Privacy Policy

Effective Date: August 23, 2025

NoteArch is committed to protecting the privacy and security of all stakeholders involved in the Intelligent Academic Lifecycle (IAL), including students, teachers, parents, private tutors, administrative staff, financial supporters, and job providers. This Privacy Policy outlines how NoteArch, an AI-powered Intelligent Academic Lifecycle Management System (IALMS), collects, uses, stores, and protects personal information while ensuring compliance with applicable privacy laws.

1. Scope and Purpose

NoteArch collects and processes personal and academic data to facilitate note-taking, delivery, assessment, and archival, supporting stakeholders throughout the academic journey from admission to alumni status. We prioritize data privacy, ensuring only authorized individuals access relevant data for legitimate educational purposes.

2. Information We Collect

We collect the following types of data:

  • Personal Information: Names, contact details (email, phone), and identification numbers (e.g., student IDs) for stakeholders.

  • Academic Data: Notes, grades, assignments, and academic progress records.

  • Financial Data: Information from financial supporters (e.g., scholarship providers) or payment details for administrative purposes.

  • Career Data: Internship or job-related information for student job providers.

  • Usage Data: System interactions (e.g., logins, feature usage) for improving platform functionality.

Data is collected directly from users (e.g., during account creation, note uploads) or indirectly (e.g., system-generated analytics).

3. How We Use Your Information

NoteArch uses data to:

  • Facilitate note creation, sharing, assessment, and archival.

  • Support academic processes, such as grading, progress tracking, and program management.

  • Provide personalized recommendations (e.g., career paths) via AI, where consented.

  • Enable administrative functions, such as enrollment or financial aid management.

  • Improve system performance through anonymized analytics.

Data is used only for purposes explicitly consented to or required for educational operations.

4. Data Sharing and Access

  • Role-Based Access: Stakeholders access data based on their role. For example, teachers view student notes for grading, while financial supporters see anonymized data for funding decisions.

  • Third Parties: We share data with vetted service providers (e.g., cloud storage) under strict contracts prohibiting misuse or resale. Third parties comply with privacy laws.

  • Legal Disclosures: Data may be shared if required by law or to protect NoteArch’s rights, safety, or property, with user notification unless prohibited.

5. Data Security

We implement robust security measures:

  • Encryption: Data is encrypted in transit and at rest using XChaCha20-Poly1305-IETF or AES-256.

  • Access Controls: Multi-factor authentication and role-based permissions limit access.

  • Audits: Regular security audits and penetration testing ensure system integrity.

  • Breach Response: In case of a data breach, affected users are notified within 72 hours, and remedial actions are taken.

6. Legal Compliance

NoteArch complies with:

  • FERPA: Protects student educational records, limiting access to those with legitimate educational interests and requiring parental consent for disclosures where applicable.

  • COPPA: For users under 13, we obtain verifiable parental consent before collecting data.

  • State Laws: Adheres to laws like California’s SOPIPA, prohibiting data use for targeted advertising or commercial purposes.

  • Other Regulations: Compliance with GDPR (for EU users), HIPAA (for health data, if applicable), and other relevant laws.

7. Your Rights

Stakeholders have the following rights, subject to legal requirements:

  • Access: Review your personal data via your NoteArch account or by request.

  • Correction: Update inaccurate or incomplete data.

  • Deletion: Request deletion of data when no longer needed, except where retention is legally required.

  • Opt-Out: Opt out of non-essential data processing, such as AI-driven analytics or usage telemetry.

  • Portability: Request a copy of your data in a structured, machine-readable format.

To exercise these rights, contact our Privacy Officer at privacy@notearch.com (or equivalent contact once available).

8. AI and Data Analytics

NoteArch’s AI processes data for tasks like automated grading or career recommendations. We ensure:

  • Transparency: AI algorithms are explainable, and users can opt out of predictive features.

  • Fairness: Algorithms are audited to prevent bias based on race, gender, or socioeconomic status.

  • Anonymization: Data used for AI training is de-identified to protect privacy.

9. Data Retention

Data is retained only as long as necessary for educational purposes or legal requirements. For example:

  • Student records are kept for 5 years post-graduation unless otherwise required.

  • Financial data is retained per tax or audit regulations.

  • Deleted data is securely erased using industry-standard methods.

10. Third-Party Vendors

Third-party providers (e.g., cloud services) are bound by contracts ensuring:

  • Data use is limited to NoteArch’s educational purposes.

  • No data resale or unauthorized sharing.

  • Compliance with privacy laws and security standards.

  • Prompt breach notifications.

11. Children’s Privacy

For users under 13, NoteArch:

  • Obtains verifiable parental consent per COPPA.

  • Limits data collection to educational necessities.

  • Prohibits commercial use of children’s data.

12. Updates to This Policy

We may update this policy to reflect legal or system changes. Users will be notified via email or platform announcements at least 30 days before changes take effect. Continued use of NoteArch constitutes acceptance of the updated policy.

13. Contact Us

For questions, complaints, or to exercise your rights, contact:
NoteArch Privacy Officer
Email: privacy@notearch.com (or equivalent once available)
Address: [NoteArch Headquarters, TBD]

If unresolved, you may contact your local data protection authority or the U.S. Department of Education’s Family Policy Compliance Office (for FERPA concerns).

14. Accountability

NoteArch conducts regular privacy training for staff and stakeholders, performs privacy impact assessments, and maintains a Privacy Focal Person to oversee compliance.

By using NoteArch, you acknowledge that you have read and understood this Privacy Policy. We are dedicated to safeguarding your data and supporting your academic journey securely and responsibly.