1. Who We Are

CleverBooks (www.cleverbooks.eu) and Augmented Classroom (www.augmented-classroom.com) are educational technology platforms offering immersive, AI-enabled tools and experiences for classrooms. We are committed to data privacy, transparency, and compliance with applicable laws, including:

• General Data Protection Regulation (GDPR)
• Children's Online Privacy Protection Act (COPPA)
• Family Educational Rights and Privacy Act (FERPA)
• EU Artificial Intelligence Act (AI Act)

2. Scope of This Policy

This Privacy Policy applies to all personal and non-personal data collected through our platforms, products, apps, services, or interactions, including data processed by AI-driven features.

3. Legal Basis for Processing

We process your data based on the following legal grounds:

• Consent - for marketing or optional features.
• Contractual necessity - to provide services you've requested.
• Legitimate interest - for quality improvement and analytics.
• Compliance with laws - such as GDPR, COPPA, FERPA, and the AI Act.

4. AI Systems and Risk Classification (AI Act Compliance)

Under the EU AI Act, we have assessed our AI components and classified them as:

• Limited Risk AI Systems
  • Used in image generation, classroom interaction enhancements, and augmented learning tools.
  • Transparency measures include notifying users when interacting with AI.
• Minimal Risk Systems
  • E.g., recommendation algorithms for classroom content or gamified learning tools.
  • These are exempt from strict regulatory requirements but follow voluntary best practices.

5. What Personal Data We Collect

We may collect:

• User-provided data: Name, email, school details, feedback.
• Usage data: Log files, device type, IP address, language, browser type.
• Child data (under COPPA/FERPA): Only with verifiable consent from parents, guardians, or school officials.

Personal Information

CleverBooks relies on consent in connection with Personal Information collections or uses (if required to use CleverBooks services and/or receive information and/or communication from CleverBooks via email subscription) that are necessary to enhance the user experience, to enable optional services or features, or to communicate with you.

• Withdrawal of consent – CleverBooks believes that we are only entitled to access or use your Personal Information if we have your consent to do so. Whenever we rely on your consent, you will always be able to withdraw that consent.
• Deletion – If the user requests that his/ her personal information kept with CleverBooks be erased/deleted, the same will be obliged through us. User data will be deleted without any backup thus user when requesting data deletion needs to be aware of this consequence.
• Access to personal information – CleverBooks does not share any personal information with third parties. CleverBooks educational platform collects and stores personal data from registered clients to enable work storage on the website for further user(s) reference.

Type of personal data

To provide the core service, CleverBooks processes the following personal data:

Pupils: No individual data is being processed on students, neither an individual is being recognized and/or identified when using CleverBooks solutions. When using mobile apps from CleverBooks, there is no data/information collected and/or stored about a user apart from standard information collected by Google Play (https://play.google.com/about/privacy-security-deception/user-data/) and iTunes (https://support.apple.com/en-ie/HT208477). In the case of use of CleverBooks educational platform the principle device=user is implemented. CleverBooks does not identify how many students are using the same mobile device at a time

Teacher/school staff: Name, email, registration group/classes only via CleverBooks education platform. When using CleverBooks apps, there is no data/information collected and/or stored about a user apart from standard information collected by Google Play (https://play.google.com/about/privacy-security-deception/user-data/) and iTunes (https://support.apple.com/en-ie/HT208477).

Parent/guardian: Name, email, registration group/classes only via CleverBooks education platform. When using CleverBooks apps, there is no data/information collected and/or stored about a user apart from standard information collected by Google Play (https://play.google.com/about/privacy-security-deception/user-data/) and iTunes (https://support.apple.com/en-ie/HT208477).

Who can access personal data?

Where it is necessary to access client data, for example to investigate a support case, only approved CleverBooks Ltd support and technical staff can access it.
CleverBooksLtd staff are vetted and are subject to contractual data access policies and confidentiality clauses.

How are errors in data corrected?

User data is obtained from the user who makes registration to use the software from CleverBooks, i.e. registers as account administrator. Account administrators can correct user data generated within CleverBooks platform.
Support and assistance is available from our support team support@cleverbooks.eu

How do I make a Subject Access Request or implement the Right to be Forgotten?

Where Subject Access Requests and/or Right to be Forgotten are applicable to client data in an CleverBooks Ltd product we provide, or will provide, means for authorised client users to carry out activities directly. Support and assistance is available from our support team support@cleverbooks.eu

How does CleverBooks Ltd protect personal data and where is it processed?

Our platform and client data are stored on approved and compliant cloud infrastructure. Our servers are hosted in Europe to ensure client data is retained within the European Economic Area (EEA). We use multiple protective layers within the platform to protect our services, including encryption and firewalling. We routinely carry out vulnerability and penetration testing on our platforms and promptly address any issues identified.

All transfers of client data use TLS 1.2 whilst being transmitted over public and private networks. All data at rest is encrypted with AES256 block-based encryption.

Rights of the person concerned:

Pursuant to Section III of the GDPR, the person concerned shall be entitled to exercise their right to:

1. access personal data (you will therefore have the right to have free information about the personal data held by the Data Controller, as well as to obtain a copy thereof in an accessible format);
2. amend incorrect, inaccurate or old data (upon your request, where the data do not express evaluation elements);
3. withdraw consent (if you had consented to the processing, you may withdraw your consent at any time and upon such revocation of consent your data shall no longer be processed);
4. cancel their personal data – right to be forgotten (for example, in case of withdrawal of consent, if there is no other legal basis for data processing);
5. restrict data processing (in certain cases – dispute the accuracy of the data, within the timeframe necessary for verification; dispute the lawfulness of the processing with refusal to the cancellation; your need to use the data to exercise your defense rights, while they are no longer useful for the purposes of the processing; in the event that the processing has been denied, while the necessary checks are being carried out – the data will be stored in such a manner that they may be restored if need be, but, in the meantime, cannot be consulted by the Controller if not in relation to the validity of your request for restriction);
6. deny consent to the processing due to legitimate reasons (under certain circumstances, you may in any case object to the processing of data, and in any case you may refuse processing for direct marketing purposes);
7. data portability (upon your request, the data shall be transmitted to the subject indicated by you in such a format that they can be easily consulted and used);
8. advance a dispute to the Supervisory Authority (Privacy Authority).

Exercise of users' data protection rights:

You may contact us via email at dpo@cleverbooks.eu, in order to assert your rights, namely: the confirmation of the existence of data concerning yourself and their origin and processing and the purposes thereof; the cancellation, transformation into anonymous form or the blocking of data processed in violation of the law; the updating, rectification or integration of data; certification that the operations have been brought to the attention of those to whom the data were communicated or disseminated. You may also object at any time to the possible profiling of your personal data.

6. Children's Privacy - COPPA & FERPA Compliance

We strictly follow COPPA and FERPA:

• For users under 13, verifiable parental or school consent is required before data collection.
• Parents, guardians, or schools can review, delete, or restrict a child's data at any time.
• Educational records are only accessible to authorized school representatives.

7. How We Use Data

We use data to:

• Operate and maintain our platforms.
• Improve user experience through analytics and AI.
• Provide customer support.
• Comply with legal obligations.

8. Data Sharing & Third Parties

We only share data with:

• Service providers (hosting, analytics) under strict data protection agreements.
• Educational institutions, upon request and with consent.
• Authorities, if legally required.

9. AI Transparency & Oversight

In accordance with the AI Act:

• We disclose any interaction with AI systems within our apps and platforms.
• Human oversight is built into all AI interactions - teachers remain in control of classroom content and outputs.
• AI-generated outputs are flagged clearly.
• Model reuse is restricted to minimize unintended consequences (e.g., algorithmic bias).

10. Your Rights

You have the right to:

• Access, correct, or delete your personal data.
• Withdraw consent at any time.
• Request data portability.
• Object to certain processing or automated decisions.
• File a complaint with a supervisory authority (for EU residents).

11. Data Security and Storage

• We use SSL encryption, firewalls, and access controls.
• Data is stored within the European Economic Area (EEA) or in GDPR-compliant jurisdictions.
• Retention is minimized and data is deleted once no longer needed.

12. International Users

If you are outside the EU, we process your data in compliance with applicable local laws. The AI Act's provisions may apply if you are interacting from the EU, regardless of our country of origin (extraterritorial scope).

13. Updates to This Policy

We update this policy to comply with new legal requirements, such as the AI Act, and reflect changes in our services. Users will be notified of major changes via email or platform notification.