Privacy Policy

Home Privacy Policy

Effective Date: April 30, 2025
Last Updated: April 30, 2025

ChronifyAI, Inc. (“we,” “our,” or “us”) is committed to protecting the privacy, confidentiality, and integrity of the data we manage for our clients. This Privacy Policy explains how we collect, process, store, protect, and share data—and how clients can control and manage their information. It is designed to meet or exceed expectations for IT audits and ensure compliance with applicable data protection laws such as FERPA, GDPR, and COPPA.

1. Overview

ChronifyAI provides a secure, cloud-based solution for archiving historical Moodle LMS data. Our service improves performance for production LMS sites while maintaining full audit-readiness by giving clients controlled access to archived snapshots over time.

2. What Data We Collect and Process

We collect and process the following types of data as part of our service:

a. Institutional LMS Data

  • User profiles and roles

  • Course archives (.mbz files, metadata, activities)

  • Enrollments, grades, assignments, submissions

  • LMS activity and audit logs

b. Administrative and Contact Information

  • Client admin names, emails, and phone numbers

  • Billing and invoicing details

  • Technical support interactions

c. Service Access & Usage Logs

  • Archive creation and restoration history

  • User actions and access logs

  • Performance analytics

3. Purpose of Data Collection

ChronifyAI collects data strictly to:

  • Deliver and support data archiving and restoration services

  • Assist in regulatory audits and institutional compliance

  • Improve LMS performance through historical data offloading

  • Provide client support and troubleshoot service issues

  • Fulfill contractual and legal obligations

4. Legal Basis for Processing

We process data based on:

  • Contractual necessity – to provide our core services

  • Legal obligations – such as FERPA or regional audit laws

  • Legitimate interest – in maintaining platform performance and integrity

  • Client consent – where specifically required

5. Data Storage and Retention

a. Storage Infrastructure

  • Hosted on AWS in secure, U.S.-based or client-selected regions

  • AES-256 encryption for data at rest and TLS 1.2+ for data in transit

  • Industry-grade backup, replication, and disaster recovery policies

b. Retention Period

  • Default retention period: 3–10 years (customizable by client)

  • All data is deleted within 90 days of contract termination unless requested sooner

  • Export and deletion controls are available in the client interface

6. Data Access and Client Control

Clients retain full ownership and control of their archived data. They may:

  • Configure what data to archive and how frequently

  • Grant and revoke access to authorized users

  • Export or permanently delete archives upon request

ChronifyAI does not access client data unless required for support or as legally obligated.

7. Data Subject Rights (Under Applicable Laws)

Where applicable (e.g., GDPR), end users may have rights including:

  • Access – Request access to stored personal data

  • Correction – Fix inaccurate data

  • Deletion – Request erasure under certain conditions

  • Restriction – Limit processing temporarily or permanently

  • Portability – Receive personal data in a structured format

  • Objection – Object to data processing on lawful grounds

Requests must be submitted via the client institution, who serves as the Data Controller.

8. Children’s Data

ChronifyAI processes student data, including that of minors, only under the instruction of the client institution. We do not directly collect or interact with children, and we comply fully with FERPA and COPPA.

9. Data Sharing and Subprocessors

We never sell or share client data for advertising or third-party profiling. We only use subprocessors for:

  • Cloud storage and infrastructure (e.g., AWS)

  • Monitoring and alerting systems

  • Secure backup and replication services

Each subprocessor is subject to a strict Data Processing Agreement (DPA). A full list is available upon request.

10. Subprocessor Transparency

Clients may request our current list of subprocessors by contacting [email protected]. We notify clients of changes to our subprocessor list in accordance with our DPA terms. Clients may object to subprocessors on reasonable grounds.

11. International Data Transfers

Data is primarily stored and processed in the United States. Where international data transfers occur, we use appropriate legal safeguards such as:

  • Standard Contractual Clauses (SCCs)

  • Regional storage options

  • Industry-standard data protection agreements

12. Security Measures

ChronifyAI implements robust security policies and procedures:

  • Multi-factor authentication and role-based access

  • Encryption for all data at rest and in transit

  • Real-time monitoring and alerts

  • Regular security audits and penetration testing

  • Full incident response plan with 48-hour breach notification

  • Comprehensive access and activity logging

13. Data Processing Addendum (DPA)

A customized Data Processing Addendum (DPA) is available to all clients and outlines the roles, responsibilities, and protections surrounding personal data processing. To obtain a copy, email [email protected].

14. Exercising Your Rights

Clients or designated representatives may:

  • Manage data through the ChronifyAI platform

  • Request exports or deletions

  • Inquire about compliance and legal alignment

Email all privacy-related requests to [email protected]. We respond within 30 days in accordance with applicable laws.

15. Changes to This Privacy Policy

ChronifyAI may update this policy as legal, operational, or service changes occur. When updates are made:

  • The “Last Updated” date will be revised

  • Material changes will be communicated to clients at least 30 days in advance.

16. Contact Information

ChronifyAI, Inc. – Privacy Team
📧 Email: [email protected]