1. Overview

Voice2VoiceSim is committed to protecting user privacy, especially for students in educational settings. This policy explains what data we collect, how we use it, and how we protect it.

2. Data We Collect

Faculty accounts: Email address (.edu), name, institution name, and payment information (processed by Stripe — we do not store card details).

Individual student accounts: A self-chosen username and payment information (processed by Stripe). No real name or email is required.

School students: We store only the anonymous access code. We do not collect any personally identifiable information (PII) from school students. Student names are processed entirely in the faculty's browser and never transmitted to our servers.

Simulation data: Interview transcripts, documentation text, evaluation results, and session metadata (timestamps, duration).

3. How We Use Data

• To provide the simulation and evaluation service
• To display results to students and faculty
• To enforce usage limits and detect abuse
• To improve the Service using anonymized, aggregated data

4. Data Sharing

We do not sell or share personal data with third parties, except:

• Stripe — payment processing
• Supabase — database hosting (data encrypted at rest)
• ElevenLabs — voice conversation processing (audio is processed in real-time and not stored by ElevenLabs after the session)
• Anthropic — AI evaluation of transcripts (data processed per Anthropic's API terms; not used for training)

5. Data Retention

School students: Simulation data is retained for the class duration plus 30 days, then automatically deleted.

Individual students: Data is retained while the subscription is active plus 30 days after expiration.

Faculty: Account data retained as long as the account is active. Class results available for 30 days after the class ends.

6. FERPA Compliance

Voice2VoiceSim is designed with FERPA compliance in mind. For school students, no personally identifiable information is ever stored in our system. The only identifier is a random word-combination access code. Faculty members hold the code-to-student mapping externally. We offer a Business Associate Agreement (BAA) template for institutional compliance offices.

7. Security

• All data transmitted over HTTPS (TLS encryption)
• Database encrypted at rest
• Row-Level Security isolates data between users
• API keys and secrets stored as environment variables
• Stripe handles all payment data (PCI compliant)

8. Analytics

We use Plausible Analytics, a privacy-friendly analytics service that does not use cookies, does not track individuals, and is fully GDPR compliant.

9. Your Rights

You may request deletion of your data at any time by emailing support@JPLgrp.com. Faculty can export all class data before deletion.

10. Contact

Questions about privacy? Email us at support@JPLgrp.com.