Privacy Policy
Last Updated: November 10, 2025
Effective Date: November 10, 2025
ScalaVerba ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered language testing platform and services.
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, password (encrypted), institution name, role (teacher/student/admin)
- Profile Information: Language preferences, proficiency levels, educational background
- Test Responses: Written essays, speaking recordings, multiple-choice answers, listening comprehension responses
- Payment Information: Processed securely through Iyzico (we do not store credit card details)
1.2 Information from Third-Party Services
- Google Classroom: Course names, student rosters, email addresses, profile information (with your explicit permission)
- Microsoft Teams: Team names, member lists, email addresses (with your explicit permission)
- Canvas/Moodle: Course data, student information (with your explicit permission)
1.3 Automatically Collected Information
- Usage Data: Test completion times, login timestamps, feature usage patterns
- Device Information: Browser type, operating system, IP address, device identifiers
- Cookies: Session cookies for authentication, analytics cookies for service improvement
2. How We Use Your Information
2.1 Primary Purposes
- Service Delivery: Provide language testing, assessment, and proficiency evaluation services
- AI-Powered Grading: Use AI models to evaluate essays, speaking responses, and provide feedback
- LMS Integration: Sync student rosters, assignments, and grades with Google Classroom and other platforms
- Progress Tracking: Generate performance reports, track learning progress, identify areas for improvement
2.2 Communication
- Send test results and performance reports via email (SendGrid)
- Notify teachers of student test completions
- Send account-related notifications and service updates
- Respond to support requests and inquiries
2.3 Service Improvement
- Analyze usage patterns to improve platform features
- Train and improve AI grading models (using anonymized data only)
- Conduct research on language learning effectiveness
3. Data Sharing and Third-Party Services
3.1 Third-Party Service Providers
- Google Cloud Platform: Hosting, database storage (Firestore), serverless functions
- Google Classroom API: LMS integration (only with your explicit authorization)
- SendGrid: Email delivery for test results and notifications
- Iyzico: Payment processing (PCI-DSS compliant)
- OpenAI/Anthropic: AI-powered essay and speaking evaluation (anonymized data)
- ElevenLabs: Text-to-speech for listening comprehension tests
3.2 Data Sharing Practices
- We DO NOT sell your personal data to third parties
- We DO NOT share student data with advertisers
- We only share data with service providers necessary for platform operation
- All third-party providers are contractually obligated to protect your data
3.3 Legal Requirements
We may disclose your information if required by law, court order, or government regulation, or to protect our rights, safety, or property.
4. Data Retention
- Active Accounts: Data retained while your account is active
- Inactive Accounts: Data retained for 3 years after last login, then automatically deleted
- Test Results: Retained for 5 years for academic record purposes
- Payment Records: Retained for 7 years for tax and legal compliance
- Deleted Accounts: All personal data permanently deleted within 30 days of account deletion request
5. Your Rights (GDPR & CCPA Compliance)
5.1 Access and Portability
- Right to Access: Request a copy of all personal data we hold about you
- Right to Portability: Receive your data in a machine-readable format (JSON/CSV)
5.2 Correction and Deletion
- Right to Rectification: Correct inaccurate or incomplete personal data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restriction: Limit how we process your data
5.3 Consent and Objection
- Right to Withdraw Consent: Revoke LMS integration permissions at any time
- Right to Object: Object to data processing for marketing or research purposes
5.4 How to Exercise Your Rights
Email us at scalaverba@gmail.com with your request. We will respond within 30 days.
6. Data Security
- Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Authentication: Secure OAuth 2.0 authentication via Google/Microsoft
- Access Controls: Role-based access control (RBAC) - teachers can only access their students' data
- Regular Audits: Security audits and vulnerability assessments
- Backup: Daily encrypted backups with 30-day retention
- Incident Response: 24-hour breach notification policy
7. Children's Privacy (COPPA Compliance)
ScalaVerba is designed for educational institutions and may be used by students under 13 years old.
- Parental Consent: Schools/teachers must obtain parental consent before creating student accounts
- Limited Data Collection: We collect only data necessary for educational purposes
- No Advertising: We do not display targeted advertising to children
- Parental Rights: Parents can request access to, correction of, or deletion of their child's data
8. Cookies and Tracking
8.1 Essential Cookies
- Authentication: Session cookies to keep you logged in
- Security: CSRF tokens to prevent cross-site attacks
8.2 Analytics Cookies
- Google Analytics: Anonymized usage statistics (IP addresses masked)
- Firebase Analytics: App performance monitoring
8.3 Cookie Control
You can disable non-essential cookies in your browser settings. Note that disabling essential cookies may affect platform functionality.
9. International Data Transfers
Your data may be transferred to and processed in countries outside your residence, including the United States (Google Cloud Platform servers).
- EU-US Data Privacy Framework: We comply with GDPR requirements for international transfers
- Standard Contractual Clauses: We use EU-approved data transfer mechanisms
- Adequate Safeguards: All international transfers protected by appropriate security measures
10. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date.
- Material Changes: We will notify you via email for significant changes
- Continued Use: Continued use of ScalaVerba after changes constitutes acceptance
11. Contact Us
For privacy-related questions, data requests, or concerns:
- Email: scalaverba@gmail.com
- Subject Line: "Privacy Request" or "Data Request"
- Response Time: We will respond within 30 days
12. Governing Law
This Privacy Policy is governed by the laws of Turkey and the European Union's General Data Protection Regulation (GDPR).
Your privacy is important to us. If you have any questions or concerns about how we handle your data, please don't hesitate to contact us at scalaverba@gmail.com.