Privacy Policy

1. Introduction

Downtime ("the Platform", "we", "our", "us") is an AI-powered educational platform that transforms classroom sessions into interactive learning experiences through real-time transcript analysis, knowledge digestion, and educational games.

We take the privacy of our users seriously, especially when it comes to student data. This Privacy Policy explains what data we collect, how we use it, and the choices you have regarding your information. By using the Platform, you consent to the practices described in this policy.

2. What We Collect

From Teachers:

• Account data: email address, name, and avatar.
• Payment information processed via Stripe. We do not store your card details directly.
• Session data: transcripts, AI-generated content (summaries, knowledge maps, game content).

From Students:

• Typed first name when joining a game (no account creation required).
• Game interactions: answers, drawings, scores, and chat messages.
• IP address, used solely for service operation.

3. How We Use Your Data

We use the data we collect for the following purposes:

• Providing the service: Real-time transcription, AI-powered content digestion, and educational game generation.
• Improving content quality: Analysing usage patterns to enhance the accuracy and relevance of AI-generated educational content.
• Analytics: We use Plausible, a cookieless and privacy-focused analytics tool, to understand how the Platform is used. No personal data is collected through analytics.
• Communication: Responding to support requests and providing service updates.

4. Session Content Processing

• Meeting audio: Audio from classroom sessions is processed in real-time by Soniox for speech-to-text conversion. Audio is NOT permanently stored after transcription is complete.
• Transcripts: Generated transcripts are stored and processed by Anthropic AI (Claude) to extract key topics, generate summaries, and produce educational content.
• AI-generated content: Knowledge maps, summaries, quiz questions, and game content are stored alongside session records for ongoing educational use.

5. Third-Party Processors

We work with the following third-party service providers to deliver the Platform's functionality:

• Anthropic (Claude AI) — AI content generation and transcript analysis. Privacy Policy
• Soniox — Speech-to-text transcription. Privacy Policy
• fal.ai — AI image generation for game theme visuals. Privacy Policy
• Stripe — Payment processing. Privacy Policy
• Chatwoot — Customer support chat. Privacy Policy

6. Data Retention

We retain data for the following periods:

• Game state: 2-hour Redis TTL (automatically expires after the game ends).
• Game history: 7-day Redis TTL (automatically expires).
• Session records: 12 months from the date of the session.
• Account data: Retained until you request account deletion.
• Analytics: Aggregated only. No personal data is retained through analytics.

7. Children's Data

• Students do NOT create accounts on the Platform. They join games via shared links provided by their teacher.
• Minimal data is collected from students: only a typed first name is required. No email address, password, or other personal identifiers are collected.
• The teacher is responsible for obtaining any required parental consent before allowing students to participate in games, in accordance with applicable laws.
• Student game data (answers, scores, drawings, chat messages) automatically expires via Redis TTL and is not permanently stored.
• We do not knowingly collect personal data from children under the age of 13 without teacher or parental consent. If we become aware that we have collected data from a child under 13 without appropriate consent, we will take steps to delete it promptly.

8. Cookies

• Functional cookie: We use a single functional cookie, directus_token, for authentication purposes. This cookie is required for the Platform to function correctly.
• We do not use tracking cookies or advertising cookies of any kind.
• Our analytics solution (Plausible) is completely cookieless and does not track individual users.

9. Your Rights

Under applicable data protection laws, including the Personal Data Protection Act 2010 (PDPA, Malaysia) and the General Data Protection Regulation (GDPR, where applicable), you have the following rights:

• Right to access your personal data that we hold.
• Right to rectification of inaccurate or incomplete personal data.
• Right to erasure ("right to be forgotten") of your personal data.
• Right to data portability, allowing you to obtain your data in a structured format.
• Right to withdraw consent for data processing at any time.

To exercise any of these rights, please contact us through our contact page.

10. Data Security

We implement appropriate technical and organisational measures to protect your data:

• All data is transmitted via HTTPS/TLS encryption.
• Authentication tokens are securely managed and stored.
• Redis data is isolated per session with automatic expiry (TTL).
• We conduct regular security reviews of our systems and practices.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised effective date.

Continued use of the Platform after changes are posted constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.