We are always looking for ways to improve Alfie. If you have any feedback, please let us know!

Type:

Subject:

If you have any urgent questions or want to send us screenshots, please contact us at support@openalfie.nl.

    • Settings

    Language

    Tokens

    Sign Out

    Alfie Welcome

    Privacy Policy

    A. Our Vision on Privacy and AI in Education

    1.1 Our Core Values: Autonomy and Transparency

    When it comes to privacy in the broad sense, two of our core values are important: autonomy and transparency. As a user of our app, you know how your information is used within our app. You are in control when it comes to your own data.

    Education and generative AI is a new field of work. As pioneers in this field, we create our own guidelines:

    This is what we do:

    • We are clear and transparent about where your data ends up when using our app.
    • We give users of our applications as much control as possible over their personal data.
    • We explain as best as we can what we see as the risks of generative AI in education.
    • We keep ourselves informed of the latest policies at the European and national level.
    • We continue to engage with teachers, school leaders, and policymakers about the risks of generative AI.

    Here are some examples of what we don't use AI for:

    • We do not use AI for monitoring students. This creates an unnecessary privacy risk and increases the risk of discrimination and inequality.
    • We do not use generative AI for grading work submitted by students. This is inevitably discriminatory due to the current training of AI models.

    1.2 We work in line with the European AI Act

    We have read the AI Act and looked at how we relate to it. The AI Act classifies different AI technologies as low or high risk. Collecting biometric data, for example for facial recognition, is considered high risk. Classification through AI based on personal data is also considered high risk. Additional rules and guidelines are being established for companies that use AI in this way.

    We currently do not use technologies that are assessed as high-risk. A risk that comes closest to high-risk when using our app is discrimination through the assessment of student work with the help of AI. We are currently not implementing this functionality and are aware that this is a risk.

    1.3 We align with the National Policy on Generative AI

    We have taken note of the government policy in the field of generative AI. This policy mentions a number of risks, similar to those written in the AI Act:

    • discrimination, mainly due to the training of the models
    • the spread of disinformation (intentional and unintentional)
    • infringement of privacy, for example by creating deepfakes

    We are aware of these risks and actively respond to them. For example, we inform our users about the possible creation of potentially discriminatory content and disinformation. We do not use AI for monitoring students or creating deepfakes. The policy states that (app) developers can take the lead in combating the risks of AI: we want to do this too.

    1.4 We commit to the legislation on personal data: the GDPR.

    As an organization, we fall under the GDPR. We actively implement elements of this in our processes and services. The rest of this document indicates how we do this.

    B. How do we handle your data when using Alfie?

    What data do we store?

    2.1 Personal Data during Registration and Use

    • Your name and email address are collected for account creation and communication purposes.
    • Data related to your subscription, such as the type of subscription and your payment status (we do not store full payment details ourselves).

    2.2 Use of Heat Map Software

    • We collect data on how you navigate and interact within our app to optimize the user experience.
    • Session recordings help us understand which app components users value most and where improvement is needed.

    Why are we allowed to use your data?

    3.1 User Consent

    For certain purposes, such as sending marketing communications, we will ask for your explicit consent.

    3.2 Execution of the Agreement

    We use your data to provide the services you have signed up for, such as creating your account, processing payments, and generating educational materials.

    3.3 Compliance with Legal Obligations

    We are legally required to retain financial transaction data for tax purposes.

    3.4 Legitimate Interest

    We use your data to improve our services, which is in both our interests. This includes, for example, analyzing pseudonymized usage data to improve functionality and usability, and securing our systems.

    How long do we retain your data?

    4.1 App Usage Period

    Your data remains stored as long as you actively use our app.

    4.2 Maximum Retention Period after Termination of Use

    After termination of use, we retain your personal data for a maximum of 12 months for administrative purposes. Information about the use of the app and the content generated by you is stored in a pseudonymized form. This means the data is not directly traceable to you as a person and allows us to improve the app and perform analyses. You have the right to request that we delete your personal data. However, once data is fully anonymized, it is no longer traceable to an individual and falls outside the scope of the right to erasure.

    4.3 Financial Data Retention Obligation

    Financial data is retained for 7 years in accordance with tax legislation.

    How do we secure your data?

    5.1 Technical Security Measures

    We use recognized software for storing and securing your data. Furthermore, we follow best practices to protect your data against unauthorized access and data breaches. These include, for example, the use of HTTPS for sending data, securely storing our access keys, and regularly checking the security of our systems.

    5.2 Data Storage and Access Control

    Your data is stored on servers within the EU, with strict access controls. Our developers also have access to your data on a need-to-know basis.

    5.3 Management of Administrative Access

    Access to data for management and maintenance is limited to a minimum number of employees and has its own authentication process. Our developers must be logged in before they can access your data.

    What rights do you have as a user of the app?

    Under the GDPR, you have certain rights regarding the processing of your personal data. These rights include:

    • Access: You have the right to access the data we process about you.
    • Rectification: If we hold incorrect or incomplete data about you, you have the right to have it corrected.
    • Erasure: You have the right to have your data deleted by us.
    • Restriction: You have the right to temporarily restrict the processing of your data.
    • Objection: You have the right to object to the processing of your personal data.
    • Withdraw Consent: You have the right to withdraw your consent for the processing of your personal data, insofar as the processing is based on your consent.
    • Complaint: You have the right to lodge a complaint with the relevant Data Protection Authority.

    You can submit your requests to us via the contact details at the bottom of this statement.

    Which third parties do we share your data with?

    7.1 OpenAI, Anthropic, Google (via OpenRouter)

    For the AI functionalities, we process the data you enter in the user environment (prompts). This data is sent via OpenRouter (USA) to various AI models. Personal data is not shared, unless you enter it yourself. Please note: when you enter sensitive data yourself via the user environment, this also ends up with these parties. For OpenRouter's terms, see: https://openrouter.ai/terms.

    7.2 Google User Data (Authentication and Services)

    If you choose to sign in or register for Alfie using your Google account (Google OAuth), we access specific data from your Google profile. This section details how we access, use, store, and share this information.

    • Data We Access: We request access to your basic profile information, specifically your name, email address, and profile picture. We do not request access to any other Google data, such as your contacts or calendar.
    • How We Use It: This data is used exclusively to:
      • Create and authenticate your Alfie account.
      • Pre-fill your profile with your name and display your profile picture within the App.
      • Communicate with you regarding your account, our services, and important updates.
    • How We Store It: Your name, email address, and a link to your profile picture are stored securely alongside your other account data on our servers (hosted by Google Firebase) located within the EU.
    • How We Share It: We do not sell, transfer, or share the Google user data we access with any third party, other than with our service provider Google (for Firebase authentication and storage) as is necessary to provide the App's functionality.

    Our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

    We also use Google Cloud for our backend engine. This use is for general infrastructure and is governed by our DPA with Google, ensuring your data is processed securely.

    7.3 Stripe

    For processing subscription payments, we use Stripe (USA). We share the necessary invoice and account data. We do not have access to your full card details. For Stripe's terms, see: https://stripe.com/privacy.

    7.4 Fal.ai

    For generating images, we use the services of Fal.ai (USA). We share your (pseudonymized) input (prompts) with Fal.ai. For their terms, see: https://fal.ai/legal/privacy.

    International Transfer of Personal Data

    To provide our services, we use partners located outside the European Economic Area (EEA), particularly in the United States. The privacy laws in these countries may differ from those in the EEA. We take measures to ensure that your personal data receives an adequate level of protection there as well.

    For transfers of personal data to countries that do not offer an adequate level of protection according to the European Commission, such as the US, we rely on appropriate safeguards. We do this by utilizing our partners' certification under the EU-U.S. Data Privacy Framework (DPF) and/or by using the Standard Contractual Clauses (SCCs) approved by the European Commission. These mechanisms impose contractual obligations on our partners to protect your data according to European standards.

    For business customers, we offer a premium option to have AI-related processing handled exclusively via Google Vertex AI within the European Union.

    What cookies do we use?

    8.1 Cookie Policy

    We use essential cookies for the operation of the app and analytical cookies to understand the use of the app. See our cookie policy for a detailed list.

    C. Other Provisions

    What if we change something in this statement?

    9.1 Procedure for Changes

    We reserve the right to change or update this privacy statement at any time. We always note the date when the statement was last modified. You can consult this statement from time to time for the most up-to-date information.

    Do you want to talk to us about privacy?

    10.1 Contact

    For questions about our privacy statement, you can contact us via our contact form or directly at team@alfie.school. We are open to your feedback and questions.

    Open Alfie B.V.
    Chamber of Commerce (KVK): 90017102

    Version 2.2 - Last updated on July 11, 2025