Privacy Policy

Last Updated: June 12, 2026

1. Introduction

Pathren, LLC ("Pathren," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our adaptive learning platform.

Pathren provides AI-powered adaptive learning services to higher education institutions. We process student data as a service provider to educational institutions, operating under the Family Educational Rights and Privacy Act (FERPA) school official exception.

By using Pathren, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Account Information

When you create an account or your institution provisions access, we collect:

  • Name and email address
  • Institution affiliation and role (student, faculty, administrator)
  • Authentication credentials or single sign-on (SSO) identifiers

2.2 Learning Data

As you use Pathren for studying, we collect:

  • VARK assessment results (your learning style preferences)
  • Study session records and performance metrics
  • Card responses and accuracy data
  • Progress through Bloom's Taxonomy cognitive levels
  • Spaced repetition scheduling data

2.3 Course Content

Institution administrators may upload or generate:

  • Course materials and study content
  • AI-generated flashcards and explanations
  • Imported content from external sources (e.g., Anki decks)

2.4 Usage Data

We automatically collect information about how you interact with Pathren:

  • Session duration and frequency
  • Features used and navigation patterns
  • Error logs and performance data

2.5 Device Information

For security and audit purposes, we collect:

  • IP addresses
  • Browser type and version
  • Device type and operating system

3. How We Use Your Information

We use the information we collect to:

  • Provide adaptive learning services: Deliver personalized study sessions based on your learning style and progress
  • Personalize your experience: Adapt content difficulty using Bloom's Taxonomy and VARK preferences
  • Generate AI-powered feedback: Provide tutoring, hints, and explanations through our AI assistant
  • Support institutional oversight: Enable faculty to monitor student progress and provide interventions
  • Improve our services: Analyze usage patterns to enhance platform functionality
  • Ensure security: Detect and prevent unauthorized access, fraud, and abuse
  • Comply with legal obligations: Meet FERPA requirements and respond to valid legal requests

4. AI Processing

4.1 How We Use AI

Pathren uses artificial intelligence to enhance your learning experience:

  • Content generation: Creating flashcards, explanations, and study materials from course content
  • Adaptive tutoring: Providing personalized hints, feedback, and explanations
  • Learning optimization: Selecting appropriate content based on your performance and learning style
  • Performance analysis: Generating insights about your learning progress

4.2 Zero Data Retention

We use AI providers (Google Gemini via OpenRouter) configured with Zero Data Retention (ZDR). This means:

  • Your prompts and responses are not stored by AI providers
  • Your data is not used to train AI models
  • Requests are submitted anonymously where supported

4.3 AI Limitations

AI-generated content is designed to support learning but may occasionally contain errors. AI responses should be used as a study aid, not as a replacement for course instruction or authoritative sources.

5. Information Sharing

5.1 Service Providers

We share information with trusted service providers who assist in operating our platform:

  • Supabase: Authentication and database hosting
  • OpenRouter/Google: AI processing (with Zero Data Retention)
  • Railway: Application hosting infrastructure

All service providers are contractually obligated to protect your data and use it only for providing services to Pathren.

5.2 Your Institution

If you access Pathren through an educational institution:

  • Institution administrators and faculty may view your learning progress
  • Aggregate analytics may be shared with your institution
  • Your institution may have additional policies governing your data

5.3 Legal Requirements

We may disclose your information when required by law, such as:

  • In response to valid subpoenas, court orders, or legal process
  • To protect the rights, property, or safety of Pathren, our users, or others
  • To comply with FERPA or other applicable regulations

5.4 What We Do NOT Do

We do NOT:

  • Sell your personal information to third parties
  • Share your data with advertisers or data brokers
  • Use your data for marketing purposes unrelated to Pathren services
  • Combine your data with data from other institutions

6. Data Retention

We retain your information only as long as necessary to fulfill the purposes described in this policy:

  • Account data: Retained while your account is active. Upon deletion request, all personal data is permanently deleted within 30 days.
  • Learning records: Retained while your account is active. Upon account deletion, learning records are permanently deleted (not retained).
  • AI chat conversations: Retained for 90 days, or deleted immediately upon account deletion.
  • Audit logs: Retained for 7 years for compliance purposes (user ID only, for audit trail).

When your institution terminates service, all institution data is permanently deleted within 60 days, with an option to export data beforehand.

7. Your Rights

Depending on your location and applicable law, you may have the following rights:

7.1 Access

You can view your learning data, VARK assessment, and session history through your Pathren dashboard.

7.2 Correction

You can update your profile information at any time. Contact us to correct other data.

7.3 Deletion

You may request deletion of your account and personal data. Note that:

  • All personal data and learning records are permanently deleted
  • Audit logs are retained for compliance purposes (7 years) with only your user ID for audit trail
  • Your institution may have policies affecting deletion rights

We do not retain anonymized or de-identified data after account deletion. Deletion is complete and permanent.

7.4 Data Portability

You can request a copy of your data in a portable format.

7.5 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@pathren.com. We will respond within 30 days.

8. Security

We implement comprehensive security measures to protect your data:

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Single-tenant architecture providing physical data isolation per institution
  • Role-based access controls and Row-Level Security
  • Regular security assessments and monitoring
  • SOC 2 certified infrastructure providers

For more details, see our Security page.

9. Children's Privacy

Pathren is designed for use by higher education students and is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you believe we have collected information from a child under 13, please contact us immediately at privacy@pathren.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will update the "Last Updated" date at the top of this policy
  • We will notify institutions of significant changes
  • Continued use of Pathren after changes constitutes acceptance

We encourage you to review this policy periodically.

11. Complaints and Disputes

If you believe your privacy rights have been violated or have concerns about our data practices, we want to hear from you.

11.1 How to File a Complaint

Submit privacy complaints to privacy@pathren.com with:

  • Your contact information
  • Description of your concern
  • Any relevant dates or details
  • Your desired resolution

11.2 Our Response

We will:

  • Acknowledge your complaint within 48 hours
  • Investigate your concerns thoroughly
  • Respond with our findings within 30 days
  • Take action to address valid concerns

11.3 Escalation

If you are not satisfied with our response, you may:

  • Request escalation to company leadership
  • Contact your institution's privacy or compliance office
  • File a complaint with applicable regulatory authorities

12. Contact

If you have questions about this Privacy Policy or our data practices, please contact us.