Skip to main content
M
Get Started

Privacy Policy

Last updated: May 7, 2026

MasterAlp (“we”, “us”) is an adaptive learning platform built for higher-education courses. This policy explains what we collect, why we collect it, and the choices you have. We aim to follow the data-handling principles set out in FERPA and GDPR, but MasterAlp is an early-stage product and is not currently SOC 2 audited or ISO 27001 certified.

What we collect

  • Account information — name, email, role (student / professor / admin), and the institution you signed up under.
  • Course data — courses you create or are enrolled in, materials uploaded by professors, assessments, and the answers you submit.
  • Learning signals — confidence ratings, mastery scores, time-on-task, and interaction events used to power the adaptive engine.
  • Operational data — IP address, browser user agent, and structured logs needed to operate the service and investigate abuse.

How we use it

  • To deliver assessments, study plans, and feedback.
  • To power the misconception classifier and other adaptive features. Anonymised, aggregated learning signals may be used internally to improve the engine.
  • To operate the platform — billing, security, customer support.
  • To send transactional email (verification, password reset, weekly digest if enabled).

How we do not use it

  • We do not sell personal data.
  • We do not use student answers, materials, or PII to train third-party AI models. LLM calls are made under provider-specific opt-out terms; see Sub-processors below.
  • We do not run retargeting or third-party advertising trackers on the product surface.

Sub-processors

  • Google Cloud Run + Cloud Storage (hosting).
  • Supabase Postgres (primary database).
  • Anthropic, OpenAI, Google Gemini (LLM inference).
  • Stripe (billing, when applicable).
  • Resend or SendGrid (transactional email).
  • Sentry (error monitoring; PII redacted at the edge).

Your rights

You can export or delete your data from Settings → Privacy. Institutional admins can additionally request bulk export or deletion by emailing privacy@masteralp.com. We honour well-formed FERPA, GDPR (Art. 15 / 17), and CCPA requests; if you're unsure which framework applies to you, just reach out and we'll route the request.

Children

MasterAlp is built for higher education. We do not knowingly collect data from children under 13. If you believe a child has signed up, contact privacy@masteralp.com and we will remove the account.

Security

Data is encrypted in transit (TLS 1.2+) and at rest by our managed database and storage providers. Access is role-scoped and audited. See Security for more on the controls we follow.

Changes to this policy

Material changes will be announced in-product at least 14 days before they take effect. Editorial corrections appear silently with the “Last updated” date bumped above.

Contact

Questions: privacy@masteralp.com. We reply to legitimate requests within 30 days.