Privacy Policy

Quest2Learn ("Q2L," "we," "us") respects your privacy. This Privacy Policy describes how we collect, use, store, and share information when you use the Quest2Learn platform and related services (the "Service"), including our web application with student, teacher, and administrator features.

If the Service is provided through a school or organization, that institution may have its own notices or agreements that also apply. Where our practices differ from your school's instructions, we follow the school's direction for student data when we act as a processor on their behalf.

1. Information we collect

1.1 Account and profile information

• Identifiers and credentials: Name, email address, username or user ID, password (stored using secure hashing), role (e.g., student, teacher, admin), and account status.
• Student profiles: Information your school or you provide, such as grade level, class or classroom assignments, age or demographic fields if collected for educational purposes, and gamification-related data (e.g., experience points or badges) if enabled.
• Teacher profiles: Professional information used to manage classes and requests (e.g., name, email, notes or metadata your organization stores).

1.2 Educational and activity data

• Classes and quests: Enrollment, assignments, submissions, scores, attempts, and related metadata.
• Performance and skills: Data recorded for learning analytics, skill responses, pronunciation practice statistics or progress, timers, and similar features when you use them.
• Content you create or upload: PDFs or documents teachers upload, text or answers in activities, announcements, calendar entries, notes, and messages or inputs you send through the application.

1.3 Technical and usage data

• Device and connection: IP address, browser type, approximate location derived from IP, timestamps, and pages or features accessed.
• Cookies and similar technologies: Session cookies and similar mechanisms to keep you signed in and maintain security (see Section 6).

1.4 Information from Google Sign-In

If you choose to sign in with Google, we receive information from Google as permitted by your Google account settings, typically including your Google account identifier, name, and email address. Google's use of information is described in Google's Privacy Policy.

1.5 Audio and speech-related data

Pronunciation or text-to-speech features may process audio or text on our servers or through third-party APIs. Only data necessary to provide the feature should be submitted. Do not submit sensitive health or biometric information unless your institution explicitly authorizes it and applicable law allows it.

2. How we use information

We use the information above to:

• Provide, operate, and secure the Service (authentication, class management, delivering content and quests).
• Support teaching and learning: grading, feedback, analytics dashboards for teachers and administrators, and student progress views where enabled.
• Communicate about the Service, including technical notices and, where permitted, educational updates.
• Improve reliability and develop features; we may use aggregated or de-identified data for analytics.
• Comply with law, enforce our Terms of Service, and protect rights and safety.

3. AI and third-party processors

When AI-assisted chat, tutoring, or similar features are enabled, portions of your input (and limited context) may be sent to third-party AI providers (for example, OpenRouter, Google Gemini, or other APIs configured in our environment) to generate responses. Those providers process data under their own terms and privacy policies. We configure integrations to support educational use; you should avoid entering highly sensitive personal data into AI features.

Text-to-speech, speech recognition, or other media services may also rely on third-party APIs. We only use such services as needed to provide the feature.

4. How we share information

We may share information:

• With your school or organization: Teachers and administrators can see student data related to their classes and institutional reporting.
• With service providers: Hosting, database, email, analytics, security, and AI/API vendors that assist us under contractual obligations to protect data.
• For legal reasons: When required by law, legal process, or to protect users and the Service.
• With your consent or at your direction.

We do not sell personal information as "sale" is commonly defined in U.S. state privacy laws. We do not use student personal information for targeted behavioral advertising across third-party sites.

5. Data retention

We retain information for as long as your account is active, as needed to provide the Service, and as required by law or legitimate institutional needs (for example, academic records retention). Your school may request deletion or export of certain data subject to policy and law. When data is no longer needed, we take steps to delete or de-identify it, consistent with our technical environment and backup practices.

6. Cookies and similar technologies

We use cookies and session storage as needed for login sessions, security (e.g., CSRF protection), and preferences (such as theme or language where available). You can control cookies through your browser; disabling essential cookies may prevent parts of the Service from working.

7. Security

We implement administrative, technical, and organizational measures appropriate to the nature of the data (e.g., access controls, encryption in transit where standard for web applications, secure password storage). No method of transmission or storage is completely secure; we encourage strong passwords and safeguarding your credentials.

8. Children's and students' privacy

The Service is intended for educational use. Where students are children, we rely on the school or parent/guardian, as applicable, for consent and authority to collect and use student information consistent with laws such as COPPA (U.S.) or local equivalents. Parents or guardians may contact their school to access, correct, or delete student information where permitted.

9. International transfers

Data may be processed in the country where our servers operate or where our subprocessors are located. If data is transferred across borders, we take steps consistent with applicable law (such as appropriate safeguards or contractual clauses) where required.

10. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or export personal data, or to object to or restrict certain processing. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact your school administrator (for school-provided accounts) or us using the contact information below. We may need to verify your identity before responding.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date and, where appropriate, provide additional notice (for example, on the login page or by email). Continued use of the Service after changes constitutes acknowledgment of the updated policy where permitted by law.

12. Contact

For privacy questions or requests, contact your school's Quest2Learn administrator or the data protection contact your organization designates. If you operate Quest2Learn independently, add your official privacy contact email or postal address here after legal review.