Privacy Policy
Last updated: 2026-03-14 | Version: 1.0
1. Data Controller
DOQENT - established in Slovenia
Trading as: DOQENT
Email: privacy@doqent.ai
2. What Data We Collect
Data you provide directly
- Account information (name, email, password)
- Profile information (school, subjects, language preference)
- Assessment data (tests, questions, answer models, grades)
- Lesson plans and generated content
- Documents you create (meeting minutes, reports, letters)
- Student information (names, grades, incidents) that you enter
- AI interactions (prompts sent to AI providers for grading, generation)
Data collected automatically
- Usage data (pages visited, features used)
- Device information (browser, operating system)
- IP address (security and fraud prevention)
3. Why We Process Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the DOQENT platform (grading, lessons, documents) | Contract performance (Art. 6.1.b) |
| AI features (photo grading, lesson generation, document creation) | Contract performance (Art. 6.1.b) - core feature, BYOK model |
| Analytics and non-essential cookies | Consent (Art. 6.1.a) - opt-in via cookie banner |
| Security and fraud prevention | Legitimate interest (Art. 6.1.f) |
4. Data Sharing
We do not sell your personal data. We share data only with the following sub-processors:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, file storage | EU (Frankfurt) |
| OpenAI / Anthropic / Google | AI grading, lesson generation, document creation (your own API key) | US (DPA) |
| Google Cloud | Hosting (Google Cloud Run) | EU (Belgium) |
Important: AI features use YOUR API key (BYOK). Your data is sent to the AI provider you choose (OpenAI, Anthropic, or Google). We do not store AI responses on our servers beyond what you save.
5. Your Rights (GDPR Art. 15-22)
Right of Access (Art. 15)
Request a copy of all your personal data. Contact privacy@doqent.ai.
Right to Rectification (Art. 16)
Correct inaccurate data via your Settings page or contact us.
Right to Erasure (Art. 17)
Request deletion of your account and all personal data. Contact privacy@doqent.ai.
Right to Data Portability (Art. 20)
Receive your data in a machine-readable format (JSON export).
Right to Object (Art. 21)
Object to processing based on legitimate interest. Contact privacy@doqent.ai.
To exercise your rights, email privacy@doqent.ai. We will respond within 30 days.
6. Data Security
- All data encrypted at rest (AES-256) and in transit (TLS 1.3)
- Passwords hashed with bcrypt - never stored in plain text
- All data hosted in the EU (Supabase Frankfurt, Google Cloud Belgium)
- In case of a data breach, we notify affected users and the Slovenian supervisory authority within 72 hours
7. Data Retention
Your data is kept as long as your account is active. After account deletion, personal data is permanently removed within 30 days. Anonymized usage statistics may be retained.
8. Contact & Complaints
Email: privacy@doqent.ai
Supervisory authority: Informacijski pooblaščenec (ip-rs.si)