Privacy Policy for Gnossio

At Gnossio, one of our main priorities is the privacy of our users. This Privacy Policy document contains types of information that is collected and recorded by Gnossio and how we use it.

This Privacy Policy applies only to our online activities and is valid for users of our platform with regards to the information that they share and/or we collect in Gnossio. This policy is not applicable to any information collected offline or via channels other than this website.

Data Controller

The data controller responsible for your personal data is:

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Contract: Processing your email address and account data is necessary to provide you with access to our services and fulfill our contractual obligations.
• Legitimate interest: We use log files and technical data to maintain site security, prevent fraud, and improve our services. We process educational content through AI systems to provide assessment and coaching services.
• Legal obligation: We retain billing and transaction records as required by Finnish accounting law.

By creating an account and using our services, you enter into a contract with us governed by our Terms and Conditions.

Information We Collect

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

If you contact us directly or access the website with a browser, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, your IP address and any other information you may provide.

When you register for an Account, we ask for your email address. We do not store your credit card information on this site but it may be relayed to third-party payment processors.

Educational Content and AI Processing

As an AI-powered formative assessment platform, Gnossio collects and processes:

• Student Responses: Text answers submitted for assessment
• Assignment Content: Questions and assessment criteria provided by teachers
• Assessment Results: AI-generated feedback and coaching recommendations

How We Use Your Information

We use the information we collect in various ways, including to:

• Provide, operate, and maintain our platform
• Process student responses through AI assessment systems (without personal identifiers)
• Generate educational feedback and personalized coaching recommendations
• Improve, personalize, and expand our platform
• Understand and analyze how you use our platform
• Develop new products, services, features, and functionality
• Communicate with you, to provide you with updates and other information relating to the platform
• Send you emails
• Find and prevent fraud

Data Retention

We retain your personal data only as long as necessary:

• Account data: Retained while your account is active and for 12 months after account deletion to allow reactivation.
• Assignment and response data: Retained while the associated assignment is active and for a reasonable period thereafter for educational records.
• Transaction records: Retained for 6 years as required by Finnish accounting law.
• Server logs: Automatically deleted after 90 days.

You may request deletion of your account and personal data at any time by contacting us.

Log Files

Gnossio follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this as a part of hosting services' analytics. The information collected by log files may include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.

Cookies and Web Beacons

Gnossio uses 'cookies' to function properly. These cookies are used to store information including visitors' preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users' experience by customizing our web page content based on visitors' browser type and/or other information.

You can choose to disable cookies through your individual browser options. This may lead to reduced functionality on this site. More information about cookie management can be found in your browser's documentation.

Third-Party Services

Gnossio uses the following third-party services:

• AI Providers (OpenAI, Anthropic, Google): For educational assessment and coaching feedback generation. No personal identifiers (emails, names, etc.) are ever shared with these providers - only anonymous educational content.
• Amazon SES: For sending emails (receives your email address)
• Payment Processors: For processing payments, if applicable (receives billing information)

We do not sell your personal information to third parties or use advertising cookies.

International Data Transfers

Your data may be processed outside the European Economic Area (EEA) by the following service providers:

• Amazon Web Services (AWS): We use AWS to send transactional emails and host our infrastructure. AWS operates under EU-approved Standard Contractual Clauses (SCCs).
• AI Providers (OpenAI, Anthropic, Google): Anonymous educational content (without personal identifiers) is processed by AI providers for assessment purposes. These providers operate under appropriate data processing agreements.
• Payment Processors: If applicable, payment processing is handled by providers certified under appropriate data protection frameworks.

We ensure that any international transfers are protected by appropriate safeguards as required by GDPR.

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

• The right to access: You have the right to request copies of your personal data. We may charge a small fee for this service.
• The right to rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
• The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman:

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, California consumers have the right to:

• Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.
• Request that a business delete any personal data about the consumer that a business has collected.
• Request that a business that sells a consumer's personal data, not sell the consumer's personal data.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

Students and Children's Information

Gnossio is designed for use in educational settings, including by students who may be minors. When students access Gnossio through their educational institution or teacher, we collect only the minimum information necessary for the educational service to function.

For Students Under 18: We rely on teachers and educational institutions to have the appropriate authority to enroll students in compliance with applicable laws and institutional policies.

For Children Under 16 (GDPR): Under GDPR, parental consent is required for processing personal data of children under 16. When students under 16 are enrolled by their educational institution, we rely on the institution to have obtained appropriate consent.

For Children Under 13 (COPPA): For users in the United States, Gnossio is not intended for direct use by children under 13. If children under 13 are enrolled by their educational institution, we expect the institution to have obtained appropriate consent in compliance with COPPA (Children's Online Privacy Protection Act).

We collect only email addresses for account purposes and anonymous educational content for assessment - no additional personal information is collected or shared with AI providers.

If you believe a child has provided personal information without appropriate consent, please contact us immediately and we will promptly remove such information from our records.

Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page.

Last updated: January 2026

Contact Us

If you have any questions about this Privacy Policy, please contact us at gnossio@drred.fi.