Privacy Policy

1. Introduction

Hebbian ("we," "us," or "our") operates the hebbian.ch platform, an AI and STEM education service based in Zurich, Switzerland. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, learning management system, online courses, and related services (collectively, the "Platform").

We are committed to protecting your privacy in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the European Union General Data Protection Regulation (GDPR).

2. Data Controller

The data controller responsible for your personal data is:

3. Data We Collect

3.1 Account Information

When you register for an account, we collect your full name, email address, and password. Your password is securely hashed using industry-standard encryption and is never stored in plain text.

3.2 Learning Data

As you use our courses and learning tools, we collect data related to your educational progress, including course and lesson completion status, video watch time, exercise submissions and scores, assignment responses and uploaded files, and classroom memberships.

3.3 File Uploads

You may upload files as part of exercises, assignments, or profile settings. These files are stored securely on our cloud infrastructure located in the European Union (Frankfurt, Germany).

3.4 Usage Data

We collect anonymized usage data through our analytics service, including pages visited and navigation patterns. This data is processed within the European Union and is used solely to improve the Platform experience.

3.5 Organization Data

If you are part of an educational institution or organization using our Platform, we may collect your organization affiliation and role within that organization.

4. How We Use Your Data

We use your personal data to:

• Create and manage your account
• Deliver courses, lessons, and educational content
• Track your learning progress and provide personalized feedback
• Enable teachers and mentors to review your submissions
• Send transactional emails (e.g., password resets)
• Analyze Platform usage to improve our services
• Provide AI-powered learning assistance
• Administer organizational accounts and classrooms

5. AI-Powered Features

Our Platform includes AI-powered learning tools that use third-party AI services (including OpenAI, Anthropic, and Google) to provide educational assistance. When you use these features, your prompts and queries are sent to these providers for processing. These providers process data according to their respective privacy policies and data processing agreements.

We do not use your personal learning data or submissions to train AI models. AI interactions are used solely to provide real-time educational assistance.

6. Third-Party Services

We use the following third-party services to operate the Platform:

7. Cookies & Session Data

We use the following cookies:

Essential cookies are required for the Platform to function. You can disable analytics cookies through your browser settings.

8. Data Storage & Security

Your data is stored on servers located within the European Union. We implement appropriate technical and organizational measures to protect your personal data, including:

• Passwords are hashed using bcrypt encryption
• Sessions are managed via signed JSON Web Tokens (JWT)
• File storage uses secure, access-controlled cloud infrastructure
• Database connections are encrypted and authenticated
• Password reset tokens expire after one hour

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. If you request account deletion, we will remove your personal data within 30 days, except where we are required by law to retain it.

Learning progress data and submissions may be retained in anonymized form for educational research and Platform improvement purposes.

10. Children's Privacy

Our Platform serves learners of various ages, including adolescents. For users under 16, we require parental or guardian consent before account creation. Accounts for minors participating in school programs are typically created by their educational institution with appropriate authorization.

We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you believe a child under 13 has provided personal data without consent, please contact us at [email protected] so we can take appropriate action.

11. Your Rights

Under the Swiss FADP and GDPR (where applicable), you have the right to:

• Access your personal data and receive a copy
• Rectify inaccurate or incomplete data
• Delete your personal data ("right to be forgotten")
• Restrict processing of your data
• Port your data to another service
• Object to processing of your data
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

12. International Data Transfers

Your data is primarily stored and processed within the European Union and Switzerland. When data is processed by our AI providers (OpenAI, Anthropic, Google), it may be transferred to servers outside the EU/EEA. In such cases, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent protections as required by applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page with a revised date. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us: