NOTIE AI
Last updated: 21 Aout 2025
1. INTRODUCTION
Notie AI places paramount importance on protecting your personal data and that of your students. This policy explains how we collect, use, store, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
Data Controller:
Notie AI
48 RUE DE LA GLACIERE – BATIMENT F, BAL 41, 75013 PARIS, FRANCE
SIREN: 813 670 916
Email: dpo@notieai.com
2. DATA COLLECTED
2.1 Registration and account data
- Personal information: First name, last name, email address, phone number
- Professional information: Institution, subject taught, level
- Connection data: IP address, browser, operating system
- Payment data: Banking information (encrypted and not stored)
2.2 Service usage data
- Student assignments: Images of handwritten assignments submitted
- Evaluation data: Grades, comments generated by AI
- Student information: First names, last names, class identifiers
- Analytics data: Usage statistics, performance metrics
2.3 Technical data
- Connection logs: Timestamps, actions performed
- Cookies: User preferences, sessions
- Performance data: Processing time, errors
3. PROCESSING PURPOSES
3.1 Primary purposes
PurposeLegal basisRetention periodProvision of grading serviceContract performanceSubscription duration + 1 yearCustomer relationship managementContract performance3 years after end of relationshipBilling and accountingLegal obligation10 yearsTechnical supportLegitimate interest2 yearsService improvementLegitimate interestAnonymized data
3.2 Secondary purposes
- Direct marketing: With explicit consent
- Statistical studies: Anonymized data only
- Fraud prevention: Legitimate interest
- Regulatory compliance: Legal obligation
4. STUDENT ASSIGNMENT PROCESSING
4.1 Sensitive nature of data
Student assignments contain sensitive personal data requiring enhanced protection:
- End-to-end AES-256 encryption
- Secure storage on European servers
- Restricted access to processing algorithms only
- Automatic deletion after processing (optional)
4.2 Rights of minor students
For students under 16 years old:
- Parental consent required via educational institution
- Rights exercised by legal representatives
- Special protection against profiling
- Limited duration of data retention
4.3 AI processing
- Automated analysis of handwritten assignments
- Optical recognition (OCR) without human intervention
- Algorithmic evaluation based on predefined criteria
- No human reading except upon explicit support request
5. DATA SHARING
5.1 No data sales
Notie AI does not sell, rent, or transfer your personal data to third parties for commercial purposes.
5.2 Authorized sharing
- Technical providers: Hosting (02switch), payment (encrypted)
- Subcontractors: Bound by strict GDPR contracts
- Competent authorities: Upon judicial requisition only
- Educational institutions: Evaluation reports upon request
5.3 International transfers
No transfers outside the European Union are made. All data is stored on servers located in France and the EU.
6. DATA SECURITY
6.1 Technical measures
- AES-256 encryption for all sensitive data
- SSL/TLS connections for all exchanges
- Secured servers with advanced firewalls
- Encrypted backups daily
- 24/7 monitoring of access
6.2 Organizational measures
- Restricted access according to least privilege principle
- GDPR training for staff
- Annual security audit by certified organization
- Documented incident procedures
- GDPR-compliant subcontracting agreements
6.3 In case of breach
In case of data breach:
- Authority notification within 72h if high risk
- User information as soon as possible
- Immediate corrective measures
- Detailed report of causes and actions
7. YOUR RIGHTS
7.1 Fundamental rights
In accordance with GDPR, you have the following rights:
RightDescriptionExercise procedureAccessObtain a copy of your dataEmail to dpo@notieai.comRectificationCorrect inaccurate dataUser interface or emailErasureDelete your dataMotivated request by emailPortabilityRetrieve your dataJSON/CSV export availableObjectionRefuse processingEmail with legitimate reasonRestrictionLimit processingRequest by email
7.2 Exercise procedures
- Email: dpo@notieai.com
- Mail: Notie AI – DPO, 48 RUE DE LA GLACIERE – BATIMENT F, BAL 41, 75013 PARIS, FRANCE
- Response time: Maximum 1 month
- Identity proof: Required for security
7.3 Right to lodge complaint
You may lodge a complaint with the supervisory authority:
- French authority (CNIL): https://www.cnil.fr
- EU authorities: https://edpb.europa.eu/about-edpb/board/members_en
- Phone: +33 1 53 73 22 22
8. COOKIES AND TRACKERS
8.1 Types of cookies used
TypePurposeDurationConsentEssentialSite functionalitySessionNot requiredFunctionalUser preferences12 monthsRequiredAnalyticsAudience measurement24 monthsRequiredMarketingTargeted advertising12 monthsRequired
8.2 Cookie management
- Initial settings: Consent banner
- Modification: Account settings
- Refusal: Limited impact on essential features
- Browser: Cookie settings
9. MINORS’ DATA
9.1 Special protection
Data from minor students benefits from enhanced protection:
- Parental consent via educational institution
- Limited duration of retention (maximum 2 years)
- No commercial profiling
- Rights exercised by legal representatives
9.2 Educational responsibility
- Shared responsibility with educational institution
- Teacher training on GDPR issues
- Student awareness of data protection
- Parental control possible on data
10. DATA RETENTION
10.1 Retention periods
Data typeDurationJustificationAccount dataSubscription duration + 1 yearContractual relationshipStudent assignmentsConfigurable (30 days to 2 years)User choiceBilling data10 yearsAccounting obligationSecurity logs1 yearSystem securityAnonymized dataUnlimitedResearch and development
10.2 Automatic deletion
- Alerts before data expiration
- Automatic deletion at deadline
- Extension possibility upon request
- Secure erasure of media
11. POLICY MODIFICATIONS
11.1 Updates
This policy may be modified for:
- Regulatory compliance with new laws
- Enhanced data protection
- New service features
- User feedback and best practices
11.2 User notification
- Email notification 30 days before modification
- Previous version archived and accessible
- Summary of changes provided
- Termination possibility if disagreement
12. CONTACT AND DATA PROTECTION OFFICER
12.1 Data Protection Officer (DPO)
Email: dpo@notieai.com
Mail: Notie AI – DPO
48 RUE DE LA GLACIERE – BATIMENT F, BAL 41
75013 PARIS, FRANCE
12.2 Questions and complaints
For any questions regarding:
- Your rights on personal data
- Exercise of these rights
- Processing of your data
- This privacy policy
Contact us at dpo@notieai.com with subject “[GDPR] Your request”
13. ADDITIONAL RESOURCES
13.1 GDPR documentation
- GDPR text: https://eur-lex.europa.eu/eli/reg/2016/679/oj
- Data protection authorities: https://edpb.europa.eu/
- Your rights: https://ec.europa.eu/info/law/law-topic/data-protection_en