Privacy Policy

Updated: 17 June 2024

Introduction

Welcome to Tilf.io ("Tilf.io"). We provide students, educators and academic institutions with advanced online tools, including generative artificial intelligence technologies, through our website.

At Tilf.io, we are committed to protecting your privacy. This Privacy Policy outlines how we collect, use, store, and share your information when you use our services including our website and all related services.

Reading this privacy notice will help you understand your privacy rights and choices. If you still have any questions, please contact us at accounts@tilf.io.

1. Scope of This Policy

This policy applies when you visit our website, engage with us through sales or marketing efforts, or participate in our events.

2. What Data We Collect

Tilf.io stores and processes your data in the United Kingdom. We collect personal information that you voluntarily provide to us when you register on the Services, when you participate in activities on the Services, or otherwise when you contact us. We collect the following types of personal data when you visit our Websites or use our Services:

1. Information We May Collect via Technological Means.
   Our servers, which are hosted by a third-party service provider, collect certain technical data about your device and software, including your browser type, operating system, IP address, chat history with our AI chatbots, and/or a time stamp of your visit. We automatically gather this data and store it in log files each time you visit our website or access an account on our network. Unless you have provided PII in connection with your use of the Services (for example, by creating an account), we cannot use such technical data to identify your name or contact information.
   We may also directly collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends in connection with the Services. We collect and use this analytics information in aggregate form such that it cannot reasonably be used to identify any particular individual.
2. Cookies and other tracking technologies.
   We may use various technical mechanisms such as cookies, web beacons and similar tracking technologies to monitor how users use our Services. "Cookies" are small pieces of information that a website sends to your computer's hard drive while you are viewing a website. "Web beacons" refer to various tracking technologies used to check whether you have accessed some content on our Services.
3. Information Provided by You When Visiting Our Websites.
   You may visit our Websites if you wish without creating an account or providing us with any information about yourself. If you provide us with feedback or contact us via email, we will collect your name and email address, as well as any other content or information included in or attached to your email, in order to send you a reply. If you order Services from us for a fee, we may also collect information needed for billing and payment purposes that will be processed through a secure third-party payment processor.
4. We do not collect biometric information or specific location information from your devices, nor do we collect or process other "sensitive data" about you, with the exception of your address and payment card information in the event you provide payment for Services, in which case such information is securely processed by our third-party payment processor and we make no other use of such personally identifiable information.

3. How We Use The Data We Collect

We use your information to respond to your requests, to provide, secure, and enhance the Services, and to comply with our legal obligations. In particular, Tilf.io uses your information for the following purposes as necessary and as permitted by applicable law:

• Provide and manage your account.
• Deliver services and customer support.
• Communicate important notices.
• Improve and tailor our services through data analysis and feedback.
• Respond to your inquiries and requests
• Send you information about upgrades and special offers related to our Services;
• Send you a welcome email to verify ownership of an e-mail address provided when your account was created;
• Send you administrative e-mail notifications, such as security or support and maintenance messages;
• Comply with applicable laws and regulatory requirements;
• Respond to lawful requests, court orders and legal process; and
• Protect our legal interests or those with whom we do business
• To evaluate and improve our Services, products, marketing, and your experience

We may also compile statistical or anonymized, non-personally identifiable information and use or transfer such information for any purposes; provided, however, that such data has been fully de-identified and cannot in any way be traced back to the customer or user and does not contain any personally identifiable information. We may also use such anonymized information to help train our AI models or use aggregated information publicly to show trends about the general use of our services.

Third-Party Online Analytics Services

In connection with our Website and emails, we may use third-party online analytics services, such as those of Google Analytics. These analytics services use automated technologies to collect information (such as email address, IP address, and device identifiers) to evaluate, for example, use of our products and services and to diagnose technical issues. To learn about how Google Analytics collects and processes data, you may visit https://policies.google.com/technologies/partner-sites.

Third-Party OpenAI Services.

We utilize OpenAI's application program interface ("API") to power the AI functionality of our Services. While we strive to maintain the highest level of data security, we encourage you to review OpenAI's API Privacy Policy separately to understand their data handling practices. We are committed to ensuring that the use of OpenAI's API aligns with applicable data protection laws and regulations. We have opted OUT of sharing data with OpenAI to train models. OpenAI will not use data submitted by our users via our API to train or improve our models. Any data sent through the API will be retained for abuse and misuse monitoring purposes for a maximum of 30 days, after which it will be deleted (unless otherwise required by law).

**4. Information Sharing and Disclosure
**To the extent permitted by applicable law, Tilf.io may disclose your information in the following circumstances:

• 1. Service Providers.
     We may engage our affiliates or third-party organizations or individuals to support us in connection with the purposes listed above, such hosting providers, subcontractors, and third-party payment processors.
  2. Law Enforcement.
     It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for Tilf.io to disclose your information.
  3. Business Transfer.
     We may share your information if Tilfio engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Tilf.io assets, financing acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g., due diligence).
  4. Prior Consent.
     We may also disclose your information in other circumstances with your prior informed consent. Service providers acting on our behalf are obliged to adhere to confidentiality requirements no less protective than those set forth herein and will only receive access to your information as necessary to perform their functions.

5. How Long We Keep Your Information

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than the period of time in which you have an account with Tilf.io.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

6. How We Protect Your Data - Security

We are committed to protecting the security of information received via the Services. We provide reasonable and appropriate administrative, technical, and physical security controls designed to protect your information from unauthorized access, use, or disclosure. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. If you create an account, you are responsible for keeping your account credentials and passwords secure and not allowing others to use your account.

7. How We Respond to Security Incidents

In the event of a security incident that affects your data, Tilf.io is committed to maintaining transparency and open communication. Our priority is to ensure the integrity and confidentiality of your information. We will notify you as soon as possible after the incident has been identified. We understand the importance of timely information and are committed to providing updates as they become available.

Notifications will be delivered through email, our website, and other appropriate communication channels. We will provide clear and accessible information, ensuring that you are fully informed of the nature and scope of the incident. Our communication will include, where possible, a description of the event, the effect to the service, and any potential impact to data.

Once recovery is complete and services have resumed, our customer notifications will include general information about the steps taken to recovery, and any data that may have been impacted. If the recovery is partial and the service is still in a degraded state, notifications will include an estimate of how long the degradation will continue.

8. Your Rights to Access, Correct, or Delete Your Personal Information.

Under data protection laws, you have the right to access, correct, and request deletion of your personal data. You also have the right to object to certain processing and to withdraw consent where granted.
You may edit any of your information in your account on the Services, including contact information. You may have the right to make other requests under applicable law related to your personal data in our possession, and depending on applicable law, you may have the right to appeal our decision regarding your request. Contact us at accounts@tilf.io if you have questions or a request regarding your data. Your rights may include a right to access your personal data that we process and transfer it, correct it, delete it (erasure), restrict it or object to its sale or use for direct marketing purposes, and to not be retaliated against for exercising your rights. We will do our best to honor your requests.
If we deny a request and you have a right to appeal, we will provide information about how to exercise that right in our response. If you are in the EU or UK, you can contact your data protection authority to file a complaint or learn more about local privacy laws.
You may request that we delete your account information by sending an email to accounts@tilf.io, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). Tilf.io will respond to such requests within thirty (30) days or sooner if required by applicable law. When we delete account information, it will be deleted from the active database, but may remain in our archives for a limited amount of time. We will otherwise retain your information for as long as your account is active, as needed to provide you with the Services you have requested, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

9. Student Data Provided by Educational Institutions

1. When an Educational Institution customer makes our Tilf.io Services available to students for an educational purpose, Tilf.io may process personal information that is directly related to an identifiable student (“Student Data”) that is provided to Tilf.io by an Educational Institution. Tilf.io collects and uses Student Data for educational purposes only as authorized by the Educational Institution and subject to its control. We process Student Data solely as directed by the applicable Educational Institution.
2. Through the use of our Services, Students may produce Student-Created Content. Some examples of this include but are not limited to chat message history, and essay texts. Any Student-Created Content is stored in our systems for the sole purpose of assessing, tracking, and archiving Student’s learning progress. We do not disclose or sell Student-Created Content to third parties or business partners. Parents can view and delete any of their Student’s Student-Created Content as long as their Student is under the age of 18.
3. We consider Student Data to be confidential and do not use Student Data for any purpose other than to provide our Services on the Educational Institution’s behalf.
4. Student Data is owned and controlled by the Educational Institution.

• We collect, maintain, use and share Student Data only for an authorized educational purpose and as directed by the Educational Institution.
• We do not use or disclose Student Data for targeted advertising purposes.
• We do not build a personal profile of a Student other than in furtherance of an educational purpose.
• We maintain a comprehensive data security program designed to protect the types of Student Data maintained by the Service.
• We will clearly and transparently disclose our data policies and practices to our users.
• We will not make any material changes to our Student Data Policy or contractual agreements that relate to the collection or use of Student Data without first giving notice to the Educational Institution and providing a choice before the Student Data are used in a materially different manner than was disclosed when the information was collected.

1. We will not knowingly retain Student Data provided by the Educational Institution beyond the time period required to support an educational purpose, unless authorized by the Educational Institution.
   Educational Institutions are responsible for managing Student Data which they no longer need for an educational purpose by submitting a deletion request. Please note: even in the absence of instruction by the Educational Institution, we may delete or de-identify data after a period of user inactivity in accordance with our standard data retention policies.
   If you are using our Services on behalf of an Educational Institution and wish to access Student Data, delete Student Data or close your account, please contact us (accounts@tilf.io). If you are a Parent or Student and wish to access Student Data, delete Student Data or close your account, please direct your request to your Educational Institution.
2. If you are a Parent or Student and have questions about specific practices relating to Student Data provided to Tilf.io by an Educational Institution, please direct your questions to your Educational Institution.

10. Changes to This Privacy Policy

Tilf.io reserves the right to update this policy to reflect changes to our practices or for other operational, legal, or regulatory reasons. will provide notification of the material changes to this Privacy Statement through our Website and, where appropriate, when you login to your account or by email to any email address of yours we may have on file, at least thirty (30) days prior to the change taking effect.

11. Contacting Us

If you have any questions about this policy or our privacy practices, please contact us at: accounts@tilf.io