Privacy Policy

Glimmora Rise School (“Rise School”, “we”, “us”) is operated by Glimmora.ai (“Glimmora”). This policy describes the personal data we collect about schools, school staff, students, and parents, how we use it, and the rights you have over it.

Rise School is sold to schools as the customer of record. Schools are the data controller for their students' personal data; Glimmora acts as the data processor.

From schools and school staff: name, work email, phone, role, and school identifiers needed to provision the account and bill the subscription.

From students: name, year/grade, class assignment, lesson progress, quiz attempts, and AI Companion conversation transcripts. We do not collect government identifiers, biometric data, or precise location.

From parents (where applicable): name and email, used solely to deliver the weekly progress digest the school enables.

Usage data: request logs, IP address, user agent, and audit events. Retained for security and abuse prevention.

• Provide the platform to the school and its students.
• Deliver the AI Thinking Companion. Conversations are moderated and audited per the school's policy.
• Send transactional emails (invoices, password resets, OTP codes, weekly parent digests).
• Detect abuse, debug errors, and meet legal obligations.

We do not sell personal data, do not show third-party ads to students, and do not use student data to train external AI models.

Student conversations with the Companion are routed through an AI provider chosen by Glimmora (currently OpenRouter, falling back to OpenAI). Prompts are stripped of personally identifying detail before sending where feasible.

Every conversation is stored on Glimmora infrastructure and visible to the student's teacher in the audit log. Inappropriate content is blocked by the moderation layer before reaching the model.

Primary database and object storage are hosted in India. Backup snapshots are encrypted at rest and stored in the same region. We use sub-processors only where strictly necessary (email delivery via Brevo; payments via Razorpay; AI via OpenRouter / OpenAI). The current sub-processor list is available on request.

Student data is retained for the life of the school's subscription, plus 90 days after cancellation, after which it is permanently deleted. Schools may request export of all their data in machine-readable form at any time.

Audit logs and security events are retained for 12 months for fraud prevention and legal compliance.

Schools may correct, export, or delete any user's data via the admin dashboard. Parents and adult users may exercise rights of access, rectification, and erasure by contacting their school or by writing to us at privacy@glimmora.ai. We respond within 30 days.

Questions or concerns about this policy? Write to privacy@glimmora.ai.