Skip to Content

Privacy Policy for Intellia

Effective Date: [Date of Posting] Last Updated: [Date of Last Update]

This Privacy Policy describes how Intellia, an AI-powered intelligent assistant for educational institutions, collects, uses, protects, and discloses information, including Personal Data and Student Data, when you use our website, application, and related services (collectively, the "Service").

We take the privacy of our users, particularly students, very seriously. We do not sell Student Data or use it for behavioral advertising.

1. Introduction and Scope

This Policy applies to:

  • Educational Clients: Schools, school districts, universities, and other institutions that contract with us ("Client," "Data Controller").

  • Educator Users: Teachers, administrators, and staff authorized by a Client.

  • Student Users: Students who use the Service under the control of a Client.

  • Website Visitors: Individuals who browse our marketing website but do not use the core Service.

When we process data on behalf of a Client, the Client acts as the Data Controller (determining the purposes and means of processing) and Intellia acts as the Data Processor (processing data only on the Client's documented instructions).

2. Information We Collect

We collect information based on how you interact with the Service.

A. Information Provided by Clients and Users (Personal Data)

Category of Data

Who Provides It

Purpose and Use

Account/Identity Data

Educator/Client/Admin Users

Name, email address, phone number, school/district affiliation, job title, encrypted password.

Student Data (PII/Educational Records)

Client (School/District)

Student's name or pseudonymized identifier, class enrollment, grades, attendance data, and other educational records required to deliver the core Service functions (e.g., personalized learning).

Payment Information

Client/Admin Users

Billing address, and payment card details (processed securely by a PCI-compliant third-party processor; we do not store full card numbers).

Communication Data

All Users

Content of emails, support tickets, and chat messages.

Export to Sheets

B. Content Created in the Service (User-Generated Content)

Category of Data

Description

AI Processing Use

Learning Content

Educator-created lesson plans, syllabi, prompts, and notes.

Used to generate AI Output as requested by the Educator.

Student Input

Student-submitted answers, essays, test responses, and interactions with the AI assistant features (prompts).

Used to provide real-time feedback, generate progress reports, and assess performance for the benefit of the student/school.

AI Output Data

Lesson plans, quizzes, summaries, or feedback generated by Intellia's AI based on User Input.

Retained to maintain a record of educational activity and enable the features of the Service.

Export to Sheets

C. Automatically Collected Data (Technical/Usage Data)

Category of Data

How It's Collected

Purpose and Use

Usage Data

Log files and analytical tools

Information on how users interact with the Service (e.g., features used, time spent on pages, date/time stamps).

Device/Technical Data

Cookies and similar technologies

IP address, browser type, operating system, device identifiers, and approximate geographical location.

Export to Sheets

3. How We Use Information and Legal Basis for Processing

We use the collected information for the following specific purposes:

Purpose of Processing

Type of Data Used

Legal Basis (e.g., GDPR)

To Provide the Core Service

All data (A, B, C)

Contractual Necessity (to perform the contract with the Client).

AI Model Improvement

Anonymized/Aggregated Usage and Learning Content.

Legitimate Interest (to research and develop new AI features/models, provided Student Data is properly de-identified).

Customer Support & Billing

Account, Identity, and Communication Data.

Contractual Necessity or Legitimate Interest (to manage business operations).

Security & Compliance

Technical and Account Data.

Legal Obligation and Legitimate Interest (to maintain security and prevent illegal activity).

Non-Educational Marketing

Website Visitor/Educator Account Data (only non-Student PII).

Consent (for direct marketing to adults) or Legitimate Interest(for product updates).

Export to Sheets

Crucial Note on Student Data and AI: We will NEVER use Student Data (PII or their specific content/input) to market or advertise to students or parents. We process Student Data strictly as a service provider (Data Processor) under the direction of the Client (Data Controller).

4. How We Share and Disclose Data

We only share data in the following circumstances:

  • With the Client: Student Data and Educator activity data is shared directly with the Client (school/district) that authorized the account, as they are the data owners and Controller.

  • Third-Party Service Providers (Subprocessors): We use trusted vendors to help us operate, such as cloud hosting providers (e.g., AWS, Azure) and database management services. These providers are bound by strict contractual obligations to use the data only for the purpose of providing services to us and to maintain confidentiality and security.

  • AI/Machine Learning Infrastructure: For the AI features to function, data may be processed through secure APIs of our underlying AI infrastructure partners. We ensure these partners are bound by contracts that prohibit them from retaining the data to train their models unless the data is fully anonymized.

  • Legal Requirements: We may disclose data if required by law, such as to comply with a subpoena or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred, provided the acquiring company is bound by the same privacy protections and contractual obligations regarding Student Data.

5. Data Security and Retention

A. Security Measures

We implement comprehensive technical, administrative, and physical security measures to protect Personal Data and Student Data from unauthorized access, loss, misuse, or alteration. These measures include:

  • Data encryption, both in transit (using TLS/SSL) and at rest.

  • Regular security audits and vulnerability testing.

  • Strict access controls and employee training.

  • Compliance with industry-standard security frameworks.

B. Data Retention

We retain Personal Data and Student Data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Client Data: Student and Educator data is retained based on the data retention schedule outlined in our agreement with the Client. Upon termination of the Client's contract, data is securely deleted or returned within a specified timeframe, unless legally required otherwise.

  • Anonymized Data: Data that has been permanently de-identified and anonymized may be retained indefinitely for product improvement and research purposes.

6. Children's Privacy (COPPA and FERPA)

The Service is primarily used by educational institutions. When Student Data is collected, it is done under the supervision and control of the Client, and we adhere to the following laws:

  • FERPA (Family Educational Rights and Privacy Act): We qualify as a "School Official" under FERPA, meaning we process student education records strictly on behalf of the Client. The Client is responsible for obtaining necessary parental consent.

  • COPPA (Children's Online Privacy Protection Act): We rely on the Client (school/district) to provide the necessary notice and obtain verifiable parental consent for any Student Users under the age of 13, where required, under the "school consent" exception. We do not knowingly collect personal information directly from children under 13 without this authorized consent from the Client.

7. Your Data Rights

Depending on your location and role (e.g., GDPR, CCPA, etc.), you may have certain rights regarding your Personal Data.

A. Educator/Admin/Website Visitor Rights

As an individual user who is not a student, you typically have the right to:

  • Access: Request copies of your Personal Data.

  • Rectification: Request correction of inaccurate Personal Data.

  • Erasure (Right to be Forgotten): Request deletion of your Personal Data.

  • Object/Restrict: Object to or request the restriction of processing your Personal Data.

B. Student Data Rights

For Student Data, the Client (School/District) is the Data Controller. Any requests from students or parents regarding access, correction, deletion, or portability of Student Data must be directed to the relevant Client, who will then issue instructions to us.

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify Clients and, where appropriate, post a prominent notice on our website or within the Service before the changes take effect. Your continued use of the Service after the revised policy is effective constitutes your acceptance of the new terms.

9. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact our Data Protection Officer (DPO) or designated privacy team:

Data Protection/Privacy Office [Your Company Name]

[Your Company Address]

Email: [Dedicated Privacy Email Address, e.g., privacy@intellia.com] Phone: [Support Phone Number]