Privacy Policy

1. Introduction & Scope

This Privacy Policy describes how TeKanAid Solutions Inc. ("we", "us", or "our") collects, uses, and protects information when you use POV Demo ("the Platform") at povdemo.com and the associated application at app.povdemo.com.

This Policy applies to tenant organizations, team members, and end users of the Platform. By using POV Demo, you agree to the collection and use of information as described here.

2. Data Controller

Where tenants collect and control personal data about their own end users through the Platform, TeKanAid Solutions Inc. acts as a data processor on behalf of the tenant (the data controller) for that data.

3. Data We Collect

Authentication & Identity

• Email address, display name, and avatar URL
• Firebase Authentication UID
• OAuth provider data (if using social login)
• Email verification status

Organizational & Team Data

• Tenant ID and organization name
• Team member roles (owner, admin, member, user)
• Invite records (invited by, invite date)
• Account status and join date

Learning Activity & Progress

• Lab session records (start time, end time, duration, status)
• Course enrollment and progress percentage
• Quiz and assessment scores
• Task completion and validation results
• Time spent on labs and courses

Payment & Billing

• Stripe customer ID and subscription plan
• Payment history and invoice data
• Billing contact email
• We do not store full card numbers; Stripe handles payment data

Usage & Analytics

• IP address, browser type, device type, operating system
• Pages visited, navigation patterns, access timestamps
• Feature usage patterns and session frequency

AI Interactions

• Prompts submitted to the AI lab assistant feature
• These are processed by Anthropic; see their privacy policy for details

Temporary Cloud Credentials

• AWS/GCP/Azure credentials provisioned per lab session
• These are automatically revoked and deleted when the session ends

Support & Communications

• Contact form submissions (name, email, message)
• Support ticket history and email correspondence

4. Legal Basis for Processing (GDPR)

For users in the European Union and UK, we process personal data on the following legal bases:

• Contract performance: Processing necessary to provide the Platform services you have subscribed to
• Legitimate interests: Security monitoring, fraud prevention, platform analytics, and improving our services
• Consent: Marketing communications (you may withdraw consent at any time)
• Legal obligation: Where required by applicable law

5. How We Use Your Data

• Authenticate users and manage account access
• Provision and manage cloud lab environments
• Process payments and manage subscriptions
• Send transactional emails (verification, invitations, password resets)
• Track and display learning progress and analytics
• Power the AI lab assistant feature
• Monitor platform performance and security
• Prevent fraud and enforce these Terms of Service
• Send marketing communications (with your consent, opt-out available)

6. Multi-Tenant Architecture & Data Access

The Platform uses a multi-tenant architecture where all tenant data is logically isolated using a unique tenant identifier. This means:

• Your organization's data is not accessible to other tenants
• Tenant owners and admins can view activity and progress data for their own team members
• TeKanAid Solutions Inc. staff may access data for support, security, and legal compliance purposes

Where a tenant controls personal data about their end users, the tenant acts as the data controller and TeKanAid Solutions Inc. acts as the data processor.

7. Third-Party Sub-Processors

We share data with the following third-party service providers to operate the Platform:

We also share information when required by law, court order, or to protect the rights, safety, or property of TeKanAid Solutions Inc. or others. In the event of a business transfer (merger or acquisition), user data may be transferred with appropriate notice.

8. International Data Transfers

As a global platform, your data may be transferred to and processed in countries outside your own, including the United States, Canada, and countries in the European Union where our sub-processors operate.

For transfers from the EU/EEA and UK, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms. By using the Platform, you consent to these transfers subject to the safeguards described above.

9. Data Retention

• Active accounts: Data retained for the duration of your subscription
• Deleted accounts: Personal data removed within 30 days of account deletion
• Backups: Backup copies may persist for up to 90 days
• Lab session credentials: Revoked and deleted immediately on session end
• Legal holds: Extended retention where required by applicable law
• Billing records: Retained for the period required by tax and accounting regulations

10. Your Rights

GDPR Rights (EU / UK)

If you are located in the EU or UK, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Withdraw marketing consent at any time

CCPA Rights (California)

If you are a California resident, you have the right to:

• Know: What personal information we collect and how it is used
• Delete: Request deletion of your personal information
• Opt-out of sale: We do not sell personal information
• Non-discrimination: We will not discriminate for exercising your rights

How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

11. Security

We implement industry-standard security measures to protect your data:

• Firebase Authentication with JWT token validation
• HTTPS/TLS encryption for all data in transit
• Role-based access control (RBAC) enforced at the application and database level
• Firestore security rules for document-level data isolation between tenants
• Automatic session cleanup and immediate credential revocation
• Regular security reviews and audits

No security system is impenetrable. If you believe your account has been compromised, contact [email protected] immediately.

12. Cookies & Tracking

We use a minimal set of cookies and browser storage:

• Authentication cookies: Essential for maintaining your logged-in session
• Local storage: Used to preserve learning progress state in your browser
• Google Analytics 4 (analytics cookies): We use Google Analytics to understand how visitors interact with our website and application. GA4 collects pseudonymous data such as pages visited, session duration, device type, and general geographic region (country/city level). This data is processed by Google and subject to Google's Privacy Policy. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

We do not use advertising cookies, third-party tracking pixels, or sell your browsing data to advertisers.

13. Children's Privacy

The Platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a minor has provided us with personal data, contact us at [email protected].

14. Policy Updates

We may update this Privacy Policy periodically. For material changes, we will notify you via email before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision.

Continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Policy.

15. Contact

For privacy-related questions or to exercise your data rights: