Skip to main content

Privacy Policy

Last updated: June 2026 · This is a draft template — review with counsel before launch.

1. Who We Are

iLernt is a skills articulation platform operated for students, educators, and employers in Canada and the United States. This policy explains what personal information we collect, why we collect it, and the rights you have over it.

2. Information We Collect

Account information: name, email, role (student/educator/employer), country, and date of birth (used solely to determine age-based protections under COPPA).

Learning content you create: STARR reflections, portfolio artifacts and their metadata, simulation choices, activity completions, competency scores, and badges.

AI coaching conversations, retained so you can review your coaching history. These are deletable at any time.

Technical and audit data: a record of sensitive actions (the audit log) kept for FERPA/PIPEDA accountability.

3. How We Use Your Information

To provide the service: scaffolding reflections, mapping competencies, generating AI coaching, and issuing credentials.

We never sell your data. We never use student learning content to train AI models. Claude API interactions are ephemeral.

We do not serve behavioral advertising and never monetize the personal data of minors.

4. Legal Bases & Consent

We rely on your meaningful, opt-in consent (PIPEDA) and, in educational contexts, the legitimate educational interest framework under FERPA.

For users under 13, we require verifiable parental consent (COPPA, 2025 amendments) before collecting any personal information.

You can review and withdraw individual consents at any time from Settings → Consent Management.

5. Data Residency

You may choose where your data is stored: US East, US West, or Canada Central. For Ontario public institutions (FIPPA), data residency defaults to Canadian infrastructure.

6. Your Rights

Access & portability: export all of your data as JSON at any time (Settings → Export Data).

Correction: edit your reflections, artifacts, and profile directly.

Erasure: request deletion of your account and all associated data. A 7-day grace period applies; minors require parental confirmation.

7. Security

Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Access is governed by row-level security so you can only ever see your own records. We perform annual third-party penetration testing.

8. Contact

Questions or requests? Contact our Data Protection Officer at privacy@ilernt.com.

See our full compliance & data governance page for framework-by-framework detail.