Who is responsible
The data controller for LearnRocketAI is Bohemian Digital Innovations s.r.o., IČO 19495242, DIČ CZ19495242, with registered address at Vojtěšská 211/6, 11000 Praha 1-Nové Město, Czech Republic.
Use privacy@learnrocketai.com for privacy questions, data access, correction, deletion, objection, portability, or withdrawal requests. Use support@learnrocketai.com for general service questions.
What data we process
We process the data needed to provide the learning service:
- account data such as email address, password hash, role, language, time zone, workspace, usage mode, and account status;
- optional profile and notification data such as name, student name, phone number, WhatsApp consent, preferred notification channel, and reminder settings;
- learning data such as topics, exercises, answers, flashcards, study sessions, progress, completion history, and teacher or parent assignments;
- uploaded or generated materials such as PDFs, photos, notes, textbook extracts, OCR text, prompts, summaries, exercises, flashcards, AI feedback, and generated illustrations;
- technical data such as session identifiers, security logs, request metadata, device/browser information, locale, time zone, and diagnostic records;
- notification logs for email, SMS, and WhatsApp delivery, including status, recipient, message type, provider response, and related audit details.
Children and students
A parent, teacher, or workspace administrator may create student records, assign exercises, send credentials, and track progress. Student data can include names, contact details, assigned materials, answers, progress, and reminder settings. The adult or organization that adds a student must have the right to do so and should give appropriate information to the student or their guardian.
Account registration itself is intended for adults, parents, teachers, and students who may lawfully create an account. Where child consent rules apply to information society services, local law may set a minimum age. Czech law uses 15 years; Poland uses 16 years.
Why we process data
We process data for the purposes and legal bases below:
- account creation and sign-in - performance of the service contract;
- generation of exercises, flashcards, summaries, feedback, transcriptions, and speech - performance of the service contract;
- security, technical logs, diagnostics, and abuse prevention - legitimate interests in protecting and operating the service;
- notifications needed for account operation, credentials, invite links, reminders, and administrator updates - performance of the service contract or legitimate interests;
- newsletters, marketing, analytics or marketing cookies, and optional WhatsApp communication - consent;
- accounting, tax, compliance, or other legal duties if they apply - legal obligation.
Providers and transfers
We use trusted providers for hosting, infrastructure, email, SMS, WhatsApp, AI processing, storage, and security. These may include providers such as Railway, Cloudflare, SendGrid, Twilio, file storage providers, and OpenRouter or model providers where they are needed to operate the service. Provider names may change as the infrastructure evolves, but they are used only to operate the service.
Some providers may process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards such as EU Standard Contractual Clauses, equivalent contractual protections, provider transfer frameworks, and configuration that limits the data sent to what the feature needs.
AI processing
When you upload materials or request AI features, relevant text, images, prompts, answers, and context may be sent to AI providers to produce summaries, exercises, flashcards, feedback, transcriptions, or speech. Do not upload confidential, sensitive, or third-party material unless you have the right to use it in the service.
We do not use user materials to train our own AI models. External AI providers process submitted data according to their terms, data processing settings, and our configuration for the requested AI feature.
Cookies
Necessary cookies are used for sign-in sessions, security, locale choice, browser time zone, flashcard voice preference, and saving cookie preferences. These cookies are required or useful for the service and do not need optional consent. Analytics and marketing cookies are disabled unless you choose to allow them in the cookie banner.
Retention
We keep data under these practical rules:
- account data is kept while the account exists;
- uploaded materials and generated content are kept until the user deletes them, the account or workspace is deleted, or further retention is legally required;
- learning progress, assignments, answers, notification logs, and audit logs are kept while needed for the learning service, security, troubleshooting, legal obligations, and legitimate operational records;
- technical and security logs are kept for a limited time needed for security and diagnostics;
- backups may be kept for a limited time according to backup cycles.
If an account or workspace is deleted, data is deleted or anonymized unless retention is required for legal, security, backup, or dispute reasons.
Security
We use technical and organizational measures intended to protect data, including access controls, encrypted transmission, access limitation, security logs, and backups.
Automated decisions
We do not make decisions about users based solely on automated processing that would produce legal effects or similarly significant effects. AI features support learning and material generation, but their results should be reviewed by the user.
Your rights
Depending on your situation, you may request access, correction, deletion, restriction, portability, objection to processing, or withdrawal of consent. You may also complain to the competent data protection authority. For a Czech controller, the competent authority is the Office for Personal Data Protection (Úřad pro ochranu osobnÃch údajů, ÚOOÚ). In Poland, you may also contact the President of the Personal Data Protection Office (UODO) if the matter concerns a user in Poland.
Updates
We may update this policy when the service, providers, law, or data practices change. The current version is published on this page.
Latest update date: June 16, 2026.