Privacy Policy
Version: 1.0.0 Effective Date: March 6, 2026 Last Updated: March 6, 20261. Introduction
Feedback Coach ("we," "us," "our," or the "Company") is committed to protecting the privacy of all users of our intelligent readiness platform, including students, faculty, administrators, and other authorized personnel at educational institutions.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We process personal data in compliance with:
- General Data Protection Regulation (GDPR) - for users in the European Economic Area
- Family Educational Rights and Privacy Act (FERPA) - for educational records in the United States
- UK Data Protection Act 2018 - for users in the United Kingdom
- Other applicable data protection laws in jurisdictions where we operate
2. Data Controller Information
Data Controller:Feedback Coach Ltd
Email: privacy@feedbackcoach.com
Data Protection Officer: dpo@feedbackcoach.com
For institutions in the European Economic Area, Feedback Coach acts as a Data Processor on behalf of the Institution (Data Controller) for Student Data processed through the platform.
3. Categories of Personal Data We Collect
3.1 Account and Identity Data
| Data Type | Examples | Purpose |
|---|---|---|
| Identification | Name, username, student/staff ID | Account creation and authentication |
| Contact | Email address, institutional email | Communication and notifications |
| Institutional | University name, department, role | Service configuration and access control |
| Authentication | SSO tokens, session data | Secure access to the platform |
3.2 Educational Data
| Data Type | Examples | Purpose |
|---|---|---|
| Academic Progress | Readiness scores, quiz results, completion status | Readiness verification and feedback |
| Assessment Interactions | Responses to Assessment Readiness checks | Understanding of learning outcomes |
| Knowledge Assessments | Feedback Quiz answers and performance | Gap identification and targeted feedback |
| Draft Submissions | Text submitted for Express Review | Diagnostic analysis and readiness verification |
| Engagement Metrics | Tool usage, time spent, interaction patterns | Analytics and intervention identification |
3.3 Technical and Usage Data
| Data Type | Examples | Purpose |
|---|---|---|
| Device Information | Browser type, operating system, device type | Service optimization and security |
| Connection Data | IP address, access timestamps | Security monitoring and audit logging |
| Platform Interactions | Features used, pages visited, actions taken | Service improvement and user experience |
| Error Logs | Technical errors, failed requests | Troubleshooting and reliability |
3.4 Institutional Configuration Data
| Data Type | Examples | Purpose |
|---|---|---|
| Assessment Criteria | Learning outcomes, rubrics, marking criteria | Contextual feedback generation |
| Course Structure | Modules, cohorts, academic calendars | Platform configuration |
| Integration Settings | LMS configurations, SSO settings | Technical integration |
4. How We Collect Personal Data
4.1 Directly from Users
- Account registration and profile creation
- Assessment Readiness tool interactions
- Feedback Quiz completions
- Draft submissions for Express Review
- Support requests and communications
4.2 From Educational Institutions
- User provisioning through SSO/LTI integration
- Student enrollment data
- Course and assessment configurations
- Learning outcomes and criteria
4.3 Automatically Through Technology
- Cookies and similar tracking technologies
- Server logs and analytics tools
- Learning management system integrations
5. Legal Basis for Processing (GDPR)
We process personal data under the following legal bases:
5.1 Performance of Contract (Article 6(1)(b))
Processing necessary to provide the Service as agreed with Institutions, including:
- User account management
- Readiness verification services
- Analytics and reporting
5.2 Legitimate Interests (Article 6(1)(f))
Processing necessary for our legitimate business interests, including:
- Service improvement and development
- Security and fraud prevention
- Customer support and communications
5.3 Compliance with Legal Obligations (Article 6(1)(c))
Processing required by law, including:
- Record-keeping for audit purposes
- Responding to lawful government requests
- Data retention requirements
5.4 Consent (Article 6(1)(a))
Where required, we obtain consent for:
- Marketing communications
- Use of non-essential cookies
- Processing beyond the scope of the service agreement
6. How We Use Personal Data
6.1 Service Delivery
- Readiness Verification: Processing student interactions with Assessment Readiness, Feedback Quiz, and Express Review tools
- Feedback Generation: Analyzing submissions to provide contextual, criteria-mapped feedback
- Progress Tracking: Recording completion status and readiness scores
- Intervention Identification: Identifying students who may benefit from additional support
6.2 Analytics and Reporting
- Institutional Dashboards: Providing Deans and Department Heads with cohort-level insights
- Heat Maps: Identifying class-wide knowledge gaps for targeted instruction
- Engagement Metrics: Tracking platform usage and intervention effectiveness
- Audit Trails: Maintaining records for quality assurance and compliance
6.3 Service Improvement
- Platform Development: Analyzing usage patterns to improve features
- Bug Fixes: Using error logs to identify and resolve issues
- User Experience: Optimizing interfaces based on interaction data
6.4 Communications
- Service Notifications: Updates about platform features, maintenance, or changes
- Support: Responding to inquiries and providing assistance
- Institutional Reports: Sending analytics summaries to authorized administrators
7. Data Sharing and Disclosure
7.1 Within Educational Institutions
We share data with authorized personnel at subscribing Institutions:
| Recipient | Data Shared | Purpose |
|---|---|---|
| Tutors/Faculty | Student readiness scores, engagement data | Academic support and intervention |
| Department Heads | Cohort analytics, heat maps | Curriculum planning and resource allocation |
| Deans/Administrators | Institutional metrics, audit reports | Strategic oversight and compliance |
7.2 Service Providers
We engage third-party service providers who process data on our behalf:
| Provider Type | Purpose | Safeguards |
|---|---|---|
| Cloud Infrastructure | Data hosting and storage | SOC 2 certified, data encryption |
| Analytics | Platform performance monitoring | Anonymized data, contractual protections |
| Customer Support | Ticketing and communication | Data processing agreements |
| Security | Threat detection and prevention | Industry-standard security measures |
7.3 Legal and Compliance
We may disclose data when required by law or to:
- Comply with legal process or government requests
- Enforce our Terms of Service
- Protect the rights, property, or safety of users or others
- Investigate potential violations or fraud
7.4 Business Transfers
In connection with a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections.
7.5 No Sale of Personal Data
We do not sell personal data to third parties. We do not share student data with advertisers or for marketing purposes unrelated to the Service.8. International Data Transfers
8.1 Transfer Mechanisms
When transferring data outside the European Economic Area, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- UK International Data Transfer Agreement (IDTA) for UK transfers
- Adequacy decisions where applicable
8.2 Data Localization
Upon request, Institutions may specify data residency requirements. We offer data hosting in:
- European Union (Ireland)
- United Kingdom
- United States
9. Data Retention
9.1 Retention Periods
| Data Category | Retention Period | Basis |
|---|---|---|
| Student Educational Data | Duration of enrollment + 3 years | Academic record requirements |
| Account Data | Duration of service + 1 year | Service delivery and audit |
| Analytics (Aggregated) | 5 years | Institutional reporting |
| Audit Logs | 7 years | Compliance and legal requirements |
| Marketing Preferences | Until consent withdrawn | Consent-based processing |
9.2 Institutional Data Export
Upon termination of service, Institutions may request:
- Export of all Institution and student data
- Deletion of data (subject to legal retention requirements)
9.3 Student Data Deletion
Students may request deletion of their personal data, subject to:
- Institutional policies and academic record requirements
- Legal retention obligations
- Anonymization of data needed for aggregate analytics
10. Data Security
10.1 Technical Measures
- Encryption: TLS 1.3 for data in transit; AES-256 for data at rest
- Access Controls: Role-based access, multi-factor authentication
- Infrastructure: SOC 2 Type II certified cloud providers
- Monitoring: Real-time threat detection and intrusion prevention
- Backup: Regular encrypted backups with geographic redundancy
10.2 Organizational Measures
- Employee Training: Regular privacy and security awareness training
- Access Reviews: Periodic review of access permissions
- Vendor Management: Security assessments of third-party providers
- Incident Response: Documented procedures for data breach response
10.3 Data Breach Notification
In the event of a personal data breach, we will:
- Notify affected Institutions within 72 hours of becoming aware
- Provide details of the breach and steps taken
- Assist Institutions in meeting their notification obligations
- Document all breaches in our internal records
11. Your Privacy Rights
11.1 Rights Under GDPR
If you are in the European Economic Area or United Kingdom, you have the right to:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion of your data ("right to be forgotten") |
| Restriction | Limit how we process your data |
| Portability | Receive your data in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interests |
| Withdraw Consent | Revoke consent where processing is consent-based |
11.2 Rights Under FERPA
Students at US institutions have the right to:
- Inspect and review their education records
- Request amendment of inaccurate records
- Consent to disclosures of personally identifiable information
- File complaints with the US Department of Education
11.3 Exercising Your Rights
Students: Should contact their Institution's data protection or registrar's office, as the Institution is the Data Controller for student educational records. Institutional Administrators: May submit requests directly to privacy@feedbackcoach.com. Response Time: We respond to verified requests within 30 days. Complex requests may require an additional 60 days with notice.12. Children's Privacy
12.1 Age Restrictions
The Service is designed for higher education and is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16.
12.2 Parental Rights
If you believe a child under 16 has provided us with personal data, please contact us at privacy@feedbackcoach.com, and we will take steps to delete such information.
13. Cookies and Tracking Technologies
13.1 Types of Cookies
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security, core functionality | Session |
| Functional | User preferences, language settings | 1 year |
| Analytics | Usage patterns, performance monitoring | 2 years |
13.2 Cookie Consent
We display a cookie consent banner for users in jurisdictions requiring consent. You can manage cookie preferences at any time through your browser settings or our cookie management tool.
13.3 Do Not Track
We honor "Do Not Track" browser signals for non-essential tracking.
14. Third-Party Links and Integrations
14.1 External Links
The Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites.
14.2 LMS Integrations
When accessing Feedback Coach through an LMS integration, the Institution's LMS privacy policy also applies to your use.
15. Changes to This Privacy Policy
15.1 Notification of Changes
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Email to Institutional Administrators
- Notice within the Service platform
- Updating the "Last Updated" date
15.2 Review
We encourage you to review this Privacy Policy regularly to stay informed about our data practices.
16. Contact Us
For privacy-related inquiries:
General Privacy Questions:Email: privacy@feedbackcoach.com
Data Protection Officer:Email: dpo@feedbackcoach.com
Data Subject Requests:Email: privacy@feedbackcoach.com
Subject Line: "Data Subject Request - [Your Request Type]"
Complaints:If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority:
- UK: Information Commissioner's Office (ICO)
- EU: Your national supervisory authority
- US: US Department of Education (for FERPA matters)
17. Version History
| Version | Date | Summary of Changes |
|---|---|---|
| 1.0.0 | March 6, 2026 | Initial release |
_This Privacy Policy was last updated on March 6, 2026._