Privacy Policy

Introduction

Opennote is a provider of AI-assisted educational tools and infrastructure.

We understand that you care about your personal privacy interests, and we take that seriously. This Privacy Notice describes Opennote's policies and practices regarding its collection and use of your personal data and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility and will update this Privacy Notice as we adopt new personal data practices.

Data Protection Contact

Opennote, Inc. is a Delaware company that is headquartered in San Francisco, California. To contact us about your data practices or with any inquires, you can email legal@opennote.me.

Independent Security Reports

In any circumstance if you feel that you have found a security vulnerability in our platform, please contact us via security@opennote.me. We will investigate the issue and respond to you as soon as possible.

How we collect and use (process) your personal information

Opennote collects personal information about its website visitors and customers for functionality of the platform ("Services"). With a few exceptions, this information is generally limited to:

• Name
• Email
• School
• IP Address
• Usernames
• Login credentials
• Device identifiers
• Usage analytics and engagement data

We use this information to provide prospects and customers with services.

We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our services.

We use this information to provide our services, manage customer relationships, improve user experience, and ensure system security. Data is also used for legitimate interests, such as monitoring platform performance and conducting audits.

Other Identifying Information

We also collect other identifying information that you may voluntarily provide, such as information shared, posted, or uploaded to the Services. This also includes details from Service Providers, Parties you Authorize, and your Employer (if you register using a company email).

Integrations with services such as Google Drive and Notion are available on the platform. These are optional and at your discretion. When you choose to integrate these services, we may access relevant data to provide personalization and search functionality within your "Knowledge Base" of learning.

Security procedures are in place to protect the confidentiality of your data. We use encryption to protect your information, and only work with providers that meet rigorous standards and SOC II clearances for data protection. We never train machine learning models on your personal information and data. For more information about our subprocessors or compliance, visit https://trust.opennote.com or contact legal@opennote.me.

• As per Google's Policy, the use of raw or derived user data received from Workspace APIs adheres to the Google User Data Policy, including the Limited Use requirements. More details can be found at Google's Workspace API AI Model Policy page.

Use of the Opennote Website

As is true of most other websites, Opennote's website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of Opennote's website, including a history of the pages you view. We use this information to help us design our site to better suit our users' needs.

We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.

Opennote has a legitimate interest in understanding how members, customers and potential customers use its website. This assists Opennote with providing more relevant products and services, with communicating value to our sponsors and corporate members, and with providing appropriate staffing to meet member and customer needs.

Opennote uses cookies through third party providers such as Supabase and PostHog to enable site functionality for Login systems and Platform Improvements. You may view these details for GDPR Policies below:

Cookies

Cookies are small text files sent by us to your computer or mobile device, which enable Opennote features and functionality. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. Opennote uses cookies through third party providers such as Supabase and PostHog to enable site functionality for Login systems and Platform Improvements. View our platform Cookie Policy for more details on how we collect and use cookies on Opennote.

Sharing information with third parties

The personal information Opennote collects from you is stored in one or more databases hosted by third parties located in the European Union. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. On occasion, Opennote engages third parties to send information to you, including information about our products, services, and events.

A list of our third party sub processors can be found at https://trust.opennote.com/subprocessors, through our compliance efforts for SOC II through Vanta.

We do not otherwise reveal your personal data to non-Opennote persons or businesses for their independent use unless: (1) you request or authorize it; (2) it is in connection with Opennote-hosted and Opennote co-sponsored conferences as described above; (3) the information is provided to comply with the law (for example, compelled by law enforcement to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (4) the information is provided to our agents, vendors or service providers who perform functions on our behalf; (5) to address emergencies; or (6) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf. We may also gather aggregated data about our services and website visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers, and/or other third parties for marketing or promotional purposes.

The Opennote website connects with third party services such as Google, Notion, and others. If you choose to share information from the Opennote website through these services, you should review the privacy policy of that service. If you are a member of a third party service, the aforementioned connections may allow that service to connect your visit to our site to your personal data.

Data Subject rights

The European Union's General Data Protection Regulation (GDPR) and other countries' privacy laws provide certain rights for data subjects. Data Subject rights under GDPR include the following:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right of data portability
• Right to object
• Rights related to automated decision making including profiling

This Privacy Notice is intended to provide you with information about what personal data Opennote collects about you and how it is used.

If you wish to confirm that Opennote is processing your personal data, or to have access to the personal data Opennote may have about you, please contact us via legal@opennote.me.

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Opennote might have received the data from Opennote; what the source of the information was (if you didn't provide it directly to Opennote); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by Opennote if it is inaccurate. You may request that Opennote erase that data or cease processing it, subject to certain exceptions. You may also request that Opennote cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Opennote processes your personal data. When technically feasible, Opennote will—at your request—provide your personal data to you.

Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, Opennote will provide you with a date when the information will be provided. If for some reason access is denied, Opennote will provide an explanation as to why access has been denied.

For questions or complaints concerning the processing of your personal data, you can email us at legal@opennote.me. Alternatively, if you are located in the European Union, you can also have recourse to the European Data Protection Supervisor or with your nation's data protection authority.

Data storage and retention

Your personal data is stored by the Opennote on its servers, and on the servers of the cloud-based database management services the Opennote engages, located in the EU. Opennote retains service data for the duration of the customer's business relationship with the Opennote and for a period of time thereafter, to analyze the data for Opennote's own operations, and for historical and archiving purposes associated with Opennote's services. Opennote retains prospect data until such time as it no longer has business value and is purged from Opennote systems. All personal data that Opennote controls may be deleted upon verified request from Data Subjects or their authorized agents. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at: legal@opennote.me

Under GDPR and CCPA, you have the right "to be forgotten" and request that all of your personal data be deleted from our systems. To do so, please contact us at: legal@opennote.me with the subject line "Data Deletion Request". For more information on your rights, you may view https://gdpr-info.eu/art-17-gdpr/ or https://oag.ca.gov/privacy/

Children's data

We do not knowingly attempt to solicit or receive information from children.

Questions, concerns or complaints

If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at: legal@opennote.me

Educational Acts and Protection Notices

As an educational technology platform, Opennote interacts with educational institutions and operates in accordance with the following policies with the notices defined below.

Family Educational Rights and Privacy Act (FERPA) Notice

In accordance with the Family Educational Rights and Privacy Act (FERPA), Opennote's educational acts compliance policy affirms the following:

• We do not disclose information pertaining to the student's educational record and "directory information" to external non-educational parties without the express consent of the student's parents
• As a parent, you have the right to request corrections to your child's educational records if you believe them to be inaccurate, incomplete, or misleading; failure to do so on our part entitles you to arbitration measures as they may apply;
• We must inform you of your FERPA rights annually.
• Reasonably sound information security practices have been implemented to the best of our ability to protect user information;
• Information may be released without consent to the following parties as defined in FERPA:
  • School officials with legitimate educational interest
  • Other schools to which a student is transferring
  • Specified officials for audit or evaluation purposes
  • Appropriate parties in connection with financial aid to a student
  • Organizations conducting certain studies for or on behalf of the school
  • Accrediting organizations
  • To comply with a judicial order or lawfully issued subpoena
  • Appropriate officials in cases of health and safety emergencies
  • State and local authorities, within a juvenile justice system, pursuant to specific State law.

Children's Online Privacy Protection Rule (COPPA) Notice

1. Opennote offers an educational platform to help students study and learn. Although our primary audience is older students, our service may have younger users. This notice supplements our privacy policy and is meant to help parents and guardians understand what information we collect from Opennote students who are younger than the age of 13 (hereinafter, "children" or "child").
2. We have two methods of obtaining parental consent for educational partnership accounts:
   1. Where children use Opennote as part of their school, we rely on these schools for our collection and processing of children's personal information on behalf of parents;
   2. We ask schools to provide our privacy policy and this notice to parents of those students and to obtain parental consent to use our platform.
3. In the event children come to our site to use our platform for personal use, we require that they set up their Opennote account through an established Google account or another email service. Google provides verified parents/guardians the ability to approve or deny sign-ins to other apps and shares our terms of service and privacy policy (which includes a link to this notice). Other services may not, though that is not our platform's responsibility, hence the Google option.
4. Parents' consent is required for the collection, use, or disclosure of children's personal information. We will not collect, use, or disclose your child's personal information if you do not consent to the collection, use, or disclosure of your child's personal information. However, do note that such a request may impair the quality and rendering of the Services provided.
5. Prior to obtaining parental consent, we may collect a limited amount of information from your child in the form of using a persistent identifier (such as a cookie ID) to support our internal operations, such as maintaining and analyzing the functioning of our website and services, performing network communications, authenticating users, and protect the security or integrity of our users, websites, and online services.
6. Personal Information We Collect Directly from Your Child:
   1. Name and contact Information. When your child signs up for our Services, we collect your child's name, username, and email address;
   2. Demographic Data. In some cases, such as when children register for their accounts or participate in surveys (if applicable), we may request they provide their age, gender, and similar demographic details;
   3. Other profile information. We collect information about your child's interests, biographic information, education level, intended use of our service, and classes for their profile;
   4. Content and files. We collect content and files your child inputs or uploads, such as their classroom assignments, notes, posts on message boards, ratings and reviews of content, profile picture, and other content and messaging, for example. If your child emails us or otherwise communicates with us (for example, to ask for technical or customer support), we collect and retain those communications;
   5. Account access information. We collect information such as a username in combination with a password or access code or other credential to allow access to your child's Opennote account, however we have no access to your child's password;
   6. Device information and identifiers. When your child visits our websites or uses our services, we collect their IP address and information about their device, including device identifiers, and mobile IDs, device type, and your child's device's operating system, browser, and other software including type, version, language, settings, and configuration;
   7. Usage information. We collect your child's activity on our websites, apps, and services, including the URL of the website from which they came to our sites, pages visited, length of time spent on a page, access times and days, and other actions taken on our sites and services;
   8. Geolocation data. Depending on your child's device and application settings, we collect geolocation data (strictly state and country) when your child uses our apps or online services;
   9. Classroom/student records: Your child's educators may disclose information about your child's academic performance and activities to us as part of their use of our websites, apps, and services;
   10. Name and contact information, profile information, content and files: Your child's educators may also provide us with any of the information we would otherwise collect from your child. In addition, where your child connects to our services using other accounts, such as Google, or integrates other services (such as Youtube, Google, Meta) we may receive any personal information that you permit these organizations to share with Opennote.
7. Opennote may, from time to time, send your child email communications about their account and for other administrative reasons, for which we will contract with third parties to perform these communication services on its behalf and may disclose a child's information to such third parties.
8. In addition, personal information regarding a child may be disclosed in the course of a child's participation in certain interactive features, such as message boards and sharing classroom materials and other child-created content. Content created by children may be shared with other Opennote users, and children's profile information may be disclosed to other Opennote users depending on their privacy settings.
9. For school accounts, your child's school may have or request access to all of your child's personal information.
10. We share information as directed by users (e.g., to post comments), as needed to provide the services (e.g., to facilitate payments for child users who are not using our service through their schools), and with your children's teachers or tutors and with other students when children use the classroom feature, and in the event of in-school use, we share student information with their school. We share student-generated flashcards and notes with other Opennote users. In addition to disclosures otherwise described in this Notice, we share information about a child with affiliated entities or with third parties where the disclosure is reasonably necessary: to comply with law, including, for example, to comply with a court order or subpoena; to enforce our Terms of Service or site rules; or to protect the safety and security of our websites and services. For more information on our uses and disclosures of personal information, please see our privacy policy.
11. We rely on schools to authorize our collection, use, and disclosure of your child's personal information. To provide your consent, your school should provide you with a consent form. Fill out the form and return it to the school. If you do not provide consent within a reasonable time from the date the school provided notice of our collection, use, and disclosure of your child's personal data, we will delete any of your online contact information we have in our records for the purpose of obtaining consent.
12. To provide consent via Google, your child will need an established Google account, where you have followed Google's verifiable parental consent process. Google will present options to you as the verified parent to approve your child's use of Opennote. If you do not provide consent within a reasonable time or if you deny your child's use of Opennote, we will delete the child's information.
13. You have the right to revoke your consent to our collection, use, and disclosure of your child's personal information. If you revoke consent, your child will not be able to use Opennote. In addition, you have the right to access and review your child's personal information and to update or correct that information. You may also request that we delete your child's personal information. Deleting your child's personal information may result in the termination of the child's account. In the event we need to keep personal information for compliance with legal obligations, to prevent fraud, and ensure the safety of our services and guests, we will continue to protect the information. We delete data when a parent, school, or user requests within the timeframes required under applicable law. When we no longer need your child's personal information, we will use commercially reasonable efforts to delete their personal information. For example, we delete data after a period of inactivity after which it is unlikely the child will resume use of their account, so long as we are not under contractual or other legal obligations to retain such data.
14. Further information regarding COPPA and your rights can be found at the Federal Trade Commission's Website here.
15. If you have questions about our collection, use, and disclosure of your child's personal data, or if you would like to request access to, correction, or deletion of your child's personal data, please contact us at legal@opennote.me. Please include "COPPA Question" or "Student Record Request" in the subject line of your email.

Student Online Personal Information Protection Act (SOPIPA) Notice

In accordance with the Student Online Personal Information Protection Act (SOPIPA), Opennote's privacy policy affirms the following:

• There is no data collected in order to provide targeted ads;
• There are no advertising profiles being created for neither students nor teachers;
• Student and teacher information is not being sold in any capacity to third-parties with the intent of profit;
• Reasonably sound information security practices have been implemented to the best of our ability to protect user information;
• Disclosure of information is only in cases of the law requiring as such, or as part of maintenance, development, or corporate transactions.
• Information is only shared with educational researchers & agencies, or for processing the data to provide the Service;
• Only de-identified and aggregated data is used to continue development of the Service.

If any disputes are not satisfactorily satisfied with us with regard to the Student Online Personal Information Protection Act (SOPIPA), you may contact the California Privacy Protection Agency at 2101 Arena Blvd, Sacramento, CA 95834, or by telephone at (279) 895-1412.

For questions or concerns regarding any of these policies, please contact us at legal@opennote.me and a member of our team will get back to you between 24-48 hours.