← Back

Privacy Policy

Effective: TBD (placeholder; replace at publish time)

This Privacy Policy explains how Peaks Education ("we", "us") collects,

uses, shares, and protects your information.

What we collect

Account information

  • Name, email address, password (hashed; we never see plaintext).
  • The school you're affiliated with, your role, and any access-grant

metadata an administrator created for you.

Academic content you provide

  • Schedules you upload (e.g., NAU LOUIE exports).
  • Syllabi, notes, exam materials, and other study content you upload.
  • Course enrollments inferred from your uploads.

Activity data

  • Study sessions, quiz attempts, mastery progress, agent

conversations.

  • Audit log of authentication events (IP address, user-agent string,

timestamp).

Payment data

  • We do not store full payment-card numbers. Stripe handles your card

details. We receive only a customer id, a non-sensitive last-4

reference, and the subscription state from Stripe.

Cookies

  • A session cookie for authentication.
  • A short-lived two-factor challenge cookie when you sign in.
  • We do not use third-party advertising trackers.

How we use it

  • To deliver the Service: authenticate you, render your courses,

surface AI-generated explanations, manage payment.

  • To keep the Service safe: detect abuse, enforce rate limits, review

uploaded content for academic-integrity violations.

  • To communicate: transactional emails (verification, receipts, alerts),

occasional product announcements (you can opt out of the second).

  • To improve the Service: aggregate usage analytics. We do not sell

personal data.

How we share it

Service providers (sub-processors)

Provider Role Data
Google Cloud (Cloud Run, Cloud SQL, GCS) Hosting + storage All data
Stripe Payments Email, name, payment metadata
Resend Transactional email Email, full name, message body
Anthropic (Claude API) AI tutoring Anonymized prompts derived from your content
Google (Gemini API) AI tutoring + extraction Anonymized prompts derived from your content

We require sub-processors contractually to (a) use your data only for

providing the service, (b) implement reasonable security, and (c) not

train their models on your data where that option is available.

Schools

Where your school has signed a Data Processing Agreement with us, we

may share education-record data with that school in the role of a

"school official with legitimate educational interest" under FERPA. See

the Student Data Notice for details.

Legal

We may disclose information if required by law, valid legal process,

or to protect the rights, safety, or property of any person.

Retention

  • Active accounts: while the account is open and for 30 days after

closure, except where a longer period is required by law.

  • Audit logs: 18 months.
  • Backups: 30 days.

You can request deletion of your account at any time from

/settings/security or by emailing support@peakseducation.com.

Your rights

Depending on where you live, you may have rights to:

  • Access the data we have about you.
  • Correct inaccurate data.
  • Request deletion ("right to be forgotten" under GDPR; "right to

delete" under CCPA/CPRA).

  • Port your data to another service.
  • Opt out of certain processing.

We provide a self-service data export at /settings/security for

account-level data. For other requests, email

support@peakseducation.com; we respond within 30 days.

We do not sell or "share" personal information for cross-context

behavioral advertising as those terms are defined under California

law.

Children

The Service is intended for users 18 and older. We do not knowingly

collect personal information from children under 13. If we learn we

have, we delete it.

Security

  • Passwords are hashed with Argon2id.
  • Sessions are server-validated, rotated, and bound to short windows.
  • Sensitive credentials (e.g., Canvas tokens) are encrypted at rest

with AES-256-GCM.

  • All traffic is over TLS.
  • We log authentication events and review them periodically.

No system is perfectly secure. If you suspect your account has been

compromised, contact support@peakseducation.com immediately.

International users

We process data in the United States. If you are in the European

Economic Area, the United Kingdom, or another jurisdiction with data

transfer requirements, your data may be transferred to and processed

in the United States under applicable safeguards (Standard Contractual

Clauses where required).

Changes

We will post material changes with a new effective date and surface

them in-app for re-acceptance.

Contact

Privacy questions: support@peakseducation.com

Mailing address: [fill in]

Version v1.0 — effective 5/2/2026.