top of page

Privacy Policy

Plain English:

The only data we currently collect when you sign in with your gmail is:
 

  1. Your name
     

  2. Your email
     

  3. OPTIONALLY:
    The ability to make new google forms and access only the ones that we have made. We will NOT be able to access anything else on your google drive. You can revoke this access at any time.

We use your email to send you only emails such as when you sign up for a paid plan, and they will always have an option to unsubscribe. Otherwise, we do not use this information for anything at all.

What happens to the text you input?

It is used to create your questions and may be used to improve the product more broadly. We do not sell it or any other information to any other party. Inputting any personally identifiable information is strictly forbidden by our Terms of Use. Open AI does not have access to it either, as we have opted out of that.

 

The Fine Print:

This Privacy Policy describes how QuestionWell collects, uses, and shares information about you when you use our web application (the "Service").

Information we collect.

We collect information about you when you use our Service, including:

  • Personal Information: We only collect personal information such as your name, email address that you provide when you sign in with Google.

  • User Content: We may collect information that you provide when you use the Service, such as text you paste in, questions you select or do not select, and any other user-generated content.

  • Usage Information: We may collect information about how you use the Service, such as the pages you visit, the links you click, and other actions you take while using the Service.

  • Device Information: We may collect information about the devices you use to access the Service, such as the type of device, operating system, and browser you use.

  • Miscellaneous Information: We may collect other information not specifically enumerated here, such as your IP address, location data, and other technical information about your use of the Service.

Breach Incident Response Plan
This document outlines the Breach Incident Response Plan for QuestionWell, a pioneering AI teaching tool committed to upholding the highest standards of data security and integrity. Our approach is designed to ensure quick and effective responses to any security incidents, thereby minimizing potential impacts on our customers and swiftly restoring normal operations.

How We Use Your Information

We may use the information we collect about you to:

  • Provide, operate, and improve the Service

  • Respond to your requests and inquiries

  • Send you updates, newsletters, and other communications related to the Service

  • Monitor and analyze usage of the Service in aggregate

  • Detect, prevent, and address technical issues and security vulnerabilities

  • Comply with legal obligations and enforce our policies

How We Share Your Information

We may share your information with:

  • Service Providers: We may share your information with third-party service providers who help us operate the Service, such as hosting providers, payment processors, and analytics providers.

  • Business Partners: We may share your information with business partners who offer products or services that may be of interest to you.

  • Legal Authorities: We may share your information with law enforcement agencies, courts, or other legal authorities if we are required to do so by law or if we believe that such disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of others.

 

Request Deletion of Data​
If you would like us to delete your data, simply email maya@questionwell.ai and we will delete all of your data within 5 business days. 
Security

We are committed to safeguarding your information and employ appropriate technical and organizational measures to prevent unauthorized access, disclosure, or alteration of data. These measures include encryption (in-transit & at-rest), access controls, regular security audits, and yearly employee trainings. We strive to maintain industry-standard security practices to protect the privacy of user data. 

Secrets (database credentials etc.) are encrypted and stored in GitHub, and are NOT present in the source code.

The Google API is used to allow exports to Google Forms, Google Docs, and Google Slides. We will only be able to create new files, and update files we created. We will NOT be able to access anything else on your google drive. We store your Google API tokens securely in an encrypted database. You can revoke this access at any time.

‍Compliance with FERPA & COPPA

We are fully committed to complying with the Family Educational Rights and Privacy Act (FERPA) and Children's Online Privacy Protection Rule (COPPA), as we understand the importance of protecting student data. Our webapp does not collect, store, or use any personally identifiable information (PII) of students or any other sensitive educational records. We prioritize the privacy and confidentiality of student data in accordance with FERPA and COPPA requirements.

Our Service is not intended for use by children under the age of 13, and we do not ask for or store personal information from children under the age of 13.

 

‍Third-Party Services
 

Microsoft Azure

Microsoft uses and enables the use of industry-standard encrypted transport protocols, such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec). All secrets such as encryption keys are properly secured in a secrets manager. All data is stored at a Microsoft data center on the east coast of the US. Microsoft defends your data through clearly defined and well-established response policies and processes, strong contractual commitments, and if necessary, the courts. All communication between users and our service is SSL encrypted according to industry best practices.

OpenAI

We utilize OpenAI's API to power the AI functionality of our webapp. We have opted OUT of sharing data with OpenAI to train models. We encourage you to review OpenAI's API Privacy Policy separately to understand their data handling practices. We are committed to ensuring that the use of OpenAI's API aligns with applicable data protection laws and regulations. 

Important notes from the API policy: "OpenAI will not use data submitted by customers via our API to train or improve our models, unless you explicitly decide to share your data with us for this purpose." 
For more: https://openai.com/enterprise-privacy

Stripe

For all financial transaction information we use Stripe. Stripe will not sell, retain, use or disclose Personal Data for any purpose other than for the specific purposes of performing the Services and to comply with Law. Stripe implements and maintains a written information security program and a data security incident management program that addresses how Stripe will manage a data security incident involving the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or access to, Personal Data. For more: https://stripe.com/privacy

Browserless.io

Browserless.io is used to fetch the contents of web pages for generating user content. URL’s users enter into The Service may be transmitted to browserless. For more: https://www.browserless.io/privacy-policy/ 

 

Google Authentication

We use Google OAuth to authenticate users' identities, and comply with their security recommendations. We do not process or store any plain-text client information and store tokens securely in an encrypted database. We never commit secrets, including Google OAuth secrets, to any code repositories. All secrets are stored in an encrypted secrets manager. When we no longer need access to a user's account or no longer need access to permissions that a user previously granted, their tokens are revoked. After the tokens are revoked, they are deleted permanently from the system.

Google Analytics:

Google Analytics collects the following information to help us better understand our users: number of users, session statistics, approximate geolocation, browser and device information, and number of purchases.

For more: https://policies.google.com/technologies/partner-sites 

 

Sentry.io:

Sentry collects Software bugs (errors), page loads, and API calls in order to to help us identify and fix bugs and improve performance:

For more: https://sentry.io/privacy/

Changes to This Privacy Policy ​

We may update this Privacy Policy. 

bottom of page