knora

Privacy Policy

Last updated: 1 May 2026

Knora (“we”, “us”, “our”) is a voice-first AI tutoring platform. This Privacy Policy explains how we collect, use, share, and protect personal data when you use our website, applications, or services (collectively, the “Service”).

1. Data controller

The data controller is Knora SL (in formation), registered at Madrid, Spain. For any privacy-related questions, contact privacy@knora.com.

2. What data we collect

  • Account data — name, email, role (student / teacher / parent), school affiliation
  • Voice & conversation data — audio captured during tutoring sessions, transcripts, and AI responses
  • Learning progress — quizzes, mastery scores, study session metadata
  • Uploaded materials — PDFs, documents, or notes uploaded by teachers or schools for ingest
  • Technical data — IP address, device type, browser, usage logs (for security and debugging)

3. How we use your data

  • To deliver tutoring sessions, generate quizzes, and track learning progress
  • To improve the AI tutor’s accuracy (anonymized, aggregated only)
  • To provide teachers and parents with progress dashboards (with explicit linkage)
  • To support customer success, billing, and technical operations
  • To comply with legal and regulatory obligations

We do not sell personal data, and we do not use student conversations for advertising.

4. Subprocessors

Knora relies on the following subprocessors to deliver the Service:

  • Anthropic (United States) — large language model (Claude) for tutor reasoning and content generation
  • OpenAI (United States) — fallback LLM provider
  • ElevenLabs (United States) — text-to-speech synthesis
  • Deepgram (United States) — speech-to-text transcription
  • Supabase (Europe) — database and authentication
  • Vercel (United States / EU edge) — hosting and content delivery

Where data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by appropriate technical and organizational safeguards.

5. Data retention

Active account data is retained as long as the account is active. Voice recordings are retained for up to 30 daysfor quality assurance, then deleted. Aggregated, anonymized analytics may be retained indefinitely. Schools and parents may request deletion of any minor’s data at any time.

6. Your rights (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the right to: access, rectify, erase, restrict processing, data portability, and object to processing. To exercise any of these rights, contact privacy@knora.com. You may also lodge a complaint with your local supervisory authority.

7. Minors

Knora is designed for use in educational settings, including by users under 18. When deployed at a school, the school acts as the data controller for student data and Knora acts as a data processor under a Data Processing Agreement (DPA). Parental consent is obtained through the school’s standard process.

8. Security

We use TLS 1.2+ for data in transit and AES-256 for data at rest. Access is limited via role-based access control. All staff with access to personal data are bound by confidentiality obligations. We perform regular reviews of our security posture.

9. Changes to this policy

We will notify users of any material changes via email or in-app notification at least 30 days before they take effect.

10. Contact

For privacy questions: privacy@knora.com
For Data Protection Officer (DPO) requests: dpo@knora.com