Back to home

Privacy

Privacy Policy

How LearnRocketAI processes account, learning, uploaded material, notification, and cookie data.

Last updated: June 11, 2026

Who is responsible

The data controller for LearnRocketAI is Bohemian Digital Innovations s.r.o., IČO 19495242, DIČ CZ19495242, with registered address at Vojtěšská 211/6, 11000 Praha 1-Nové Město, Czech Republic.

Use privacy@bohdiginn.cz for privacy questions, data access, correction, deletion, objection, portability, or withdrawal requests. Use info@bohdiginn.cz for general service questions.

What data we process

We process the data needed to provide the learning service:

  • account data such as email address, password hash, role, language, time zone, workspace, usage mode, and account status;
  • optional profile and notification data such as name, student name, phone number, WhatsApp consent, preferred notification channel, and reminder settings;
  • learning data such as subjects, topics, exercises, answers, flashcards, study sessions, progress, completion history, and teacher or parent assignments;
  • uploaded or generated materials such as PDFs, photos, notes, textbook extracts, OCR text, prompts, summaries, exercises, flashcards, AI feedback, and generated illustrations;
  • technical data such as session identifiers, security logs, request metadata, device/browser information, locale, time zone, and diagnostic records;
  • notification logs for email, SMS, and WhatsApp delivery, including status, recipient, message type, provider response, and related audit details.

Children and students

A parent, teacher, or workspace administrator may create student records, assign exercises, send credentials, and track progress. Student data can include names, contact details, assigned materials, answers, progress, and reminder settings. The adult or organization that adds a student must have the right to do so and should give appropriate information to the student or their guardian.

Account registration itself is intended for adults, parents, teachers, and students who may lawfully create an account. Where child consent rules apply to information society services, local law may set a minimum age. Czech law uses 15 years; Poland uses 16 years.

Why we process data

We process data to create and secure accounts, provide the learning workspace, generate summaries, exercises and flashcards, store progress, send requested notifications, support administrators, prevent abuse, comply with legal duties, and improve reliability. The legal bases are performance of the service contract, legitimate interests in security and product operation, legal obligations, and consent where required for optional communications, WhatsApp consent, or optional cookies.

Providers and transfers

We use trusted providers for hosting, infrastructure, email, SMS, WhatsApp, AI processing, storage, and security. The app is designed for Railway hosting and Cloudflare edge services, SendGrid email delivery, Twilio SMS/WhatsApp delivery, Active Storage-backed file storage, and OpenRouter or model providers for AI features. Provider names may change as the infrastructure evolves, but they are used only to operate the service.

Some providers may process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards such as EU Standard Contractual Clauses, equivalent contractual protections, provider transfer frameworks, and configuration that limits the data sent to what the feature needs.

AI processing

When you upload materials or request AI features, relevant text, images, prompts, answers, and context may be sent to AI providers to produce summaries, exercises, flashcards, feedback, transcriptions, or speech. Do not upload confidential, sensitive, or third-party material unless you have the right to use it in the service.

Cookies

Necessary cookies are used for sign-in sessions, security, locale choice, browser time zone, flashcard voice preference, and saving cookie preferences. These cookies are required or useful for the service and do not need optional consent. Analytics and marketing cookies are disabled unless you choose to allow them in the cookie banner.

Retention

We keep account and learning data while the account or workspace is active. Uploaded materials, generated content, progress, notification logs, and audit logs are kept as long as needed for the learning service, security, troubleshooting, legal obligations, and legitimate operational records. If an account or workspace is deleted, data is deleted or anonymized unless retention is required for legal, security, backup, or dispute reasons.

Your rights

Depending on your situation, you may request access, correction, deletion, restriction, portability, objection to processing, or withdrawal of consent. You may also complain to your local data protection authority. In the Czech Republic, that is the Office for Personal Data Protection (ÚOOÚ).

Updates

We may update this policy when the service, providers, law, or data practices change. The current version is published on this page.