Privacy Policy

Privacy principles

Personal information we collect

Data acquired from external sources

• Partnered technologies, like Google Login. We only collect information like your name and email address if you opt to utilize these partnered services.

Automatic data gathering

Tools used for automated data acquisition

• Cookies, small text files placed on a visitor's device by websites to recognize the visitor's browser or store information or preferences in the browser. This facilitates efficient navigation between pages, remembers user preferences, activates certain functionalities, and aids in comprehending user behavior and trends. You have the option to modify your browser settings to decline cookies.
• Web beacons, also recognized as pixel tags or clear GIFs, employed to confirm the access or opening of a webpage or email, or the viewing or clicking of specific content.

Usage of your personal information

To provide our Services

• Deliver, manage, secure, and enhance our Services.
• Provide you with customer service, and respond to your requests and feedback.
• Communicate with you about our Services, including by sending you announcements, guides, updates, security alerts, and support and administrative messages.
• Understand your needs and interests, and personalize your experience with our Services and our communications.

For the delivery of our services

• To offer, manage, secure, and improve our Services.
• To deliver customer support and address your inquiries and feedback.
• To engage with you regarding our Services through notices, guides, updates, security warnings, and support and administrative communications.
• To understand your preferences and interests, and personalize your experience with our Services and our communications.

Research and development

We first transform personal information into anonymous data, stripping away identifiers that link the data directly to you. This process creates de-identified data that we employ for research and improvement purposes, with the primary aim of advancing our Services. This de-identified information might be further aggregated. We use this de-identified data for our legitimate business activities and may share it with third parties.

For compliance and protection

• Adhere to relevant laws, legal demands, and procedures, such as responding to subpoenas or requests from governmental bodies.
• Safeguard the rights, privacy, safety, or property of our organization, you, or others (including through legal actions and defenses).
• Conduct audits of our internal processes to ensure compliance with legal obligations, contractual commitments, and internal guidelines.
• Implement and uphold the terms and conditions that regulate our Services.
• Prevent, detect, examine, and deter activities that are fraudulent, harmful, unauthorized, unethical, or illegal, including cyberattacks and identity theft.

How we share your personal information

We neither rent, sell, nor trade your personal data with any third parties, nor do we engage in advertising.

Data you elect to share. For members of the same educational institution, we share personal information, upon your request, with other authorized users of the Services. For instance, educators can access their students' completed assignments and dialogues with the AI chatbot.

Authorized service providers. Your personal information may be shared with third-party companies and individuals that assist in providing our Services or help us manage our operations (such as customer service, hosting, analytics, email distribution, database management, legal consultants, and auditors). We refrain from sharing personally identifiable information with AI service providers. A directory of our third-party service providers is available here.

Governmental entities. Your personal information may be disclosed to law enforcement, government officials, or private parties as necessary to adhere to the law or respond to a legally valid inquiry.

During business changes. Should an acquisition, merger, reorganization, assets sale, bankruptcy, or dissolution occur, we may transfer personal information to the succeeding entity. We will endeavor to ensure the new owner respects this Privacy Policy.

With business partners. We might share anonymized or aggregated data with partners to enhance our Services, removing details that could identify you personally.

Your choices

Managing Your Account Information. You have the ability to access, modify, or request the deletion of your account information directly within your account by logging in and updating your details. To have your account deleted, please reach out to us at privacy@humy.ai. After your account is deleted, we may keep anonymized data to enhance our Services; this information will no longer include your personal details.

Email Preferences. You can opt out of receiving updates about our products by using the opt-out or unsubscribe link provided at the bottom of the emails. However, you might still receive essential communications related to the Services.

Opting Out of Online Tracking. Several methods are available to reduce online tracking, outlined as follows:

• Cookie Management in Your Browser. Most web browsers offer the option to delete or decline cookies. Check your browser's settings for instructions on how to adjust cookie settings. It's common for browsers to accept cookies by default until you alter your settings. Visit www.allaboutcookies.org for more details on cookies, including how to view the cookies set on your device and how to manage or remove them.
• Employing Privacy Plugins or Browsers. Prevent our services from placing cookies by using browsers with built-in privacy features, such as Brave, or by installing browser plugins like Ghostery, and uBlock Origin, and setting them to block third-party cookies/trackers.

Remember, these opt-out tools are specific to the device or browser you use, so you'll need to opt-out on every device and browser.

Data retention

We retain your data to provide our Service, ensuring not to hold it beyond what is necessary.

You can disable your account through your account settings. Upon deactivation, you'll lose access to the account, halt any account activities, and other users will be unable to view any related information. For students and educators, this implies that your educational institution will lose access to information associated with your account. Reactivation can be pursued by reaching out to privacy@humy.ai.

Deactivating your account leads to the anonymization of personal data by eliminating identifiers that link back to you. We preserve this anonymized data to refine our product. Should you wish for your data to be completely eradicated, please contact us.

For agreements with educational institutions, schools can request account deactivation and data anonymization, which we will comply with, barring any legal or regulatory requirements to maintain specific data.

External Sites, Apps, and Services

Our Services might feature links to third-party websites, mobile applications, and other online services. These links do not signify our endorsement or any affiliation with these third parties. Moreover, our content may appear on web pages or within mobile applications or online services not managed by us. We do not have control over these third-party platforms and are not accountable for their practices. Different websites and services operate under their own privacy policies regarding the collection, usage, and sharing of personal information. We advise you to review the privacy policies of any other websites, mobile applications, and online services you interact with.

Security

Ensuring the confidentiality and integrity of your information is a priority for us. We follow the guidelines of the NIST Cybersecurity Framework and implement robust user access controls, multi-factor authentication, and a blend of technical and administrative safeguards to protect your data. We safeguard data both in transit and at rest through encryption techniques. Additionally, we have established an incident response strategy and a breach notification procedure. However, it's important to acknowledge that no security system is infallible or entirely secure, and thus we cannot promise "absolute security." The transmission of any information to us is done at your own discretion and risk.

Please be aware that any information you send to us electronically, whether through the use of our Services or in other interactions with us, may not be secure if sent through unsecure channels when it is transmitted. We advise you not to use unsecure channels to send sensitive or confidential information to us.

Rights of EU/EEA and UK Data Subjects

If you are located within the European Union (EU), European Economic Area (EEA), or the United Kingdom (UK), you are afforded specific rights under the General Data Protection Regulation (GDPR) or the UK GDPR. These rights include the ability to access, rectify, erase, limit the processing of, or oppose the processing of your personal data. Should you wish to exercise any of these rights, please reach out to us at hello@humy.ai.

Furthermore, as an EU/EEA or UK resident, you possess the right to file a complaint with your local data protection authority regarding our handling of your personal information.

Children under 13

In line with COPPA guidelines, we mandate parental consent for users under the age of 13 (“Child User”). A Child User is permitted to use Humy under one of the following circumstances:

• Parental Consent. A parent or guardian can authorize a Child User's access to Humy by filling out a Parent Consent Form. Once Humy receives the completed Form, the parent or guardian is then able to set up an account for the Child User.
• Educational Agreement. If a Child User's educational institution has a formal agreement with Humy, we permit the institution to act on behalf of the parent or guardian regarding consent. It is then the institution's duty to obtain consent from the parents. With such consent, a Child User's educator can facilitate the creation of an account for the Child User.

Should we discover the collection of personal information from a Child User without requisite parental or guardian consent as stipulated by law, we will proceed to remove it.

State-specific provisions

• California: Adherence to SB-1177 SOPIPA ensures we do not utilize your information beyond the scope outlined in our Terms of Service and Privacy Policy. We refrain from employing your data for targeted advertising and do not sell your information.
• Colorado: Your information will only be used in ways specified in our Terms of Service and Privacy Policy. Our privacy and security strategies include limiting information access strictly to necessary instances.
• Florida: Should a data breach occur, you will be alerted following the guidelines of the Florida Information Protection Act of 2014.
• Illinois: Compliance with the Illinois Student Online Personal Protection Act (SOPPA) is ensured.
• Maine: We are in compliance with Maine's Student Information Privacy Act.
• Maryland: Your information will not be used for targeted advertising.
• New York: Our practices are in accordance with New York Education Law § 2-d and the Parents' Bill of Rights for Data Privacy and Security.
• Pennsylvania: In the case of a breach, notification will be provided as per the Pennsylvania Breach of Personal Information Notification Act.
• Washington: Notifications regarding significant amendments to this Privacy Policy will be communicated to you.

Changes to this Privacy Policy

This Privacy Policy may undergo changes from time to time. When changes are made, we will revise the "effective date" at the top of the Privacy Policy. If there are significant alterations in the way we treat your collected information, we will make a reasonable effort to notify you (for instance, by emailing the last email address you provided us, posting a notice of the changes on our website, or through other means in line with legal standards) and will comply with any additional requirements set forth by applicable law.

Contact us

For inquiries or comments regarding this Policy or our privacy practices, please contact us at: privacy@humy.ai.