Privacy Policy

Last Updated: August 4, 2024

Welcome to Alayna, operated by Cues Technologies, Inc ("Alayna"). We provide teachers and school staff with online access to generative artificial intelligence tools through our website, browser extensions, and other services (collectively our "Services"). At Alayna, we prioritize safety and respect your privacy.

This Privacy Policy describes how we collect, use, disclose, share, or otherwise process your personally identifiable information ("PII" or "personal data") when you visit our website or use our other Services. The categories of information we collect and how it is used will depend on your interactions with us.

What Data We Collect

Alayna collects the following types of personal data when you visit our Website or use our Services:

Information We May Collect via Technological Means

Our servers, hosted by a third-party service provider, collect certain technical data about your device and software, including your browser type, operating system, IP address (which may vary from session to session and may indicate your general location), domain name, and/or a time stamp of your visit. We automatically gather this data and store it in log files each time you visit our website or access an account on our network. Unless you have provided PII in connection with your use of the Services (for example, by creating an account), we cannot use such technical data to identify your name or contact information.

We may also directly collect analytics data or use third-party analytics tools to help us measure traffic and usage trends in connection with the Services. We collect and use this analytics information in aggregate form such that it cannot reasonably be used to identify any particular individual.

Cookies, Web Beacons, and Other Tracking Technologies

We may use various technical mechanisms such as cookies, web beacons, and similar tracking technologies to monitor how users use our Services. "Cookies" are small pieces of information that a website sends to your computer's hard drive while you are viewing a website. "Web beacons" refer to various tracking technologies used to check whether you have accessed some content on our Services. We use cookies for the following purposes, specifically:

  • Performance Cookies: These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.

  • Functional Cookies: These cookies allow the provision of enhanced functionality and personalization, such as videos. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these features may not function properly.

  • Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work then.

We may link the information we store in cookies or through other mechanisms to the PII you submit while using our Services. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Services. You can remove persistent cookies at any time by following the directions in the "Help" section of your Internet browser. You can also disable all cookies on your Internet browser. If you choose to disable cookies, be advised that you can still visit our Website, but some components of our Services may not be available or work properly.

Information Provided by You When Visiting Our Website

You may visit our Website if you wish without creating an account or providing us with any information about yourself. However, if you decide to use certain Services, you may be asked for information that we need in order to provide you with the Services requested. For example, if you decide to sign up for newsletters from us, attend a demonstration or virtual event, create an individual account to use our Services, apply to join our Teacher Advisory Program or other offerings, or apply as an organization to join any of our programs or offerings, Alayna may collect some or all of the following PII from you:

  1. First and last name

  2. School or organization name

  3. Role or job title

  4. Email address

  5. Phone number

  6. Location information including state/province and country

  7. Where applicable, a user-generated password for your account

  8. Social media identifiers

  9. Language preferences

You may also be provided the opportunity to provide a profile image or other information for your account profile. If you provide us with feedback or contact us via email (e.g., in response to an employment or a program application on our Website), we will collect your name and email address, as well as any other content or information included in or attached to your email, in order to send you a reply. If you order Services from us for a fee, we may also collect information needed for billing and payment purposes that will be processed through a secure third-party payment processor. We may combine the information we collect directly from you with information we obtain from public sources, partners, and other third parties and use such combined information in accordance with this Privacy Policy.

How We Use the Data We Collect

In summary, we use your personal data to respond to your requests, to provide, secure, and enhance the Services, and to comply with our legal obligations. In particular, Alayna uses your PII for the following purposes as necessary and as permitted by applicable law:

  • Identify you as a user or visitor of our Services;

  • Facilitate the creation of and secure your account for use of our Services;

  • Provide and administer your use of the Services;

  • Personalize and improve the quality of your experience when you interact with our Services;

  • Send you a welcome email to verify ownership of an email address provided when your account was created;

  • Send you administrative email notifications, such as security or support and maintenance messages;

  • Respond to your inquiries and requests;

  • Provide you with newsletters you request or surveys;

  • Send you information about upgrades and special offers related to our Services;

  • Comply with applicable laws and regulatory requirements;

  • Respond to lawful requests, court orders, and legal processes; and

  • Protect our legal interests or those with whom we do business.

We may also compile statistical or anonymized, non-personally identifiable information and use or transfer such information for any purposes; provided, however, that such data has been fully de-identified and cannot in any way be traced back to the customer or user and does not contain any personally identifiable information. We may use aggregated information publicly to show trends about the general use of our services. All customer data is encrypted at rest with AES-256 and in transit via TLS.

Third-Party Online Analytics Services

In connection with our Website and emails, we may use third-party online analytics services, such as those of Google Analytics and Posthog. These analytics services use automated technologies to collect information (such as email address, IP address, and device identifiers) to evaluate, for example, use of our products and services and to diagnose technical issues. To learn about how Google Analytics collects and processes data, you may visit Google Analytics Privacy Policy.

Google API Services and User Data

Our application uses Google API Services. We adhere to the Limited Use requirements as specified in the Google API Services User Data Policy. This includes limitations on data use, transfer, and human review of user data.

Third-Party OpenAI Services

We utilize OpenAI and Anthropic’s application program interface ("API") to power the AI functionality of our Services. While we strive to maintain the highest level of data security, we encourage you to review OpenAI and Anthropic's API Privacy Policy separately to understand their data handling practices. We are committed to ensuring that the use of OpenAI and Anthropic’s API aligns with applicable data protection laws and regulations.

We have opted OUT of sharing data with OpenAI to train models. OpenAI will not use data submitted by our users via our API to train or improve our models, unless you explicitly decide to share your data with us for this purpose. You can opt-in to share data. Any data sent through the API will be retained for abuse and misuse monitoring purposes for a maximum of 30 days, after which it will be deleted (unless otherwise required by law).

Data Sharing with Third-Party Tools (for Google Workspace Slides Add-on)

Our app makes use of OpenAI's GPT API (AI model) and Anthropic's Claude API (AI model) to enhance the functionality and provide AI-generated content for presentations. Specifically, we share the following user data with OpenAI and Anthropic:

  • Topic and Description: To generate relevant content for your presentation.

  • Presentation Outline and Settings: To generate relevant content for your presentation.

  • File Attachments: To extract and incorporate relevant information into the presentation. Alayna uses proprietary technology to filter sensitive data from files before sharing with third-party service providers.

We ensure that:

  • We do not use any of your data to train AI models.

  • Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models.

  • Alayna's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

  • We only share data with OpenAI & Anthropic for the specific purpose of generating content for your presentations, and we ensure that all data handling complies with relevant privacy laws and policies.

If we need to process your Personal Information for a purpose other than that for which the information was initially collected, we will provide you with information about that other purpose before we further process your Personal Information.

Information Sharing and Disclosure

To the extent permitted by applicable

law, Alayna may disclose your PII in the following circumstances:

Service Providers

We may engage our affiliates or third-party organizations or individuals to support us in connection with the purposes listed above, such as hosting providers, subcontractors, and third-party payment processors.

Law Enforcement

It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for Alayna to disclose your PII. We may also disclose your PII if we determine disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.

Business Transfer

We may share your PII if Alayna engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Alayna's assets, financing acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g., due diligence).

Prior Consent

We may also disclose your PII in other circumstances with your prior informed consent. Service providers acting on our behalf are obliged to adhere to confidentiality requirements no less protective than those set forth herein and will only receive access to your PII as necessary to perform their functions.

How We Protect Your Data -- Security

We are committed to protecting the security of information received via the Services, including PII. If we collect PII from you, we provide reasonable and appropriate administrative, technical, and physical security controls designed to protect your PII from unauthorized access, use, or disclosure. Despite our efforts, no security controls are 100% risk-free, and Alayna does not warrant or guarantee that your PII will be secure in all circumstances. If you create an account, you are responsible for keeping your account credentials and passwords secure and not allowing others to use your account.

Your Data, Your Choice

Please note if you are a California resident, please see Section IX "Additional Information for California Residents" below for more information about your privacy rights under California law.

Opt-Out

We offer you choices regarding the collection, use, and sharing of your PII. Where permitted by applicable law, we may periodically send you free newsletters and emails that directly promote the use of our products or services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to "opt-out" by following the unsubscribe instructions provided in the email you receive or by contacting us directly. Despite your indicated email preferences for other matters, we may send you administrative notices such as updates to our Terms of Use or Privacy Policy and similar account notices.

Your Rights to Access, Correct, or Delete Your Personal Information

You may edit any of your PII in your account on the Services, including contact information and/or notification settings, by editing your account profile. You may have the right to make other requests under applicable law related to your personal data in our possession, and depending on applicable law, you may have the right to appeal our decision regarding your request. Contact us at hello@alayna.us if you have questions or a request regarding your personal data. Your rights may include a right to access your personal data that we process and transfer it, correct it, delete it (erasure), restrict it or object to its sale or use for direct marketing purposes, and to not be retaliated against for exercising your rights. We will do our best to honor your requests. If we deny a request and you have a right to appeal, we will provide information about how to exercise that right in our response. If you are in the EU or UK, you can contact your data protection authority to file a complaint or learn more about local privacy laws.

You may request that we delete your account information by sending an email to hello@alayna.us, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). Alayna will respond to such requests within thirty (30) days or sooner if required by applicable law. When we delete account information, it will be deleted from the active database but may remain in our archives for a limited amount of time. We will otherwise retain your information for as long as your account is active, as needed to provide you with the Services you have requested, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Information Processed Under the Direction of Customers

If a school or other organization has registered for the Services (a "Customer") and your PII has been collected by Alayna as a result of such organization's use of the Services, Alayna collects and processes any such PII of yours under the directions of the relevant Customer. If these circumstances apply to you and you wish to access, edit, delete, or exercise any rights you may have under applicable data protection laws with respect to any PII that we have collected about you, please direct your query to the relevant Customer as this may expedite the completion of your request. We nevertheless provide reasonable assistance to our Customers to give effect to data subject rights as appropriate and required by applicable laws.

Links to Third-Party Sites

Our provision of a link to any website or location outside of the Services is for your convenience and does not signify our endorsement of such other website or location or its contents. When you click on such a link, you will leave our site and go to another site. During this process, a third party may collect data, including PII, from you. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of data after you click on a link to a third party. We encourage you to carefully read the privacy statement of any other website you visit.

Cross Border Data Transfers

Alayna is located in the United States. By accessing or using the Services, or otherwise providing information to us, you understand that your information may be subject to processing, transfer, and storage in other locations. In the event that Alayna transfers your Personal Data from the European Economic Area ("EEA") to a country which is not subject to an adequacy decision by the European Commission, or which may not provide for the same level of data protection as the EEA, Alayna will ensure that the recipient of your PII offers an adequate level of protection. This may include such measures as entering into standard contractual clauses for the transfer of data as approved by the European Commission, gaining your prior consent, or other appropriate measures in accordance with applicable law.

Children's Privacy

You represent and warrant that you are at least 18 years of age and possess the legal right and ability to agree to these Terms of Use. All Authorized Users must be over 18 years old and if not over 18 years old have verifiable parental permission to access the Services; you agree to collect such permissions as necessary and shall indemnify Us from any damages, suits or costs arising from your failure to do so.

Additional Information for California Residents

If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your "personal information" (as defined in the California Consumer Privacy Act ("CCPA")).

How We Source, Use, and Disclose Information for Business Purposes

The chart below details the categories of personal information we collect, the sources of such personal information, and how we use and share such information for business purposes.

Categories of Personal Information CollectedSources of Personal InformationPurposes for Use of Personal InformationDisclosures of Personal Information for Business Purposes1. Contact information (e.g., name, email address, organization, role, phone number, mailing address including state/province, country)YouProvide the services requested and customer serviceService providersCommunicate with youLaw enforcement in the event of a lawful requestAnalyze use of and personalize the servicesWith entities in the event of a business transactionImprove the servicesWith your consentProvide security, prevent fraud, and for debuggingComply with legal requirements2. Financial and transactional information (e.g., payment account information and donation history)You, Payment processorsProcess service feesPayment processorsCommunicate with youLaw enforcement in the event of a lawful requestComply with legal requirementsWith entities in the event of a business transactionWith your consent3. Login information (e.g., your account name and password)YouProvide the services and customer serviceService providersProvide security, prevent fraud, and for debuggingLaw enforcement in the event of a lawful requestComply with legal requirementsWith entities in the event of a business transactionWith your consent4. Device and online identifier information (e.g., IP address, browser type, operating system, general location inferred from IP address, and similar information)You, through your deviceProvide the services and customer serviceService providersAnalyze use of and personalize the servicesLaw enforcement in the event of a lawful requestImprove the servicesWith entities in the event of a business transactionProvide security, prevent fraud, and for debuggingWith your consentComply with legal requirements5. Service usage information (e.g., the dates and times you use the services, how you use the services, and the content you interact with on the services)You, through your deviceProvide the services and customer serviceService providersAnalyze use of and personalize the servicesLaw enforcement in the event of a lawful requestImprove the services6. With entities in the event of a business transactionProvide security, prevent fraud, and for debuggingWith your consentComply with legal requirements

Your California Privacy Rights

If you are a California resident, the CCPA allows you to make certain requests about your personal information. Specifically, the CCPA allows you to request us to:

  • Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information.

  • Provide access to and/or a copy of certain personal information we hold about you.

  • Delete certain personal information we have about you.

  • Provide you with information about the financial incentives that we offer to you, if any.

The CCPA further provides you with the right not to be discriminated (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide our services to you. We also will take reasonable steps to verify your identity before responding to a request. In doing so, we may ask you for verification information so that we can match at least two verification points with information we maintain in our files about you. If we are unable to verify you through this method, we shall have the right, but not the obligation, to request additional information from you.

Please also note that if your personal information has been collected by Alayna as a result of a Customer's (as defined above) use of our services, Alayna collects and maintains your personal information under the directions of the relevant Customer. If these circumstances apply to you and you wish to access or delete any personal information that we have collected about you, please direct your query to the relevant Customer as this may expedite the completion of your request. We nevertheless provide reasonable assistance to our Customers to give effect to consumer choices as appropriate and required by applicable laws.

If you would like further information regarding your legal rights under California law or would like to exercise any of them, or if you are an authorized agent making a request on a California consumer's behalf, please contact us at hello@alayna.us.

The CCPA provides certain rights if a company "sells" personal information, as such term is defined under the CCPA. We do not engage in activities that would be considered "sales" of personal information under the CCPA.

Shine the Light Disclosure

The California "Shine the Light" law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.

Do Not Track Signals

Alayna does not track users over time and across third-party websites and therefore does not respond to Do Not Track ("DNT") signals from web browsers. Further, because there currently is no industry standard concerning what, if anything, a service should do when they receive such signals, we currently do not take action in response to these signals.

Other State Laws

Data protection laws change and update frequently, and we endeavor to always comply with applicable laws where we operate. If you have any questions, concerns, or requests regarding the handling of your personal information, contact us at hello@alayna.us. Please note we may take reasonable steps to verify your identity and the authenticity of the request.

Changes to Our Privacy Policy

Alayna reserves the right to change this Privacy Policy. Alayna will provide notification of the material changes to this Privacy Statement through our Website and, where appropriate, when you log in to your account or by email to any email address of yours we may have on file, at least fourteen (14) days prior to the change taking effect.

Contact Us

Alayna welcomes your comments, questions, and concerns regarding our Privacy Policy. Please contact us at hello@alayna.us or at our mailing address below:

Cues Technologies Inc. 9171 Wilshire Blvd, Suite 500 Beverly Hills, CA hello@alayna.us

Supplemental GDPR Privacy Statement

This Supplemental GDPR Privacy Statement is relevant to any individual located in the European Economic Area who uses our Services.

European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"), requires Alayna to provide additional and different information about its data processing practices to data subjects in the EEA. If you are accessing the Services from a member state of the EEA, this Supplemental GDPR Privacy Statement applies to you.

For purposes of the GDPR, Cues Technologies Inc., 9171 Wilshire Blvd, Suite 500, Beverly Hills, CA, is the data controller of your personal information.

Legal Basis of Processing

In general, the legal basis for Alayna’s processing of your personal data in connection with the Services is Article 6(1)(b) of the EU GDPR, which allows processing of personal data as necessary for the performance of a contract or to fulfill your requests.

As exceptions, Alayna relies on your consent with respect to cookies that are not strictly necessary and direct marketing emails per Article 6(1)(a) of the EU GDPR; and pursues legitimate interests under Article 6(1)(f) of the EU GDPR with respect to situations where Alayna needs to process your personal data to comply with applicable laws (as a U.S.-based company, Alayna is subject to U.S. laws and must comply with them) or processes your personal data to improve our business and Services.

Personal Data Transfers outside of the EEA

Alayna may transmit some of your personal data to a country where the data protection laws may not provide a level of protection equivalent to the laws in your jurisdiction, including the United States. As required by applicable law, Alayna will provide an adequate level of protection for your personal data using various means, including, where appropriate:

  • Relying on a formal decision by the European Commission that a certain country ensures an adequate level of protection for personal data (a full list of such decisions may be accessed online here);

  • Entering into appropriate data transfer agreements based on language approved by the European Commission, such as the Standard Contractual Clauses (2010/87/EC and/or 2004/915/EC), which are available upon request at hello@alayna.us;

  • Implementing appropriate physical, technical, and organizational security measures to protect Personal Data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing; and

  • Taking other measures to provide an adequate level of data protection in accordance with applicable law.

Any onward transfer is subject to appropriate onward transfer requirements as required by applicable law.

Data Retention

Alayna keeps personal data as long as required to provide the Services you have requested or registered for and comply with applicable laws.

Data Subject Rights

You have a right to request from Alayna access to and rectification or erasure of your personal data or restriction of processing concerning you, as well as the right to data portability under the GDPR. You also have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. In general, you have the right to object to our processing of your personal data for direct marketing purposes. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. You can exercise such rights by accessing the information in your account, submitting a request by email to hello@alayna.us.

If you have provided consent for cookies that are not strictly necessary, direct marketing emails, or other data processing based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You have the right to lodge a complaint with a supervisory authority.

Your Choices

You are not required to provide any personal data to Alayna, but if you do not provide any personal data to Alayna, certain Services may not be available or operate correctly. You may visit our Website without consenting to cookies that are not strictly necessary; the only consequence is that our Services may be less tailored to you or you will not receive our newsletters or other Services you requested.

Profiling

Alayna does not use in connection with the Services automated decision-making, including profiling, in a way that produces legal effects concerning you or which significantly affects you.

Specific Location and Other Sensitive Data

We do not collect or process biometric information or specific location information from your devices, nor do we collect or process other "sensitive data" about you, with the exception of your address and payment card information in the event you provide payment for Services, in which case such information is securely processed by our third-party payment processor and we make no other use of such personally identifiable information.

Supplemental Incident Response Plan Overview

The information below provides an overview of Alaynaʼs basic incident response plan. For the full detailed policy, please contact hello@alayna.us.

Alayna's incident response plan follows a structured process to address data breaches and security incidents. Initially, the IT Security Team is responsible for detecting and identifying the incident and promptly documenting relevant details upon detection. Following this, the IT Security Team will assess the scope and impact of the incident within 24 hours, determining the types of data affected and the number of individuals involved.

The containment phase involves immediate action to prevent further data loss, which may include isolating affected systems or revoking access privileges

. This is carried out by the IT Security Team as soon as possible post-identification.

Notification to relevant internal stakeholders is the responsibility of the IT Security Team, with specific procedures in place for teacher PII breaches in compliance with EdLaw 2D, requiring notifications to affected individuals, regulatory bodies, and other necessary entities within 72 hours of assessment.

The investigation phase involves a thorough inquiry into the cause of the incident, with evidence preservation for potential legal actions or regulatory inquiries. This task is performed by the IT Security Team, and external forensic experts may be involved if necessary. Remediation efforts, including vulnerability mitigation and security policy updates, are handled by the IT Department, with immediate implementation and ongoing review.

Documentation of all actions taken, timelines, decisions, and lessons learned is continuously maintained by the IT Security Team throughout the process. Communication with affected individuals and addressing media inquiries is carried out by the IT Security Team according to the incident response plan's guidelines.

Finally, a post-incident review, led by Senior Management, assesses the response's effectiveness and guides adjustments to policies, training, and technical safeguards within one month post-incident.