implement anonymization, complete de-identification is not always possible for providing personalized educational experiences. Your uploaded materials and chat history are associated with your account to enable core functionality.

Ethical AI Commitment

We adhere to ethical AI principles:

Transparency: We clearly explain how AI processes your data
Fairness: We work to minimize bias in AI-generated content
Accountability: We maintain oversight of AI outputs and address errors
Privacy by Design: Privacy protections are built into AI systems from the ground up
Human Oversight: Critical decisions involve human review

Automated Decision-Making

ThirdSlate uses automated processing to:

Generate study materials and explanations
Recommend learning pathways
Create personalized practice questions
Assess answers to practice questions

You have the right to:

Understand the logic behind automated decisions
Request human review of AI-generated content
Object to automated processing (though this may limit platform functionality)

Third-Party AI Providers

We use external AI services subject to:

Strict data processing agreements
Confidentiality obligations
Prohibitions on using your data for their own model training (where contractually enforceable)

10. Children's Privacy

ThirdSlate is designed for post-secondary students and is not intended for use by children under 16 years of age.

Age Restrictions

Users must be at least 16 years old to create an account
Users under 18 but over 16 may use the platform with parental consent where required by law
We do not knowingly collect personal information from children under 16

Parental Consent

If you are under 18 and over 16, depending on your jurisdiction:

Parental or guardian consent may be required
Your institution may provide consent on behalf of eligible students
We may verify age through institutional email addresses or other means

Verification Procedures

If we discover that we have collected information from a child under 16 without appropriate consent:

We will delete that information promptly
We will terminate the account
We will notify the account holder

Parent/Guardian Rights

If you believe your child has created an account without permission:

Contact us immediately at privacy@thirdslate.com
We will verify the claim and delete the account if confirmed
You may request copies of any collected information before deletion

11. International Data Transfers

ThirdSlate may transfer your personal information across international borders to provide our services globally.

Legal Framework for Transfers

From the European Economic Area (EEA):

We rely on Standard Contractual Clauses (SCCs) approved by the European Commission
Data transfers to third countries are subject to adequate safeguards
We implement supplementary measures where necessary to ensure equivalent protection

From Canada:

Transfers comply with PIPEDA requirements for cross-border data flows
We obtain consent where required for transfers to jurisdictions without adequate protection
Contracts with service providers include commitments to uphold Canadian privacy standards

From the United States:

We comply with applicable state laws regarding international transfers
California users receive protections consistent with CCPA requirements

Safeguards for International Transfers

We ensure lawful and secure cross-border data handling through:

Data Minimization: Transferring only necessary data
Encryption: Protecting data in transit and at rest
Contractual Protections: Binding agreements with data processors
Regular Audits: Monitoring compliance with transfer safeguards
Transparency: Informing users of transfer locations and protections

Data Processing Locations

Your data may be processed in:

Canada (primary hosting for Canadian users)
United States (cloud infrastructure and AI services)
European Union (for EEA users where applicable)

You have the right to:

Know where your data is processed
Request information about safeguards in place
Object to transfers to specific jurisdictions (subject to operational limitations)

12. Data Retention Policy

We retain your information only as long as necessary for the purposes described in this Privacy Policy or as required by law.

Retention Periods by Category

Account Data:

Retained while your account is active
Deleted within 30-90 days after account closure request
Exception: Data may be retained longer if required for legal, security, or legitimate business purposes

Learning Materials:

Uploaded course materials: Retained while your account is active
Deleted within 90 days of account deletion or individual file deletion request

Chat History & Generated Content:

Stored for the duration of your active account
You may delete individual chat sessions or practice question sets at any time
Bulk deletion occurs upon account closure

Usage & Analytics Data:

Aggregated, non-identifiable analytics may be retained indefinitely
Individual usage logs retained for up to 2 years for security and operational purposes

Financial Records (if applicable):

Retained for 7 years to comply with tax and accounting regulations

Legal Hold Data:

Data subject to legal proceedings, investigations, or regulatory requirements may be retained beyond standard periods until the matter is resolved

Backup Deletion

Data removed from production systems is also purged from backups according to our backup retention schedule
Backup purging typically occurs within 90 days of primary deletion
Archived backups may retain data longer for disaster recovery purposes

Archival Practices

Anonymized or aggregated data used for research and analytics may be archived indefinitely
Archived data contains no personally identifiable information

To request early deletion or information about specific retention periods, contact privacy@thirdslate.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational needs.

How We Notify You

When we make changes:

Material Changes: We will notify you via email and/or a prominent notice on our platform at least 30 days before changes take effect
Non-Material Changes: We will update the "Last Updated" date at the top of this policy
In-App Notices: You may see a notification banner alerting you to policy updates

Your Acceptance

Continued use of ThirdSlate after the effective date of changes constitutes your acceptance of the revised Privacy Policy
If you do not agree with changes, you should discontinue use and may delete your account

Accessing Previous Versions

We maintain an archive of previous policy versions. To review past versions, please contact privacy@thirdslate.com with the date range you're interested in.

14. Contact Information

We value your privacy and welcome your questions, concerns, or requests regarding this Privacy Policy.

Privacy Team:
Email: privacy@thirdslate.com

General Support:
Email: support@thirdslate.com

Mailing Address:
Adelecte 23 Thavasi Nagar, Coimbatore, Tamil Nadu India - 641025

Data Protection Officer (if applicable):
Email: dpo@thirdslate.com

Response Time: We aim to respond to all privacy inquiries within 30 days. For urgent matters, please mark your email as "Urgent."

15. Additional Clauses

Compliance with Privacy Laws

ThirdSlate is committed to complying with applicable privacy and data protection laws, including:

PIPEDA (Personal Information Protection and Electronic Documents Act) – Canada:

We collect, use, and disclose personal information only for purposes that a reasonable person would consider appropriate
We obtain meaningful consent before collecting or using personal information
We provide access to personal information upon request

GDPR (General Data Protection Regulation) – European Union:

We process personal data lawfully, fairly, and transparently
We minimize data collection to what is necessary
We honor all GDPR rights, including access, rectification, erasure, and portability

CCPA/CPRA (California Consumer Privacy Act / California Privacy Rights Act) – California:

California residents have specific rights under CCPA, including the right to know, delete, and opt-out
We do not sell personal information
For CCPA-specific requests, email privacy@thirdslate.com with "CCPA Request" in the subject line

FERPA (Family Educational Rights and Privacy Act) – United States:

We recognize educational records may contain FERPA-protected information
We implement safeguards consistent with FERPA requirements for educational technology providers
We do not disclose educational records without appropriate consent or legal authorization

OECD Privacy Principles:

We follow internationally recognized privacy principles, including collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability

Data Breach Notification Policy

In the event of a data breach affecting your personal information:

Notification Timeline:

We will notify affected users without undue delay and within 72 hours of becoming aware of the breach (where feasible)
Notifications will be sent via email or in-app message

Notification Contents:

Description of the breach and affected data
Likely consequences and potential risks
Measures taken to address the breach and prevent future incidents
Contact information for questions or concerns
Advice on protective measures you can take

Regulatory Reporting:

We will report breaches to relevant supervisory authorities as required by law
Cooperation with authorities to investigate and resolve incidents

Third-Party Links Disclaimer

ThirdSlate may contain links to third-party websites, services, or resources not operated by us.

We are not responsible for:

The privacy practices of third-party websites
Content, accuracy, or functionality of external sites
Data collected by third parties through links from our platform

Recommendation: Review the privacy policies of any third-party sites you visit. Clicking external links is at your own discretion and risk.

Do Not Track (DNT) Notice

Current Browser DNT Signals: Some web browsers have a "Do Not Track" (DNT) feature that signals websites not to track your browsing activity.

Our DNT Response:

There is currently no universally accepted standard for responding to DNT signals
ThirdSlate does not respond to DNT browser signals at this time
We honor opt-out preferences set within your account settings

Alternative Options:

Use your account privacy settings to control data collection
Adjust cookie preferences in your browser
Opt out of analytics tracking where provided

AI Ethics and Transparency Statement

ThirdSlate is committed to responsible and ethical use of artificial intelligence.

Our Commitments:

Transparency: We clearly communicate when and how AI is used
Accuracy: We continuously work to improve AI-generated content quality
Bias Mitigation: We actively monitor and address potential biases in AI outputs
Human Oversight: Critical functions include human review and validation
User Control: You can provide feedback on AI responses and request human review

Limitations:

AI-generated content may occasionally contain inaccuracies or "hallucinations"
We encourage critical evaluation of AI-provided explanations
AI is a tool to enhance learning, not replace human instruction

Feedback & Improvement: Report AI accuracy concerns or biases to aiethics@thirdslate.com. Your feedback helps us improve.

16. Summary

ThirdSlate values your privacy and is committed to transparency, security, and user control. This Privacy Policy explains how we collect, use, and protect your information while providing personalized AI-powered learning experiences.

Key Takeaways:

We collect information necessary to provide educational services
We do not sell your personal data
You have significant rights to access, correct, and delete your information
We use industry-standard security measures to protect your data
We comply with GDPR, PIPEDA, CCPA, FERPA, and other privacy laws
AI processing is transparent, and you retain control over your data

For questions or to exercise your privacy rights, contact us at privacy@thirdslate.com.

Thank you for trusting ThirdSlate with your learning journey.

This Privacy Policy is effective as of January 1, 2026, and supersedes all previous versions.