Policy Document

Privacy Policy.

Effective Date May 4, 2026 Last Updated May 13, 2026

This Privacy Policy explains how Didactica, Inc. ("Didactica," "we," "us," or "our") collects, uses, discloses, and protects information in connection with the Didactica platform (the "Service"). Didactica is an educational technology service that enables instructors at community colleges and similar institutions to author courses, deliver course content, and provide AI-powered teaching assistance, including a virtual teaching assistant ("Virtual TA") with grading capabilities and a voice-based tutor ("Voice Tutor").

This Policy applies to information processed through the Service when accessed through an integrated learning management system ("LMS") such as Canvas or D2L Brightspace, or directly through our website at didactica.ai.

Please read this Policy carefully. By accessing or using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

Section 1Who we are and how to contact us

Didactica is operated by Didactica, Inc. located at 5852 Elderwood Dr; Dallas, TX 75230. For questions about this Policy or our privacy practices, contact us at:

Section 2Our role and relationship to educational institutions

Didactica is provided to instructors and students through agreements with educational institutions (each, an "Institution"). When we process information about students on behalf of an Institution, we do so as the Institution's service provider. Specifically:

  • FERPA. To the extent we receive or process student "education records" as defined under the Family Educational Rights and Privacy Act ("FERPA"), 20 U.S.C. § 1232g, we act as a "school official" with a legitimate educational interest, as permitted under 34 C.F.R. § 99.31(a)(1). We use such information only for the purposes for which the Institution engaged us, do not re-disclose it except as authorized, and remain under the direct control of the Institution with respect to its use and maintenance.
  • CCPA/CPRA. With respect to personal information of California residents that we process on behalf of an Institution, we act as a "service provider" under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"). We process such information only as instructed in our agreement with the Institution and as permitted by law.
  • Institution policies. The Institution's own privacy policy may also apply. If there is a conflict between this Policy and the Institution's instructions, the Institution's instructions control.

Section 3Information we collect

3.1 Information we receive from the LMS

When the Service is integrated with an LMS, we receive limited information through the LMS integration (typically via LTI 1.3 or similar standards), which may include:

  • Pseudonymous user identifiers (LTI user IDs) that allow the LMS to associate activity with a user without exposing the user's name or email to us.
  • Course and context identifiers (course ID, section, term).
  • Role information (e.g., instructor, learner).
  • Locale and language preferences.

Our platform refrains from requesting personally identifiable data from the LMS, such as full names, electronic mail addresses, or official student identification numbers. (Refer to Section 3.3 for details on first names that learners might choose to share while interacting with the AI features.) Instructor accounts may include identifying information needed to authenticate and operate authoring tools.

3.2 Information provided by instructors

Instructors who create courses through Didactica may provide:

  • Account information (name, email, institutional affiliation, password or SSO credentials).
  • Course content they author, upload, or import (text, documents, images, audio, video, assessments, rubrics, and metadata).
  • Configuration choices for the Virtual TA and Voice Tutor (such as guardrails, instructional goals, and feedback preferences).

3.3 Information generated through use of the Virtual TA and Voice Tutor

The Virtual TA or Voice Tutor may ask students how they would like to be addressed, and students may volunteer a name at any time during an interaction. Any name provided is used to personalize the tutoring experience and is stored only in association with the LMS-issued pseudonymous identifier. Students are not required to provide a real name and may use a nickname or decline. We do not request student names from the LMS or link them to other identifying information.

When students interact with the Virtual TA or Voice Tutor, we process:

  • Questions, prompts, and submissions students send to the AI features, in text or voice.
  • Audio from voice interactions, processed to generate responses. Audio is transcribed and the resulting transcript, rather than the original audio, is retained as part of the session record.
  • Assessment submissions provided for grading by the Virtual TA, along with the Virtual TA's scores, feedback, and grading rationale.
  • Interaction metadata such as timestamps, session length, error logs, and aggregated usage statistics.

Students should not include personally identifying information about themselves (beyond a first name or nickname, as described above), sensitive personal information, or information about others in their interactions with the Virtual TA or Voice Tutor.

3.4 Information collected automatically

When you use the Service, we automatically collect certain technical information, such as:

  • Device and browser type, operating system, and language settings.
  • IP address and approximate location derived from it.
  • Log data (pages visited, features used, timestamps, referring URLs).
  • Cookies and similar technologies necessary to operate the Service and maintain sessions. See Section 9 (Cookies).

Section 4How we use information

We use information to:

  • Provide, operate, and maintain the Service, including authoring tools, the Virtual TA, the Voice Tutor, and grading features.
  • Authenticate users and integrate with the Institution's LMS.
  • Generate AI responses, feedback, and grades in response to student interactions and instructor configurations.
  • Monitor performance, debug, and improve reliability and security.
  • Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our terms.
  • Comply with legal obligations and enforce our agreements.
  • Communicate with instructors and Institution administrators about the Service.

We do not sell personal information. We do not use student data to build advertising profiles. We do not use student personal information processed through the Service to train our own general-purpose AI models, and we contractually restrict our AI subprocessors from using such data to train their models, as described in Section 6.

Section 5Legal bases and educational privacy compliance

We process information based on the following legal grounds and frameworks applicable to U.S. education:

  • Performance of our agreement with the Institution and necessary operation of the Service.
  • Compliance with FERPA in our role as a school official acting under direct control of the Institution.
  • Compliance with applicable state student privacy laws, which may include California's Student Online Personal Information Protection Act (SOPIPA), the Student Data Protection Act, and similar laws in other states where the Institution operates.
  • Our legitimate interests in operating, securing, and improving the Service in ways that do not override individual privacy interests.
  • Consent, where required (for example, for certain optional features).

Although the Service is targeted to community college users (generally adults), we recognize that some community college students may be under 18. We do not knowingly direct the Service to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact us at privacy@didactica.ai and we will take appropriate steps to delete it.

Section 6AI providers and other subprocessors

To operate the Virtual TA and Voice Tutor, we use third-party AI providers, which currently may include Cerebras, Google Vertex AI, OpenAI and Anthropic, and may include other providers we add over time. These providers process prompts, transcripts, and related interaction data on our behalf solely to generate responses, transcribe speech, and synthesize voice output.

Our agreements with these AI providers require that:

  • Customer data submitted through their APIs is not used to train their general-purpose models.
  • Data is retained only for the limited periods needed for abuse monitoring and service operation, after which it is deleted in accordance with the provider's terms.
  • Appropriate technical and organizational safeguards are maintained.

We may also use other subprocessors for hosting, infrastructure, analytics, error monitoring, communications, and customer support. A current list of subprocessors is available upon request.

Section 7How we share information

We share information only as described below:

  • With the Institution. We share information with the Institution that engaged us, including instructor-facing dashboards, grading outputs, and aggregate analytics.
  • With the LMS. We exchange data with the integrated LMS (Canvas, D2L Brightspace, or others) as necessary to deliver the Service and return grades or completion data.
  • With service providers and subprocessors. We share information with vendors who help us operate the Service under written agreements that restrict their use of the information.
  • For legal reasons. We may disclose information to comply with applicable laws, lawful requests, or legal process, or to protect the rights, property, or safety of Didactica, our users, or others. Where the request concerns student records held on behalf of an Institution, we will, to the extent permitted by law, refer the request to the Institution.
  • In connection with a business transfer. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred subject to confidentiality protections and applicable law.

Section 8Data retention and deletion

We retain information only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Course content authored by instructors is retained while the instructor's account is active and as required by the Institution.
  • Student interaction data (Virtual TA prompts, Voice Tutor transcripts, grading outputs) is retained for the period specified in our agreement with the Institution, after which it is deleted or de-identified.
  • Logs and security-related records are retained for a limited period consistent with our security and audit needs.

Upon termination of an Institution's agreement, we will delete or return Institution data as set forth in that agreement, subject to legal retention requirements.

Section 9Cookies and similar technologies

We use cookies and similar technologies that are strictly necessary to operate the Service, maintain sessions, and remember preferences. We do not use third-party advertising cookies or build advertising profiles.

Section 10Security

We implement administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. These include encryption of data in transit and at rest, access controls, logging and monitoring, vendor security reviews, and personnel training. No system can be guaranteed 100% secure; we encourage users to use strong, unique passwords and to keep credentials confidential.

Section 11Data breach notification

While we implement the protections detailed in Section 10, it is important to acknowledge that no digital environment can offer absolute security. We maintain a comprehensive Incident Response Plan designed to guide our efforts in detecting, analyzing, and mitigating security events, as well as evaluating our reporting obligations under applicable legal frameworks and institutional contracts.

In the event that we identify a security breach impacting personal data managed for an Institution, our commitment includes the following actions:

  • We will alert the partner Institution promptly and within the specific periods established in our formal agreement.
  • We will furnish the Institution with necessary details to evaluate the situation and fulfill its compliance duties under FERPA and state privacy statutes. This typically includes a description of the incident, the data types involved, our containment strategies, and a dedicated contact for inquiries.
  • We will assist the Institution with any notices it provides to students. As the Institution remains the primary entity for these educational services, we do not communicate with students regarding such incidents unless authorized or mandated by law.

For incidents involving personal data of instructors or other account holders where Didactica is the primary controller, we will provide notification to affected parties and regulatory bodies as required by law without undue delay.

We remain dedicated to satisfying all U.S. federal and state notification requirements within mandated timelines. If law enforcement requests a delay to protect an investigation, we will issue notifications as soon as those concerns are resolved.

To communicate a potential security vulnerability or concern regarding the Service, please reach out to us at security@didactica.ai.

Section 12Your rights and choices

Depending on your role and applicable law, you may have rights regarding personal information about you, including the right to access, correct, delete, or obtain a copy of certain information.

  • Students. Because we generally process student information on behalf of an Institution as a school official under FERPA and as a service provider under CCPA, requests to exercise rights regarding student records should be directed to your Institution. We will support the Institution in responding to your request.
  • Instructors and account holders. You may request to access, correct, or delete your account information by contacting us at privacy@didactica.ai.

California residents have specific rights under the CCPA, including the right not to be discriminated against for exercising privacy rights. Because Didactica acts as a service provider to Institutions for student data, certain rights are exercised through the Institution.

Section 13Data location

The Service and its subprocessors are operated primarily in the United States. Information you provide is processed and stored in the United States.

Section 14Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last Updated" date above and provide notice through the Service or by email to instructor and administrator contacts. Continued use of the Service after the effective date of an updated Policy constitutes acceptance of the changes.

Section 15Contact us

If you have questions, concerns, or requests regarding this Policy or our privacy practices, please contact us at:

Didactica, Inc.

Email: privacy@didactica.ai

Mail: 5852 Elderwood Dr.; Dallas, TX 75230