Privacy policy

Effective Date: March 14, 2025

Introduction

We at Lyceum AI, Inc. ("Lyceum", "Platform", "Service", "we", "us", or "our") are committed to protecting the privacy and security of our users' information, especially that of organizations and their employees. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you interact with our platform. By using Lyceum (the "Site"), you agree to the terms of this Privacy Policy ("Policy").

Please note that our Service is designed for business organizations (referred to throughout this policy as "Organization," and sometimes also called "Client" or "Corporate Partner"), and as such, we adhere to applicable privacy laws and data protection regulations. For the purposes of this Privacy Policy, "Personal Information" means any information that is linked or reasonably linkable to an identified or identifiable natural person. Personal Information does not include publicly available information from government records, deidentified or aggregate information, or information excluded from the scope of "Personal Information" as defined by applicable laws.

Relationship Between Different Types of Information

For clarity, we want to explain how different categories of information relate to each other under this Privacy Policy:

  1. Personal Information is our broadest category and includes any information that can be linked to an identifiable person. This includes:

    • Account Information

    • Employee Data

    • Contact Information

    • Certain Usage Data that can be tied to individuals

  2. Organizational Data refers to data owned and controlled by the Organization. This includes:

    • Employee Data provided by the Organization

    • Organizational Content

    • Account Information for Organization-managed accounts

    • Training performance and progress information

  3. Proprietary and Confidential Information includes sensitive business information that requires special protection, such as:

    • Internal documents and policies

    • Training materials developed by the Organization

    • Other business confidential information

These categories may overlap. For example, an employee's name is both Personal Information and, when provided by the Organization, also Organizational Data. The protections described for each category apply simultaneously where categories overlap.

Information We Collect

In order to provide you with our products and services or communicate with you, we collect information in the following categories:

  1. Account Information: When you create an account with Lyceum, we collect your name, email address, and password. If you are an administrator or trainer, we may also collect your role and the name of your organization.

  2. Employee Data: We collect information about employees provided by the organization, trainers, or employees themselves. This may include employee names, departments, positions, and training-related performance data. We collect only the minimum amount of information necessary to provide our Service.

  3. Organizational Content: We may have access to organizational materials including internal documents, policies, proprietary information, and training content that organizations upload to our platform. This content is treated as confidential information.

  4. User-generated Content: When you interact with the Lyceum Platform, we collect the questions you ask, the responses generated by the AI, and any feedback you provide.

  5. Usage Data: We collect information about how you interact with our Service, such as the features you use, the time you spend on the platform, and the device you use to access the Service.

  6. Technical Data: We collect technical data, such as cookies, your IP address, browser type, device information, and operating system, to improve our Service and ensure compatibility with various devices.

  7. Contact Information: If you communicate with us, we collect your name, email address, phone number, and the contents of any messages you send. This contact information is considered a subset of Personal Information.

  8. Third-party integrations: We allow you to connect third-party applications to our Service for the purposes of signing up for an account, signing in to an existing account, and importing organizational data. Signing up and signing in to our Service requires access to your email, first name and last name. Importing organizational data will require permission to access your team information and employee email addresses. Third-party applications include but are not limited to, Microsoft 365, Google Workspace, and other enterprise systems. Access tokens obtained through integrations are stored in an encrypted format for enhanced security.

  9. Publicly available information: We may obtain Personal Information about you from other sources, including public records, publicly available information on internet sites, and third parties that help us update, expand, and analyze our records and inform our marketing and recruitment efforts.

  10. Deidentified Information: We may collect information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular person ("Deidentified Information"). Deidentified Information may include, but not limited to: (i) device type, (ii) device operating system, (iii) internet browser type, (iv) internet service provider, (v) referring/exit pages, (vi) date/time stamp, and (vii) clickstream information. We will take reasonable measures to ensure that Deidentified Information we collect is not personally identifiable and may not later be easily used to identify you as required by applicable law. We agree not to attempt to re-identify Deidentified Information and not to transfer Deidentified Information to any third party unless the third party agrees to not attempt re-identification.

Organizational and Employee Data

We consider Organizational Data and Employee Data to be confidential and do not use such data for any purpose other than to provide our Services on the Organization's behalf, in accordance with contractual agreements with the Organization. To help Organizations address their obligations to protect their data privacy, we have implemented additional controls and procedures for Organizations when they enter into a contract with Lyceum to make our Services available to employees for training purposes.

As between us and the Organization, Organizational Data are owned and controlled by the Organization. Our collection and use of Organizational Data is governed by our contracts with the Organizations and by applicable privacy laws.

  1. We collect, maintain, use and share Organizational Data and Employee Data only for authorized business purposes and as described in our Agreement with the Organization, or as directed by the Organization.

  2. We do not use or disclose Organizational Data or Employee Data for targeted advertising purposes. We do not share organizational data with third-party advertisers or use it to create profiles for advertising purposes. However, as explained in the "How We Use Deidentified Data" section, once we have properly deidentified data so that it can no longer be linked to individuals or Organizations, we may use that deidentified data for additional purposes.

  3. We do not build a personal profile of an employee other than in furtherance of providing the training services.

  4. We maintain a comprehensive data security program designed to protect the types of Organizational Data and Employee Data maintained by the Service.

  5. We will clearly and transparently disclose our data policies and practices to our users.

  6. We will never sell Organizational Data or Employee Data unless the sale is part of a corporate transaction, such as a merger, acquisition, bankruptcy, or other sale of assets, in which case we will require the new owner to continue to honor the terms provided in this Data Policy or we will provide the Organization with notice and an opportunity to opt-out of the transfer of data by deleting the data before the transfer occurs.

  7. We will not make any material changes to our Data Policy or contractual agreements that relate to the collection or use of Organizational Data or Employee Data without first giving notice to the Organization and providing a choice before the data are used in a materially different manner than was disclosed when the information was collected.

Proprietary and Confidential Information

We understand that organizations may upload or share proprietary and confidential business information through our platform. We treat all such information as confidential and implement appropriate technical and organizational measures to protect it. Specifically:

  1. All proprietary information is stored using industry-standard encryption methods.

  2. Access to proprietary information is restricted to authorized personnel on a need-to-know basis.

  3. We will not use proprietary information for any purpose other than providing the contracted services.

  4. We will not disclose proprietary information to any third party without explicit consent from the Organization, except as required by law.

  5. Upon termination of services, we will return or delete all proprietary information as specified in our contractual agreement.

How We Collect Information

The information we collect depends on how users use our Services or otherwise interact with us. We collect Personal Information and Deidentified Information in various ways, including:

Directly from You: We collect Personal Information when you voluntarily submit it to us while completing forms and in connection with other activities, services, features, or resources we make available. The Personal Information we collect depends on how you use our Services, or how you choose to communicate with us.

Through Your Use of the Site: We may collect Personal Information and Deidentified Information that your browser transmits when you use our Services or otherwise interact with us. We may also collect Deidentified Information about how you use our Services or otherwise interact with us through the use of automated tracking technologies, such as session cookies, persistent cookies, and web beacons.

A cookie is a small data file that is transferred to an internet browser, which enables the Site to remember and customize your subsequent visits. We may use session cookies to make it easier for you to navigate the Site. Session cookies expire when you close your browser. We may also use persistent cookies to track and target your interests to enhance your experience on the Site. Persistent cookies remain on your device for an extended period of time.

Most internet browsers automatically accept cookies. However, you can instruct your internet browser to block cookies or to provide you with a warning prompt before you accept cookies from the Site. Please refer to your internet browser's instructions to learn more about these functions. If you reject cookies, the functionality of the Site may be limited and you may not be able to participate in several of the Site's features.

Additionally, we may use web beacons, which are single-pixel, electronic images embedded in the Site that allow us to gather information about your browsing activities on the Site.

From Third Party Services: We may collect Personal Information about you from third parties whose privacy practices may differ from the practices described in this Policy. We do not make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available through third parties. Your use of third parties' services and/or third party websites is governed by and subject to the terms and conditions of those third parties and/or third party websites. We encourage you to carefully review the privacy policies and statements of such third parties and/or third party websites.

How We Use Information

We may use users' Personal Information for lawful business purposes to help enhance users' experience. These purposes include:

Providing our Services: We may use your Personal Information to fulfill the purpose for which you provide it. For example, if you give us an email address to sign up for communications from us, we will use that email information to contact you as requested.

Training Progress Tracking and Reporting: We use employee data to track progress in training programs and generate reports for organizational administrators. This may include completion rates, assessment scores, and other performance metrics related to training activities.

Marketing and Communications: We may use your Deidentified Information and aggregate information for marketing and advertising purposes. We may also use your contact information to communicate with you about our services, updates, and promotional offers, subject to your opt-out preferences. To be clear, we do not use identifiable Organizational Data or Employee Data for marketing purposes.

Customer Service and User Communications: We may use your Personal Information to help us respond to your inquiries, questions, requests, and support needs more efficiently.

User Experience Personalization: We may use your information to personalize the Service to your interests and preferences. For example, we may use such information to tailor the content and information that we send or display to you, offer personalized recommendations, help, and instructions, or otherwise personalize your experience while using our Services. We may also use users' Personal Information and/or Deidentified Information in the aggregate to analyze users' browsing and usage activities and patterns in order to understand users' interests and preferences with respect to our Services. This will help us optimize your experience on our Services.

Business Optimization: We may use your Personal Information and/or Deidentified Information to improve the content on our web pages, to customize the content and layout of our web pages, conduct internal research and development, administer surveys or market research, and in managing our everyday business needs. We may also use your feedback to improve our Services, including by monitoring, auditing, and analyzing trends, usage, and activities on the Site. All of this is done with the intention of making our Services more useful for you.

Safety and Security: We may use your Personal Information and/or Deidentified Information to promote the safety and security of the Service, our users, and other parties. For example, we may use the information to authenticate users, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.

We will not collect additional categories of Personal Information or use Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

We prohibit mining your Personal Information for any purposes without your consent. We also prohibit data mining or scanning of Content for the purpose of advertising or marketing to employees.

How We Use Deidentified Data

We may also generate, use, and disclose deidentified information for adaptive learning purposes or customized employee learning purposes, to recommend content or services relating to Organizational purposes or other training or employment purposes, to develop, research and improve our Services, or to demonstrate the effectiveness of our Services. In addition, we may use deidentified information for the development and improvement of other training sites, services and applications or technologies more generally to the extent permitted under applicable law.

"Deidentified information" means data from which all personally identifiable information has been removed or obscured so that the remaining information does not reasonably identify an individual and there is no reasonable basis to believe that the information can be used to identify an individual. To be clear, when we deidentify Organizational Data or Employee Data, the resulting deidentified information is no longer considered Organizational Data or Employee Data under this policy, and may be used for purposes beyond providing the direct services to your Organization.

How We Share and Disclose Information

Organizations understand that we will occasionally rely on one or more subcontractors to perform Services. We agree to share the names of these subcontractors with Organizations upon request. All of our subcontractors and its successors shall agree to be subject to this Policy.

We disclose Organizational Data and Employee Data solely as needed to provide our Services on behalf of specific Organizations in accordance with our contractual agreements with those Organizations or with the consent of the Organization. For example, Organizational Data and account usage data may be disclosed to or accessible by users who are authorized to use the Service on behalf of the Organization, such as administrators, HR personnel, or other management professionals.

We also disclose Organizational Data to our trusted service providers (meaning vendors who perform services on our behalf) who have a legitimate need to access such information on our behalf, subject to appropriate contractual terms to protect such data.

We may disclose Deidentified Information to third party advertising partners who help us serve advertisements across the web. This information does not identify you personally, but may be used by those marketing and advertising partners and other third parties to enable them to recognize you on other sites and services. To be clear, we do not share Organizational Data or Employee Data with third-party advertisers or use it to create profiles for advertising purposes.

Furthermore, we may disclose Organizational Data in connection with a business transaction or to support our legal rights and obligations, as described elsewhere in this Privacy Policy.

We may disclose your Personal Information to law enforcement or other government officials if it relates to a criminal investigation or alleged criminal activity. We may also disclose your Personal Information: (i) if required or permitted to do so by law; (ii) for fraud protection and credit risk reduction purposes; (iii) in the good-faith belief that such action is necessary to protect our rights, interests, or property; (iv) in the good-faith belief that such action is necessary to protect your safety or the safety of others; or (v) to comply with a judicial proceeding, court order, subpoena, or other similar legal or administrative process. When legally permissible, we will make reasonable efforts to notify the affected Organization before disclosing Personal Information in response to such requests.

If we become involved in a transaction involving the sale of our assets, such as a merger or acquisition, or if we are transferred to another company, we may disclose and/or transfer your Personal Information as part of the transaction. If the surviving entity in that transaction is not us, the surviving company may use your Personal Information pursuant to its own privacy policies, and those policies may be different from this Policy.

Data Access and Deletion Requests

We have different procedures for handling data access and deletion requests depending on your relationship with Lyceum:

  1. For Organizations: Organizations may request access to, correction of, or deletion of all data associated with their account by contacting us at contact@lyceumlearning.ai. We will provide Organizations with all data we hold related to their account, subject to reasonable technical limitations.

  2. For Individual Users Acting on Behalf of Organizations: If you are using our Services on behalf of an Organization (such as an administrator or trainer) and wish to access, update, delete, or otherwise control organizational data, please contact us directly at contact@lyceumlearning.ai.

  3. For Individual Employees of Client Organizations: If you are an employee of a client Organization and wish to access, update, or delete your personal data, you should direct your request to your Organization's administrator first, as they control your data. If you have contacted your Organization and still need assistance, you may contact us at contact@lyceumlearning.ai, but we may need to coordinate with your Organization to fulfill your request.

This hierarchical approach to data access ensures proper authorization while respecting both organizational data ownership and individual privacy rights.

How We Retain Information

We will retain users' Personal Information while they maintain an account with us or to the extent necessary to provide our Services. Thereafter, we will keep Personal Information for as long as necessary: (i) to respond to any queries from users; (ii) to demonstrate we treated users fairly; (iii) for ordinary business continuity procedures; or (iv) to comply with any applicable laws. We delete Personal Information within a reasonable period after we no longer need the information for the purposes set out in this Policy.

Notwithstanding our standard retention practices, upon request from Organizations, we will ensure that all Personal Information in our possession, as well as that held by our subcontractors or agents to whom we have transferred Personal Information, is either destroyed or transferred to the Organizations in accordance with their directions. Organizations' instructions for data deletion or transfer will take precedence over our standard retention periods, except where we are legally required to retain certain information.

Organizations are responsible for maintaining current employee rosters, and for managing Organizational Data which they no longer need by submitting a deletion request. Please note: even in the absence of instruction by the Organization, we may delete or de-identify data after a period of user inactivity in accordance with our standard data retention policies.

If you are using our Services on behalf of an Organization and wish to access Organizational Data, delete Organizational Data or close your account, please contact us (contact@lyceumlearning.ai). If you are an employee and wish to access your data, delete your data or close your account, please direct your request to your Organization.

Security

The security and confidentiality of your Personal Information is very important to us. We use commercially reasonable security measures to protect your Personal Information. This includes appropriate administrative, physical, and technical safeguards to secure Personal Information from unauthorized access, disclosure, and use. Lyceum will conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner. Lyceum will also have a written incident response plan, to include prompt notification of Organizations in the event of a security or privacy incident, as well as commercially reasonable practices for responding to a breach of Personal Information. Lyceum agrees to share its incident response plan upon Organizations' request. However, no data transmitted over or accessible through the internet can be guaranteed to be 100% secure. As a result, while we attempt to protect your Personal Information, we cannot guarantee or warrant that your Personal Information will be completely secure (i) from misappropriation by hackers or from other nefarious or criminal activities, or (ii) in the event of a failure of computer hardware, software, or a telecommunications networks.

California Privacy Rights

California's "Shine the Light" law permits users of our Services that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us at the Contact Information provided below.

Your Privacy Choices

Any Data held by Lyceum will be made available to Organizations upon request.

We strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with the following control over your Personal Information:

Tracking Technologies and Advertising: You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts or functions of our Services may then be inaccessible or not function properly.

Promotional Communications from Us: We may send you direct marketing communications about our products, services, and features that we believe may interest you. If you do not wish to receive such promotional emails, text messages and/or other direct marketing communications from us, you may opt-out at any time by (i) following any instructions included in the communication or (ii) contacting us at contact@lyceumlearning.ai. You can deactivate these messages at any time by changing the notification settings on your browser. Please be aware that although you may opt-out of promotional emails, text messages and/or other direct marketing communications, we reserve the right to email you administrative notices regarding our Services and other non-promotional messages, as permitted under the CAN-SPAM Act.

Account Information: If you ever wish to access, update, change, delete, correct, or otherwise control your Personal Information, you may do so by sending us an email with your request to contact@lyceumlearning.ai. To help us process your request, please provide sufficient information to allow us to identify you in our records. We reserve the right to ask for additional information verifying your identity prior to disclosing any Personal Information to you. Should we ask for verification, the information you provide will be used only for verification purposes, and all copies of the information will be destroyed when the process is complete.

Other State Privacy Rights: Residents of certain states may have additional personal information rights and choices. If you believe you have such additional rights and wish to exercise them, please send us an email with your request, including the specific rights you wish to exercise, to contact@lyceumlearning.ai. Please be aware that your rights are limited to the extent permitted by applicable law.

We will make commercially reasonable efforts to respond to opt-out requests and handle requests to access, update, change, delete, or otherwise control your Personal Information as quickly as possible.

Third Party Links

The Site and our Services may contain links to other websites or applications ("Linked Sites") that are not owned by us. We do not control the collection or use of any information, including Personal Information, which occurs while you visit Linked Sites. Therefore, we make no representations or warranties for—and will not in any way be liable for—any content, products, services, software, or other materials available on Linked Sites, even if one or more pages of the Linked Sites are framed within a page of the Site.

Furthermore, we make no representations or warranties about the privacy policies or practices of the Linked Sites, and we are not responsible for the privacy practices of those Linked Sites. We encourage you to be aware of when you leave the Site and read the privacy policies of Linked Sites.

Modifications

We reserve the right to update this Policy from time-to-time with advance notice to Organizations. If our privacy practices change materially in the future, we will post an updated version of the privacy policy to the Site. It is your responsibility to review this Policy for any changes each time you use the Site or our Services. We will not lessen your rights under this Policy without your explicit consent. If you do not agree with the changes made, we will honor any opt-out requests made after the Effective Date of a new privacy policy.

Questions

If you are an employee and have questions about specific practices relating to your data provided to Lyceum by an Organization, please direct your questions to your Organization.

If you have questions about this Policy or wish to contact us with questions or comments, please contact us at contact@lyceumlearning.ai, or by writing to us at Lyceum AI, 20 S Elm St, Oxford OH, 45056.

Effective Date

This Policy was last modified as of March 13, 2025. This version of the privacy policy replaces and supersedes any prior privacy policies applicable to the Site and our Services.