Privacy policy.
Altera Labs ("we", "us") builds an AI tutor that works inside your Canvas course. This policy explains what data we collect, how we protect it, who processes it on our behalf, and the rights you have over it. It applies to the Altera application (app.altera-labs.com), our website, and our LMS integrations.
The short version: your learning data exists to teach you and to show your instructor what to re-teach. We do not sell it, we do not run ads, and we do not let anyone train AI models on it.
01What we collect.
- Account and identity data: name, institutional email, role (student, instructor, admin), and course membership, usually provided by your institution's Canvas instance when you launch Altera.
- Conversations with the tutor: the messages you exchange with Altera, including work you share in chat. In limited pilots with voice enabled, this includes voice audio and transcripts.
- Course materials: syllabi, notes, and documents uploaded by you or your instructor, and the searchable fragments we derive from them.
- Learning records: quiz responses, mastery estimates, and the concept-level learning history that powers your tutor and your instructor's dashboard.
- Technical data: logs, device and browser information, and usage telemetry. Our telemetry carries identifiers and event structure only, not the content of your conversations.
02How we use it.
- To run the tutor: build your mastery model, personalize instruction, and generate your instructor's class-level view.
- To operate and secure the service: debugging, abuse prevention, and reliability work.
- To evaluate and improve Altera for your course, under your institution's agreement with us.
We do not sell personal data, show advertising, or permit student content to be used to train our own or any third party's foundation models. Our AI provider processes prompts under enterprise terms that prohibit training on them.
03FERPA: your education records.
When you use Altera through your school's Canvas course, your conversations, uploaded materials, and learning records are education records under FERPA. Altera Labs operates as a "school official" under 34 CFR §99.31(a)(1)(i)(B): we perform a service the institution would otherwise perform itself, we act under the institution's direct control with respect to those records through a data processing agreement, and we are bound by FERPA's use and redisclosure limits. We flow those same obligations down to every sub-processor that touches education records.
04Your rights over your records.
Inspect and export. You can export a complete copy of every education record we hold about you, streamed from your account. If any records are encrypted under Private Mode, the export says exactly how many were skipped rather than silently omitting them.
Request amendment. If you believe a record is inaccurate or misleading, you can request an amendment under FERPA §99.20 and we will process it with your institution.
Delete. You can delete your data from your account settings. Deletion requires re-authentication and an explicit confirmation, then removes your records across the platform. For Private Mode content, deletion permanently revokes your encryption key, which makes that content unreadable everywhere, including in backups.
Disclosure log. We keep an audit log of access to your conversation records, including access by our own AI pipeline and background systems, retained for seven years. Your own audit rows are included in your export.
05Private Mode.
Private Mode is a per-session toggle that encrypts your conversation content with AES-256-GCM before it is stored. Each student has their own encryption key, wrapped by a master key that is held outside the database, so a database compromise alone yields only ciphertext. Private Mode sessions also bypass response caching and background analysis. Private Mode applies from the moment you enable it; content created before that stays in standard storage.
06Who processes data for us.
| Sub-processor | What it does | Notes |
|---|---|---|
| Google Cloud | Runs our backend and the AI models (Vertex AI) that power the tutor | Cloud Data Processing Addendum; enterprise AI terms prohibit training on prompts |
| Supabase | Database, authentication, and file storage | Data processing agreement; SOC 2 Type II; encrypted at rest |
| Pydantic Logfire | Operational telemetry | Receives identifiers and event structure only, no conversation content; 30-day retention |
| Redis session cache | Short-lived session state | Request-lifetime buffer; migrating onto Google Cloud infrastructure |
07How long we keep it.
| Data | Retention |
|---|---|
| Conversations and learning records | Life of your account, or shorter caps set in your institution's agreement; deleted on request |
| Uploaded course materials | Life of the course, or per your institution's agreement |
| Disclosure audit log | Seven years (this is the compliance record of who accessed what) |
| Operational telemetry | 30 days |
| Deletion receipts | Kept indefinitely; they contain no personal content, only proof a deletion happened |
08Security incidents.
If we confirm a breach affecting education records, our target is to notify the affected institution within 48 hours, and affected students as required by applicable law.
09Children.
Altera is built for higher education and is not directed to children under 13. We do not knowingly collect personal information from children under 13.
10Changes.
When we change this policy we will update the effective date above, and for material changes affecting an active pilot we will notify the institution.
11Contact.
Privacy questions, FERPA requests, or anything else: akira@altera-labs.com.