Skip to main content

Privacy Policy

Last updated: March 26, 2026

1. Introduction

LectureAid ("we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the LectureAid platform, including our website at lectureaid.com and related services (collectively, the "Service").

We are particularly mindful that our Service is used in educational settings and may process student education records protected under the Family Educational Rights and Privacy Act (FERPA). We design our data practices accordingly.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address. If your institution uses single sign-on (SSO), we receive your name and email from your institution's identity provider. We do not collect or store passwords — authentication is handled through magic links or your institution's SSO provider.

2.2 Lecture Content

When you use the Service, you may upload or import:

  • Lecture video files (MP4, WebM, and other common formats)
  • PDF slide decks
  • YouTube or other video URLs for import

The Service processes this content to generate transcripts, AI-powered visual descriptions of slides, structured notes, and vector embeddings for search. This processed content is stored in your account.

2.3 Usage Data

We collect anonymous, aggregated usage analytics through Vercel Analytics, a privacy-focused tool that does not use cookies and does not track individual users across sessions. This includes page views and general traffic patterns. We also collect error reports through Sentry to diagnose and fix technical issues; these reports may include request metadata but do not include lecture content.

2.4 Audit Logs

For security and compliance purposes, we maintain immutable audit logs of administrative actions (such as user role changes and content deletions). These logs include the action performed, a timestamp, and the actor's identifier, but do not include lecture content.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service, including generating accessible lecture notes
  • Authenticate your identity and manage your account
  • Process lecture content through our AI pipeline (transcription, visual slide descriptions, structured note generation, and search embeddings)
  • Provide accessibility features including AI-generated visual descriptions of slides for blind and low-vision students, multiple note display formats, and audio exports
  • Enable semantic search across your lecture content
  • Enable context-aware Q&A chat about your lectures
  • Send transactional communications (e.g., magic link emails)
  • Monitor and improve Service performance and reliability
  • Comply with legal obligations

We do not use your lecture content, transcripts, or notes to train AI models. We do not sell your data. We do not use your data for advertising or marketing purposes.

4. AI Processing Disclosure

The Service uses multiple AI technologies to process your lecture content:

  • Transcription — Audio is transcribed locally on our servers using faster-whisper (an open-source speech recognition engine). Audio data is not sent to any third-party service for transcription.
  • Visual Slide Descriptions — Slide images are sent to Anthropic's Claude API (Claude Vision) to generate detailed visual descriptions for blind and low-vision students. Anthropic does not use API data to train their models.
  • Structured Notes & Chat — Transcript text and slide content are sent to the Claude API to generate organized notes, align transcripts to slides, and power the lecture Q&A chat feature.
  • Search Embeddings — Lecture content is processed through OpenAI's embedding API (text-embedding-3-small) to enable semantic search across your lectures. OpenAI does not use API data to train their models.
  • Audio Export — When you request an audio export of your notes, the text is sent to OpenAI's Text-to-Speech API. This only occurs when you explicitly request it.

None of our AI providers use your data to train their models when accessed through their API. Your lecture content is processed only for the requested operation and is not retained by these providers beyond the time needed to complete the request.

5. Third-Party Services

We use the following third-party services to operate the platform:

  • Anthropic (Claude API) — AI-powered slide descriptions, structured note generation, transcript-slide alignment, and lecture chat. Data processed in the United States.
  • OpenAI — Text embeddings for semantic search and text-to-speech for audio exports. Data processed in the United States.
  • Supabase — Database (PostgreSQL), user authentication (magic links and SSO), and file storage (lecture videos and slide PDFs). Data stored in the United States with encryption at rest (AES-256).
  • Google Cloud (Cloud Run) — Backend API hosting and processing pipeline execution. Infrastructure located in the United States (us-central1).
  • Vercel — Frontend hosting and anonymous usage analytics. Collects no personally identifiable information.
  • Sentry (optional) — Error monitoring and performance tracking. May receive request metadata but never lecture content.

All third-party providers maintain SOC 2 Type II certification or equivalent security standards. A full list of sub-processors with their data processing purposes is available upon request.

6. FERPA Compliance

When LectureAid is used by or on behalf of an educational institution, we function as a "school official" under the FERPA school official exception (34 CFR §99.31(a)(1)). We process student education records solely to provide the contracted accessibility service.

We will execute a Data Processing Agreement (DPA) with educational institutions that specifies our obligations regarding student education records, including purpose limitations, re-disclosure prohibitions, data return/destruction procedures, and breach notification commitments.

We recognize that because our Service is designed for students with visual impairments, the mere use of the platform may suggest a disability status. We treat this implied information with the highest level of confidentiality and do not disclose or aggregate it in any way that could identify individual students.

7. Data Storage & Security

We implement industry-standard security measures to protect your data:

7.1 Encryption

  • All data is encrypted in transit using TLS 1.2+
  • Data at rest is encrypted using AES-256 in our database (Supabase/PostgreSQL) and file storage
  • API authentication uses JWT tokens with ES256 (ECDSA) cryptographic signing

7.2 Access Controls

  • Row-Level Security (RLS) is enabled on all database tables, ensuring users can only access their own data
  • Administrative actions require multi-factor authentication (MFA)
  • File access uses time-limited signed URLs (1-hour expiry)
  • Rate limiting protects against abuse on all API endpoints

7.3 Infrastructure Security

  • Backend runs on Google Cloud Run with containerized isolation
  • Security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options) are enforced on all requests
  • Uploaded files undergo security scanning (magic byte validation, malicious PDF detection) before processing
  • All infrastructure is hosted in the United States

8. Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide the Service. Uploaded lecture files, generated notes, search embeddings, and account data are stored until you delete them or request account deletion.

Self-service deletion: You can delete your account and all associated data at any time from your Settings page. This triggers a cascading deletion that removes your profile, all lectures, generated notes, search embeddings, and uploaded files from our storage. This action is irreversible.

Audit log retention: Administrative audit logs are retained for compliance purposes and are not deleted when individual user accounts are removed. These logs contain only action metadata (timestamps, action types, actor identifiers) and do not include lecture content.

For institutional accounts governed by a DPA, data retention and deletion follows the terms specified in that agreement, including data return or destruction upon contract termination.

9. Your Rights

You have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate personal data
  • Deletion — Request deletion of your account and associated data
  • Export — Download your generated notes in multiple formats
  • Restrict Processing — Request that we limit how we use your data

For students whose data is managed through an institutional account, please direct requests to your institution's disability services office, who will coordinate with us.

To exercise these rights, contact us at info@lectureaid.com.

10. Cookies & Local Storage

LectureAid uses minimal browser storage to operate the Service:

  • Supabase session cookies — Used to maintain your authenticated session after signing in via magic link or SSO. These are essential for the Service to function and cannot be disabled.
  • Accessibility preferences (localStorage) — Your selected accessibility profile settings (e.g., seizure safe, vision impaired) are saved in your browser's local storage so they persist across sessions. This data never leaves your device.
  • Vercel Analytics — We use Vercel Analytics for anonymous, aggregated traffic data. Vercel Analytics is privacy-focused and does not use cookies or track individual users.

We do not use advertising cookies, third-party tracking cookies, or any cookie-based profiling. Because we rely only on essential session cookies and privacy-preserving analytics, no cookie consent banner is required under most privacy regulations.

11. Children's Privacy

LectureAid is designed for use in higher education settings. We do not knowingly collect personal information from children under 13 years of age. If we become aware that we have collected data from a child under 13, we will take steps to delete such information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For institutional accounts, we will provide advance notice of material changes as specified in the applicable DPA.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

LectureAid
Email: info@lectureaid.com