Privacy Policy

Last Updated: December 18, 2025

Welcome to Malcom (getmalcom.com). We provide an AI-driven learning layer for educational materials. We are committed to protecting the privacy of educators, parents, and, most importantly, students.

This policy describes how we collect, use, and protect information in compliance with the General Data Protection Regulation (GDPR), the Children’s Online Privacy Protection Act (COPPA), and the Family Educational Rights and Privacy Act (FERPA).

1. Our Role in Data Protection

  • For Schools/Teachers: Malcom acts as a Data Processor. The school or educational institution is the Data Controller. We process student data only under the instruction of the school.

  • For Website Visitors: Malcom acts as a Data Controller for information collected on our public website (e.g., when you request a demo).

2. Information We Collect

We collect only the minimum data necessary to provide our AI learning services:

  • Account Information: Name, email address, and school affiliation for teachers and administrators.

  • Student Data: Student names or identifiers (as provided by the school) and responses within the AI chat interface.

  • Learning Metadata: Interactions with the AI, time spent on tasks, and progress indicators used for “Grade Prediction.”

  • Technical Data: IP addresses, device type, and browser logs (used for security and service stability).

3. How We Use Data

  • Adaptive Learning: To tailor the AI’s questions to a student’s specific understanding level.

  • Teacher Insights: To generate progress reports and grade predictions for educators.

  • Service Improvement: To refine our AI models (using de-identified, aggregated data).

  • Security: To detect and prevent fraud or unauthorized access.

4. Compliance with US & EU Laws

US: COPPA & FERPA

  • Parental Consent: We rely on schools to provide consent for the collection of data from students under 13, acting as an agent for parents as permitted by COPPA.

  • School Records: We treat student data as confidential “Education Records” under FERPA and do not share them except with authorized school personnel.

EU: GDPR

  • Legal Basis: We process data based on Contractual Necessity (to provide the service) and Legitimate Interest (security).

  • International Transfers: Data is stored on secure servers. If data is transferred outside the EEA, we use Standard Contractual Clauses (SCCs) to ensure a high level of protection.

  • Automated Decision-Making: Our “Grade Prediction” is a tool for teachers. Final educational decisions remain with the educator (the “human in the loop”).

5. Data Sharing & Security

  • No Sale of Data: We never sell student or teacher data to third parties.

  • No Advertising: We do not use student data for behavioral or targeted advertising.

  • Security: We use industry-standard SSL/TLS encryption for data in transit and AES-256 encryption for data at rest.

6. Data Retention & Deletion

We retain personal data only as long as necessary to fulfill the educational purpose or as required by the contract with your school.

  • Account Deletion: Users or schools may request account deletion at any time.

  • Right to be Forgotten: EU users may exercise their right to erasure by contacting us at [Insert Email, e.g., privacy@getmalcom.com].

7. Changes to This Policy

We may update this policy to reflect changes in our AI technology or legal requirements. We will notify users of any significant changes via email or a prominent notice on our platform.

8. Contact Us

For questions regarding this policy or our data practices, please contact: Malcom Technology OÜ Email: info@getmalcom.com

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.