Privacy Policy

1. Introduction

ChitterChatter, Inc. (“we,” “us,” or “our”) is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use ChitterChatter (the “Service”), an AI-powered voice speaking practice platform for language education.

The Service is primarily used by students and instructors at institutions of higher education. We understand the sensitivity of student education records and are committed to compliance with the Family Educational Rights and Privacy Act (FERPA) and other applicable privacy laws.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Definitions

• “Service” refers to the ChitterChatter platform, accessible at chitterchatter.app and through any associated applications.
• “Institution” refers to the university, college, or educational organization that has authorized use of ChitterChatter for its courses.
• “Instructor” refers to a faculty member, teaching assistant, or other educator who creates and manages conversation activities on the Service.
• “Student” refers to an individual enrolled in a course that uses the Service.
• “User” refers to any individual who accesses or uses the Service, including Students and Instructors.
• “Personal Information” refers to information that identifies, relates to, or could reasonably be linked to a specific individual.
• “Student Education Records” refers to records directly related to a student that are maintained by an educational institution or a party acting on its behalf, as defined under FERPA.

3. Information We Collect

3.1 Information You Provide

• Account Information: Name, email address, institutional affiliation, and course enrollment information provided during registration.
• Profile Information: Username, language preferences, and any optional profile details you choose to provide.
• Voice and Audio Data: Audio recordings of your speaking practice sessions. These recordings are stored so that Students and Instructors can review them for learning purposes.
• Conversation Content: Transcripts of your AI-powered speaking practice sessions, including text inputs and AI-generated responses.
• Activity and Performance Data: Activity completion status, session duration, and feedback provided by the AI coach.
• Payment Information: If you purchase access to the Service, payment is processed securely by our third-party payment processor (e.g., Stripe). We do not store your credit card number or full payment details on our servers. We may receive limited transaction information such as the last four digits of your card, billing address, and transaction confirmation.

3.2 Information Collected Automatically

• Usage Data: Pages visited, features used, session timestamps, and interaction patterns within the Service.
• Device Information: Browser type, operating system, device type, and screen resolution.
• Log Data: IP addresses, referring URLs, access times, and error logs.
• Cookies and Analytics: We use Google Analytics and cookies to understand how users interact with the Service. Google Analytics collects anonymized usage data, including pages viewed, session duration, and general geographic location. You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.
• Error and Diagnostic Data: We may use Sentry to diagnose technical issues, including browser errors, performance traces, and privacy-masked session replay for error sessions. We configure this telemetry to avoid sending conversation transcripts, audio recordings, recording URLs, payment details, or raw request and response bodies.

3.3 Information from Institutions

If your Institution has integrated ChitterChatter with its systems (such as a learning management system), we may receive student roster information, course enrollment data, and other information necessary to provide the Service, as authorized by the Institution.

3.4 Student Data Ownership

ChitterChatter does not claim ownership of Student Data. Student Data—including conversation transcripts, audio recordings, activity completion data, and any other records generated through use of the Service—remains the property of the Student, the Institution, or the educational organization that provided the data, in accordance with applicable law and institutional agreements.

ChitterChatter processes Student Data solely to provide, maintain, and improve the Service as authorized by the Institution.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: To facilitate AI-powered speaking practice sessions, store and play back audio recordings for review, provide AI coach feedback, and enable Instructors to monitor student engagement and progress.
• Improving the Service: To analyze usage patterns, diagnose technical issues, and improve the quality and performance of the platform.
• Communication: To send you Service-related notices, respond to your inquiries, and provide customer support.
• Compliance: To comply with legal obligations, enforce our Terms of Service, and protect the rights and safety of our users.

We do not use your Personal Information or Student Education Records for advertising, marketing to third parties, or building user profiles for non-educational purposes.

5. Aggregated and De-Identified Data

We may compile and use aggregated, anonymized, or de-identified data derived from your use of the Service. This data does not identify any individual User and may be used for:

• Service improvement, including analyzing usage trends and optimizing platform performance.
• Academic research and publication, such as studies on language learning outcomes and AI-assisted education. Any published research will use only aggregate or de-identified data and will not identify individual Users.
• Internal business analytics and reporting.

Aggregated and de-identified data is not considered Personal Information or Student Education Records under this Privacy Policy or under FERPA.

6. Artificial Intelligence and Automated Processing

ChitterChatter uses artificial intelligence to power its core speaking practice and feedback features. AI is used solely to provide educational functionality within the Service, including generating conversational responses, evaluating spoken language, and providing coaching feedback to Students.

We are committed to the following principles regarding AI and Student Data:

• We do not use Student Data—including voice recordings, conversation transcripts, or activity data—to train publicly available artificial intelligence or machine learning models.
• We do not permit our third-party AI providers (OpenAI, Google) to use Student Data for independent model training or for any purpose unrelated to providing the Service.
• AI processing of Student Data is performed solely to deliver the educational features described in this Privacy Policy and in our agreements with Institutions.

7. Voice and Audio Data Processing

Given that ChitterChatter is a voice-based language practice platform, we want to be transparent about how your voice data is handled.

7.1 How Voice Data Flows

• When you start a speaking practice session, audio is captured by your browser’s microphone and transmitted to our servers over an encrypted (TLS) connection.
• For speech processing, your audio is sent from our servers to OpenAI’s Realtime API via an encrypted API connection. OpenAI processes the audio to generate a spoken response. Per OpenAI’s API data usage policy, audio data sent via the API is not used to train OpenAI’s models.
• For text-based conversation processing, text is sent to Google’s Gemini API. Per Google’s API data usage policy, data sent via the API is not used to train Google’s models.
• Audio recordings are stored on Amazon S3 (encrypted at rest) so that Students and Instructors can review practice sessions.
• Conversation transcripts and activity metadata are stored in our PostgreSQL database.

7.2 What We Do Not Do with Voice Data

• We do not sell or license audio recordings to any third party.
• We do not use audio recordings to create voiceprints or biometric identifiers.
• We do not use audio recordings for advertising or marketing purposes.
• We do not permit our AI subprocessors (OpenAI, Google) to retain or train on your audio or text data.

8. Third-Party Service Providers (Subprocessors)

We use the following third-party service providers to operate the Service. Each provider processes data only as necessary to provide its specific function and is contractually obligated to protect your data:

9. FERPA Compliance

When ChitterChatter is used by an Institution, we may receive Student Education Records as defined by the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g. In these cases, we act as a “school official” with a “legitimate educational interest” under FERPA, as defined in our agreement with the Institution.

We commit to the following:

• We will use Student Education Records solely for the purpose of providing the Service as authorized by the Institution.
• We will not re-disclose Student Education Records to any third party except as authorized by the Institution or as required by law.
• We will maintain reasonable administrative, technical, and physical safeguards to protect Student Education Records.
• Upon termination of our agreement with an Institution, or upon the Institution’s request, we will delete or return all Student Education Records within 30 days.
• We will promptly notify the Institution in the event of a data breach involving Student Education Records.

Parents and eligible students who wish to access or amend Student Education Records should direct their requests to the student’s Institution, which controls those records under FERPA.

10. Data Retention and Deletion

We retain your Personal Information—including account information, audio recordings, conversation transcripts, and activity data—for as long as your account is active. Inactive accounts may be deleted after 12 months of inactivity.

Usage and analytics data may be retained in anonymized or aggregated form indefinitely for Service improvement purposes.

Upon request by a User or Institution, we will delete Personal Information and Student Education Records within 30 days, except where retention is required by law. Upon termination of an agreement with an Institution, we will delete or return all Student Education Records within 30 days.

11. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption in transit (TLS/HTTPS) for all data transmitted between your browser, our servers, and our third-party service providers.
• Encryption at rest for audio recordings stored on Amazon S3 and for data stored in our PostgreSQL database.
• Access controls that limit access to Personal Information to authorized personnel who need it to operate and improve the Service.
• Regular security reviews of our application and infrastructure.

While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

In the event of a data breach that affects your Personal Information, we will comply with all applicable breach notification requirements, including notifying affected Users and Institutions as required by federal and state law.

12. Data Hosting and Storage Location

All data collected and processed by ChitterChatter is stored and processed using infrastructure located in the United States. This includes our application servers (Render), database (PostgreSQL on Render), audio file storage (Amazon S3), and all third-party subprocessors listed in Section 8.

ChitterChatter does not store or process Student Data outside of the United States.

13. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Information:

• Access: You may request a copy of the Personal Information we hold about you.
• Correction: You may request that we correct inaccurate Personal Information.
• Deletion: You may request that we delete your Personal Information, subject to our retention obligations and legal requirements.
• Data Portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
• Opt-Out of Analytics: You may opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on. You may also contact us to request limits on optional diagnostic telemetry where applicable.

To exercise any of these rights, please contact us at legal@chitterchatter.app. We will respond to your request within 30 days.

14. Marketing and Communications

If you provide your email address, we may occasionally send you updates about the Service, new features, or educational content relevant to your use of ChitterChatter. You may opt out of these communications at any time by:

• Clicking the “unsubscribe” link included in any marketing email.
• Contacting us at legal@chitterchatter.app.

Even after opting out of marketing communications, you will continue to receive essential Service-related messages, such as account notifications, security alerts, and updates required by your Institution.

15. State Privacy Law Disclosures

15.1 California (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what Personal Information we collect and how it is used, the right to request deletion, and the right to opt out of the sale or sharing of your Personal Information. We do not sell or share your Personal Information as defined under the CCPA/CPRA.

15.2 Illinois (BIPA)

ChitterChatter does not create voiceprints or other biometric identifiers from your audio recordings. Voice data is processed for the purpose of language practice and feedback only. If our practices change in the future to involve biometric data collection, we will obtain informed written consent as required by the Illinois Biometric Information Privacy Act (BIPA) before any such collection.

15.3 New York (SHIELD Act)

We maintain reasonable administrative, technical, and physical safeguards as required by the New York SHIELD Act to protect the security, confidentiality, and integrity of private information of New York residents.

16. Children’s Privacy

The Service is designed for use by students enrolled in higher education courses and is not directed at children under the age of 13. We do not knowingly collect Personal Information from children under 13. If we learn that we have collected Personal Information from a child under 13 without parental consent, we will delete that information promptly. If you believe we have collected such information, please contact us at legal@chitterchatter.app.

17. Links to Other Websites

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on our website and updating the “Last Updated” date at the top of this page. For changes that materially affect the handling of Student Education Records, we will also notify affected Institutions. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

19. Contact Us

If you have any questions about this Privacy Policy, your data, or your rights, please contact us at:

For FERPA-related inquiries or data access requests on behalf of an Institution, please contact us at the email above with the subject line “FERPA Request.”