LimesAI Product Privacy Policy

Overview

LimesAI ("LimesAI," "we," "us," or "our") provides an AI-powered educational platform designed for use in classrooms and academic institutions. This Privacy Policy explains how we collect, use, store, protect, and disclose personal information when you use our products, applications, and services (collectively, the "Services").

When LimesAI is used through a school, district, college, or other educational institution ("School"), the School may act as the primary data controller for student information, and LimesAI acts as a service provider or data processor in accordance with applicable law.

1. Who We Are

• Company Name: LimesAI
• Contact Email: privacy@limesai.com
• Support: support@limesai.com

2. Information We Collect

We collect only the categories of information required to operate the Services as implemented in our production systems.

Account Information

• Name
• Email address
• User role (student, teacher, administrator, executive)
• Profile image URL (optional)
• Terms of service acceptance timestamp
• Authentication identifiers

Student and Educational Records

• Date of birth (for age verification against COPPA guidelines)
• Class and school enrollment
• Roster validation data
• Parent or guardian contact information (when provided by the School)

Parental Consent Information

• Student identifier
• Parent or guardian email address
• Consent method and timestamp
• Secure, hashed consent verification tokens

Uploaded Content and Files

• Documents, images, audio, or video uploaded by users
• File metadata (filename, size, type)
• Extracted text or structured data generated during processing

AI Conversations and Messages

• User prompts and questions
• AI-generated responses
• Conversation metadata (model used, token counts)

Logs and Security Metadata

• User ID and school ID
• IP address
• Action type and timestamp

3. How We Use Information

We use personal information solely to:

• Provide and operate the Services
• Authenticate users and enforce access controls
• Deliver classroom-specific AI assistance
• Enforce parental consent and age-based restrictions
• Maintain audit logs for FERPA compliance
• Detect and prevent misuse or security incidents
• Provide support and improve system reliability

We do not sell, share, or train AI models using personal information and do not use student-specific data for advertising purposes.

4. Database-Level Access Controls and Security

LimesAI enforces access controls using Row-Level Security (RLS) at the PostgreSQL database level, in addition to application-level authorization.

Student Personal Information

• Students can access only their own personal data
• Student roster data and parent contact information are restricted to server-side administrative operations
• Parental consent records allow students to view only their own consent status

Educational Records (FERPA)

• AI conversation history is accessible only to the student who created it, the teacher(s) for the class the conversation took place in, and school administrators
• No student can access another student's learning interactions

Class Data

• Class materials are accessible only to enrolled members
• Forum discussions respect role-based visibility settings

Defense-in-Depth

• All database access occurs through authenticated API routes
• Role-based authorization is enforced at the application level
• Row-Level Security provides additional protection against unauthorized queries
• Database credentials are never exposed to client-side code

5. AI and Automated Processing

LimesAI uses third-party AI providers to process user prompts and educational materials. Before transmission, chat messages are scanned for sensitive personal information. Messages containing high-risk identifiers are blocked and not sent externally.

Student content is processed to provide responses and is retained only for limited, configurable periods. LimesAI does not intentionally use student content to train proprietary AI models.

6. Data Retention

Retention limits are enforced automatically:

• AI conversations and messages: 30 days by default (school-configurable)
• Documents and embeddings: 365 days by default (school-configurable)
• Audit logs and roster records: retained as required for FERPA compliance

7. Children's Privacy and Parental Rights

LimesAI is designed for educational use and supports COPPA and FERPA compliance.

• Students under age 13 require verified parental consent
• Schools may require parental consent for ages 13–17
• Parents may revoke consent at any time by contacting LimesAI at privacy@limesai.com
• Student access is restricted until consent is verified

8. User Rights

Depending on role and applicable law:

• Users may delete their accounts
• Schools may delete student records
• Parents may revoke consent

At this time, data export and portability features are not provided.

9. Security Measures

We use technical and organizational safeguards including:

• HTTPS encryption in transit
• Role-based authorization
• Database-enforced Row-Level Security
• Secure token hashing
• Redaction of sensitive data from logs

No system is completely secure, but we actively monitor and improve our protections.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated through the Services or other reasonable means.

11. Contact Us

Questions or concerns about privacy may be sent to:

privacy@limesai.com