Privacy Policy

Effective Date: March 13, 2025

Introduction

We at Lyceum AI, Inc. ("Lyceum", "Platform", "Service", "we", "us", or "our") are committed to protecting the privacy and security of our users' information, especially that of organizations and their employees. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you interact with our platform. By using Lyceum (the "Site"), you agree to the terms of this Privacy Policy ("Policy").

Please note that our Service is designed for business organizations (referred to throughout this policy as "Organization," and sometimes also called "Client" or "Corporate Partner"), and as such, we adhere to applicable privacy laws and data protection regulations. For the purposes of this Privacy Policy, "Personal Information" means any information that is linked or reasonably linkable to an identified or identifiable natural person. Personal Information does not include publicly available information from government records, deidentified or aggregate information, or information excluded from the scope of "Personal Information" as defined by applicable laws.

Relationship Between Different Types of Information

For clarity, we want to explain how different categories of information relate to each other under this Privacy Policy:

  1. Personal Information is our broadest category and includes any information that can be linked to an identifiable person. This includes:
    • Account Information
    • Employee Data
    • Contact Information
    • Certain Usage Data that can be tied to individuals
  2. Organizational Data refers to data owned and controlled by the Organization. This includes:
    • Employee Data provided by the Organization
    • Organizational Content
    • Account Information for Organization-managed accounts
    • Training performance and progress information
  3. Proprietary and Confidential Information includes sensitive business information that requires special protection, such as:
    • Internal documents and policies
    • Training materials developed by the Organization
    • Other business confidential information

These categories may overlap. For example, an employee's name is both Personal Information and, when provided by the Organization, also Organizational Data. The protections described for each category apply simultaneously where categories overlap.

Information We Collect

In order to provide you with our products and services or communicate with you, we collect information in the following categories:

  1. Account Information: When you create an account with Lyceum, we collect your name, email address, and password. If you are an administrator or trainer, we may also collect your role and the name of your organization.
  2. Employee Data: We collect information about employees provided by the organization, trainers, or employees themselves. This may include employee names, departments, positions, and training-related performance data. We collect only the minimum amount of information necessary to provide our Service.
  3. Organizational Content: We may have access to organizational materials including internal documents, policies, proprietary information, and training content that organizations upload to our platform. This content is treated as confidential information.
  4. User-generated Content: When you interact with the Lyceum Platform, we collect the questions you ask, the responses generated by the AI, and any feedback you provide.
  5. Usage Data: We collect information about how you interact with our Service, such as the features you use, the time you spend on the platform, and the device you use to access the Service.
  6. Technical Data: We collect technical data, such as cookies, your IP address, browser type, device information, and operating system, to improve our Service and ensure compatibility with various devices.
  7. Contact Information: If you communicate with us, we collect your name, email address, phone number, and the contents of any messages you send. This contact information is considered a subset of Personal Information.
  8. Third-party integrations: We allow you to connect third-party applications to our Service for the purposes of signing up for an account, signing in to an existing account, and importing organizational data. Signing up and signing in to our Service requires access to your email, first name and last name. Importing organizational data will require permission to access your team information and employee email addresses. Third-party applications include but are not limited to, Microsoft 365, Google Workspace, and other enterprise systems. Access tokens obtained through integrations are stored in an encrypted format for enhanced security.
  9. Publicly available information: We may obtain Personal Information about you from other sources, including public records, publicly available information on internet sites, and third parties that help us update, expand, and analyze our records and inform our marketing and recruitment efforts.
  10. Deidentified Information: We may collect information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular person ("Deidentified Information"). Deidentified Information may include, but not limited to: (i) device type, (ii) device operating system, (iii) internet browser type, (iv) internet service provider, (v) referring/exit pages, (vi) date/time stamp, and (vii) clickstream information. We will take reasonable measures to ensure that Deidentified Information we collect is not personally identifiable and may not later be easily used to identify you as required by applicable law. We agree not to attempt to re-identify Deidentified Information and not to transfer Deidentified Information to any third party unless the third party agrees to not attempt re-identification.

Organizational and Employee Data

We consider Organizational Data and Employee Data to be confidential and do not use such data for any purpose other than to provide our Services on the Organization's behalf, in accordance with contractual agreements with the Organization. To help Organizations address their obligations to protect their data privacy, we have implemented additional controls and procedures for Organizations when they enter into a contract with Lyceum to make our Services available to employees for training purposes.

As between us and the Organization, Organizational Data are owned and controlled by the Organization. Our collection and use of Organizational Data is governed by our contracts with the Organizations and by applicable privacy laws.

  1. We collect, maintain, use and share Organizational Data and Employee Data only for authorized business purposes and as described in our Agreement with the Organization, or as directed by the Organization.
  2. We do not use or disclose Organizational Data or Employee Data for targeted advertising purposes. We do not share organizational data with third-party advertisers or use it to create profiles for advertising purposes. However, as explained in the "How We Use Deidentified Data" section, once we have properly deidentified data so that it can no longer be linked to individuals or Organizations, we may use that deidentified data for additional purposes.
  3. We do not build a personal profile of an employee other than in furtherance of providing the training services.
  4. We maintain a comprehensive data security program designed to protect the types of Organizational Data and Employee Data maintained by the Service.
  5. We will clearly and transparently disclose our data policies and practices to our users.
  6. We will never sell Organizational Data or Employee Data unless the sale is part of a corporate transaction, such as a merger, acquisition, bankruptcy, or other sale of assets, in which case we will require the new owner to continue to honor the terms provided in this Data Policy or we will provide the Organization with notice and an opportunity to opt-out of the transfer of data by deleting the data before the transfer occurs.
  7. We will not make any material changes to our Data Policy or contractual agreements that relate to the collection or use of Organizational Data or Employee Data without first giving notice to the Organization and providing a choice before the data are used in a materially different manner than was disclosed when the information was collected.

Proprietary and Confidential Information

We understand that organizations may upload or share proprietary and confidential business information through our platform. We treat all such information as confidential and implement appropriate technical and organizational measures to protect it. Specifically:

  1. All proprietary information is stored using industry-standard encryption methods.
  2. Access to proprietary information is restricted to authorized personnel on a need-to-know basis.
  3. We will not use proprietary information for any purpose other than providing the contracted services.
  4. We will not disclose proprietary information to any third party without explicit consent from the Organization, except as required by law.
  5. Upon termination of services, we will return or delete all proprietary information as specified in our contractual agreement.

How We Collect Information

The information we collect depends on how users use our Services or otherwise interact with us. We collect Personal Information and Deidentified Information in various ways, including:

Directly from You:

We collect Personal Information when you voluntarily submit it to us while completing forms and in connection with other activities, services, features, or resources we make available. The Personal Information we collect depends on how you use our Services, or how you choose to communicate with us.

Through Your Use of the Site:

We may collect Personal Information and Deidentified Information that your browser transmits when you use our Services or otherwise interact with us. We may also collect Deidentified Information about how you use our Services or otherwise interact with us through the use of automated tracking technologies, such as session cookies, persistent cookies, and web beacons.

A cookie is a small data file that is transferred to an internet browser, which enables the Site to remember and customize your subsequent visits. We may use session cookies to make it easier for you to navigate the Site. Session cookies expire when you close your browser. We may also use persistent cookies to track and target your interests to enhance your experience on the Site. Persistent cookies remain on your device for an extended period of time.

Most internet browsers automatically accept cookies. However, you can instruct your internet browser to block cookies or to provide you with a warning prompt before you accept cookies from the Site. Please refer to your internet browser's instructions to learn more about these functions. If you reject cookies, the functionality of the Site may be limited and you may not be able to participate in several of the Site's features.

Additionally, we may use web beacons, which are single-pixel, electronic images embedded in the Site that allow us to gather information about your browsing activities on the Site.

From Third Party Services:

We may collect Personal Information about you from third parties whose privacy practices may differ from the practices described in this Policy. We do not make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available through third parties. Your use of third parties' services and/or third party websites is governed by and subject to the terms and conditions of those third parties and/or third party websites. We encourage you to carefully review the privacy policies and statements of such third parties and/or third party websites.

How We Use Information

We may use users' Personal Information for lawful business purposes to help enhance users' experience. These purposes include:

Providing our Services:

We may use your Personal Information to fulfill the purpose for which you provide it. For example, if you give us an email address to sign up for communications from us, we will use that email information to contact you as requested.

Training Progress Tracking and Reporting:

We use employee data to track progress in training programs and generate reports for organizational administrators. This may include completion rates, assessment scores, and other performance metrics related to training activities.

Marketing and Communications:

We may use your Deidentified Information and aggregate information for marketing and advertising purposes. We may also use your contact information to communicate with you about our services, updates, and promotional offers, subject to your opt-out preferences. To be clear, we do not use identifiable Organizational Data or Employee Data for marketing purposes.

Customer Service and User Communications:

We may use your Personal Information to help us respond to your inquiries, questions, requests, and support needs more efficiently.

User Experience Personalization:

We may use your information to personalize the Service to your interests and preferences. For example, we may use such information to tailor the content and information that we send or display to you, offer personalized recommendations, help, and instructions, or otherwise personalize your experience while using our Services. We may also use users' Personal Information and/or Deidentified Information in the aggregate to analyze users' browsing and usage activities and patterns in order to understand users' interests and preferences with respect to our Services. This will help us optimize your experience on our Services.

Business Optimization:

We may use your Personal Information and/or Deidentified Information to improve the content on our web pages, to customize the content and layout of our web pages, conduct internal research and development, administer surveys or market research, and in managing our everyday business needs. We may also use your feedback to improve our Services, including by monitoring, auditing, and analyzing trends, usage, and activities on the Site. All of this is done with the intention of making our Services more useful for you.

Safety and Security:

We may use your Personal Information and/or Deidentified Information to promote the safety and security of the Service, our users, and other parties. For example, we may use the information to authenticate users, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.

We will not collect additional categories of Personal Information or use Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

We prohibit mining your Personal Information for any purposes without your consent. We also prohibit data mining or scanning of Content for the purpose of advertising or marketing to employees.

How We Use Deidentified Data

We may also generate, use, and disclose deidentified information for adaptive learning purposes or customized employee learning purposes, to recommend content or services relating to Organizational purposes or other training or employment purposes, to develop, research and improve our Services, or to demonstrate the effectiveness of our Services. In addition, we may use deidentified information for the development and improvement of other training sites, services and applications or technologies more generally to the extent permitted under applicable law.

"Deidentified information" means data from which all personally identifiable information has been removed or obscured so that the remaining information does not reasonably identify an individual and there is no reasonable basis to believe that the information can be used to identify an individual. To be clear, when we deidentify Organizational Data or Employee Data, the resulting deidentified information is no longer considered Organizational Data or Employee Data under this policy, and may be used for purposes beyond providing the direct services to your Organization.

Contact Information

If you have questions about this Policy or wish to contact us with questions or comments, please contact us:

Email: contact@lyceumlearning.ai

Address: Lyceum AI, 20 S Elm St, Oxford OH, 45056