Back to Home

Privacy Policy

Version 2026-02-01 • Effective February 1, 2026

Noterra Privacy Policy

Version: 2026-02-01

Effective date: 2026-02-01

Company: Aiki Labs FlexCo (Austria)

Contact: aiki.labs.business@gmail.com

This Privacy Policy explains how Noterra (“we”, “us”) collects and processes personal data.

---

1. Data controller

Aiki Labs FlexCo (Austria) is the controller for personal data processed in Noterra.

---

2. What data we collect

Depending on how you use Noterra, we may process:

  • Account data: email, password hash (managed by authentication provider), user ID
  • Profile data: first name, last name, role (teacher/student), school association
  • Learning context: teaching language / target language, mother tongue
  • Scheduling data: lesson slots, bookings, cancellations, reschedules
  • Progress data: lesson history, study progress, assessments (if used)
  • Recordings: audio/video recordings made by students (where enabled)
  • Technical data: IP address (optional), user-agent (optional), timestamps, basic logs for security

We do not run advertising trackers or marketing analytics at this time.

---

3. Why we process data (purposes)

We process data to:

  • provide and operate Noterra (accounts, scheduling, lessons, progress)
  • secure the platform and prevent abuse
  • provide support and respond to requests
  • enable AI-assisted features (see below)
  • comply with legal obligations

---

4. Legal bases (GDPR)

Where GDPR applies, processing is based on:

  • contract (providing the Service)
  • legitimate interests (security, abuse prevention, improving Service reliability)
  • consent (where required, especially for minors under digital consent age)
  • legal obligation (compliance requests)

---

5. AI processing and third parties

Noterra uses third-party infrastructure and processors to deliver the Service.

AI processing: Prompts and relevant content you provide may be sent to AI processors such as OpenAI and/or Microsoft Azure/OpenAI to generate outputs.

Other key processors may include:

  • hosting (e.g., Vercel)
  • database/auth/storage (e.g., Supabase)
  • billing (Stripe)

We share only what is necessary to provide the Service.

---

6. Cookies

Noterra uses cookies primarily for authentication/session management (e.g., Supabase auth cookies). We do not currently use marketing cookies.

---

7. Data retention

We retain data while accounts are active and as needed for the Service.

  • Recordings: typically retained up to 90 days, then automatically deleted (unless retained longer for legal/security reasons).
  • Deletion: if you request deletion, we remove data from active systems; some data may remain in backups/logs for a limited time.

---

8. Your rights (GDPR)

Where GDPR applies, you may have rights to:

  • access your personal data
  • correct inaccurate data
  • delete data
  • restrict processing
  • object to processing
  • data portability (where applicable)

To exercise rights, contact: aiki.labs.business@gmail.com.

Note: Some requests may be limited where we must keep data for legal/security reasons.

---

9. Children and schools

Noterra may be used by minors. If a user is under the age of digital consent in their country, a parent/guardian or school must authorize use and provide consent where required. We do not actively verify ages.

---

10. Security

We use reasonable technical and organizational measures to protect personal data, but no system is perfectly secure.

---

11. International transfers

Noterra may be accessed globally. Some processors may handle data outside the EEA. Where required, we rely on appropriate safeguards (e.g., contractual protections).

---

12. Changes

We may update this Privacy Policy. If changes are material, we will provide notice.

---

13. Contact

Email: aiki.labs.business@gmail.com

Questions? Contact us at aiki.labs.business@gmail.com