LOTSOG Learning

Privacy Policy

Effective date: May 18, 2026 · Last updated: May 18, 2026

YOUR PRIVACY MATTERS

This Privacy Policy explains how LOTSOG Learning ("we," "us," "our"), a product of MD3C, LLC (an Illinois limited liability company), collects, uses, shares, and protects personal information when you use the Service at lotsog.com and app.lotsog.com.

If you are a parent or guardian of a child under 13, please also read our Children's Privacy Notice at lotsog.com/childrens-privacy before allowing your child to use the Service.

If you are a school or institution, please contact us at privacy@msi3.com to enter into a Data Processing Agreement before assigning the Service to students.

QUICK REFERENCE

What we collect	Why	Retention
Name, email, country	Account creation, billing	Duration of account + 30 days
Payment info	Billing via Stripe (we don't store card numbers)	Per Stripe's retention policy
Usage data	Service improvement, AI personalization	24 months rolling
Uploaded materials	Course generation	Duration of account + 30 days
Voice session transcripts	Tutor quality, safety	90 days
Student progress data	Learning outcomes, teacher visibility	Duration of enrollment + 30 days
IP address / geo tier	Geographic pricing, fraud prevention	90 days post-session

We do not sell your personal information. We do not use student data for advertising.

1. WHO THIS POLICY APPLIES TO

This policy applies to:

Adult learners (18+) using the Service independently
Minor learners (13-17) using the Service with parental consent
Young Children (under 13) using the Service through a parent-managed or institutionally-managed account
Educators using the Service to create and assign curriculum
Institution administrators managing institutional subscriptions
Visitors to lotsog.com who do not create accounts

For children under 13, our Children's Privacy Notice provides additional COPPA-specific disclosures and controls.

2. INFORMATION WE COLLECT

2.1 Information you provide directly

(a) Account information: Name, email address, password (hashed — we never store plaintext passwords), country of residence, and user role (learner / educator / administrator).

(b) Profile information: Educational level, subject interests, teaching grade level, institutional affiliation, and other preferences you choose to provide.

(c) Payment information: We use Stripe, Inc. as our payment processor. We do not store credit card numbers, CVV codes, or full payment account numbers on our servers. We receive and store a Stripe customer identifier, subscription identifier, last four digits of your payment method, billing address, and transaction history.

(d) Uploaded materials: Documents, PDFs, audio files, and other materials you upload for course generation. We process these to provide the Service and do not use them for any other purpose.

(e) Communications: Emails, support requests, and feedback you send us.

2.2 Information generated through your use

(a) Course and learning data: Courses you create or are assigned, lessons completed, quiz results, mastery scores, and progress through curriculum.

(b) Voice tutor transcripts: Text transcripts of AI voice tutor sessions, including questions asked and responses given. We retain these for 90 days for safety monitoring and quality improvement.

(c) Briefing and topic data: Topics you explore and briefings you generate.

(d) Usage data: Features accessed, session duration, click patterns, error logs, and device/browser information.

(e) Teacher-student relationship data: For educators, the identities of enrolled students, assigned courses, due dates, and completion status.

2.3 Information collected automatically

(a) IP address: Collected at login and checkout to determine geographic pricing tier. Retained for 90 days post-session.

(b) Device information: Browser type, operating system, screen resolution, and device identifiers for security and compatibility purposes.

(c) Cookies and local storage: We use session cookies for authentication and local storage for application state. We do not use third-party advertising cookies. See Section 8 for details.

2.4 Information from third parties

(a) Stripe: We receive payment confirmation, subscription status, and fraud signals from Stripe.

(b) Institutions: When an institution assigns coverage to a teacher or student, we receive their email address and role designation from the institution administrator.

3. HOW WE USE YOUR INFORMATION

3.1 To provide the Service

Creating and managing your account
Generating AI courses, briefings, quizzes, and handouts
Operating the AI voice tutor
Processing payments and managing subscriptions
Enabling teacher-student assignment and progress tracking
Providing the institution dashboard

3.2 To personalize your experience

Adapting AI-generated content to your stated subject, level, and educational grade
Maintaining your learning progress and mastery records
Providing context to the AI voice tutor about your current lesson

3.3 For safety and integrity

Detecting and preventing fraud, including geographic pricing misrepresentation
Monitoring for abuse of "Almost Unlimited" features
Reviewing voice tutor transcripts for safety concerns, particularly involving minors
Enforcing our Terms of Service

3.4 To communicate with you

Transactional emails (receipts, subscription confirmations, password resets)
Service notifications (assignment due dates, course completions)
Important policy and pricing change notices (required; cannot be opted out)
Optional: product updates and educational content newsletters (opt-in only)

3.5 To improve the Service

Analyzing aggregated, de-identified usage patterns
Improving AI content quality (using de-identified content only — we do not use identifiable student data or uploaded materials for AI training)
Fixing bugs and improving performance

3.6 Legal compliance

Complying with applicable law including COPPA, FERPA, GDPR, CCPA, and Illinois SOPIPA
Responding to lawful legal process
Protecting our legal rights

3.7 What we do NOT do

We do not sell your personal information to any third party
We do not use student data for targeted advertising
We do not use identifiable student educational records to build advertising profiles
We do not use your uploaded materials to train our AI models
We do not share your data with data brokers

4. HOW WE SHARE YOUR INFORMATION

4.1 With your institution (for institutional accounts)

If you are a teacher or student covered by an institutional subscription, the institution administrator can view:

Your name and email address
Courses assigned or created
Student enrollment and completion data
Your institution coverage status

We do not share individual student quiz responses, voice tutor transcripts, or detailed learning analytics with institution administrators unless you or your teacher shares them.

4.2 With teachers (for students)

If you are a student enrolled in a teacher's class on LOTSOG Learning, your teacher can view:

Your name and email address
Progress on assigned courses
Quiz completion and mastery scores for assigned content
Whether you have accessed assigned materials

4.3 With service providers

We share data with vendors who help us operate the Service, under contracts that prohibit them from using data for their own purposes:

Vendor	Purpose	Data shared
Stripe, Inc.	Payment processing	Name, email, billing address, subscription details
OpenAI, L.P.	AI content generation and voice tutor	Lesson context, voice session content (no student PII in prompts)
Firebase / Google Cloud	Infrastructure, authentication, database	All Service data (stored and processed under Google's DPA)
Nodemailer via SendGrid SMTP	Transactional email	Name, email address

We require all service providers to maintain appropriate data security and to use data only as directed by us.

4.4 For legal reasons

We may disclose information if required by law, court order, or government authority, or if we believe disclosure is necessary to prevent imminent harm to a person or the public. Where legally permitted, we will notify you before disclosing.

4.5 Business transfers

If we merge with, are acquired by, or sell substantially all our assets to another company, your data may be transferred as part of that transaction. We will notify you via email and provide you an opportunity to delete your account before any transfer to a successor with materially different privacy practices.

4.6 With your consent

We may share data for other purposes with your explicit consent.

5. DATA RETENTION

Data type	Retention period
Account information	Duration of account + 30 days after deletion request
Payment records	7 years (tax and legal compliance)
Course and learning data	Duration of account + 30 days
Uploaded materials	Duration of account + 30 days
Voice tutor transcripts	90 days
Usage logs	24 months rolling
IP address / geo records	90 days post-session
De-identified analytics	Indefinite (cannot be re-identified)
Legal hold data	Until hold is released

When you delete your account, we begin deletion of your personal data within 30 days, subject to legal retention obligations (such as payment records required for tax compliance).

6. YOUR RIGHTS

6.1 All users

Regardless of location, you may:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate information
Deletion: Request deletion of your account and associated data
Export: Request a machine-readable export of your data
Opt-out of marketing: Unsubscribe from optional marketing communications at any time

6.2 EU and UK users (GDPR / UK GDPR)

In addition to the above, you have the right to:

Object to processing based on our legitimate interests
Restrict processing in certain circumstances
Data portability: Receive your data in a structured, commonly used format
Withdraw consent where processing is based on consent
Lodge a complaint with your supervisory authority

Our legal bases for processing are: (i) contract performance (providing the Service you subscribed to); (ii) legal obligation (compliance with applicable law); (iii) legitimate interests (fraud prevention, security, service improvement); (iv) consent (marketing communications, voice tutor disclosure).

We rely on Standard Contractual Clauses for data transfers from the EU/UK to the United States.

6.3 California residents (CCPA / CPRA)

California residents have the right to:

Know what personal information we collect and how it is used
Delete personal information (subject to exceptions)
Opt out of the sale of personal information (we do not sell personal information)
Non-discrimination for exercising privacy rights

We do not sell personal information as defined by the CCPA. We do not share personal information for cross-context behavioral advertising.

To submit a California privacy request, contact privacy@msi3.com or use the "Privacy Request" link in your account settings.

6.4 Illinois residents (SOPIPA)

In compliance with the Illinois Student Online Personal Protection Act:

We do not use student data to engage in targeted advertising
We do not build a profile of a student for non-educational purposes
We do not sell student information
We support data deletion requests from students, parents, and schools
We maintain a comprehensive information security program

6.5 Parents of children under 13 (COPPA)

See our Children's Privacy Notice at lotsog.com/childrens-privacy for full COPPA rights and how to exercise them.

6.6 How to exercise your rights

Email privacy@msi3.com with the subject line "Privacy Request — [Type of Request]." We will respond within 30 days (45 days for complex requests with notice). We may need to verify your identity before processing requests.

7. DATA SECURITY

We implement technical and organizational measures designed to protect your personal information, including:

Encryption of data in transit (TLS 1.2 or higher)
Encryption of data at rest
Access controls limiting employee access to personal data
Regular security assessments
Incident response procedures

No security system is impenetrable. In the event of a data breach affecting your rights, we will notify you as required by applicable law, including Illinois's Personal Information Protection Act (PIPA), which requires notification within the most expedient time possible.

To report a security concern: security@msi3.com

8. COOKIES AND TRACKING

We use the following:

Type	Purpose	Can you opt out?
Session cookies	Authentication (keeping you logged in)	No — required for Service
Local storage	Application state, preferences	No — required for Service
Analytics cookies	Aggregate usage analysis (no advertising profiles)	Yes — see cookie settings

We do not use advertising cookies, third-party tracking pixels, or cross-site tracking.

To manage cookie preferences, use the Cookie Settings link in the website footer.

9. INTERNATIONAL DATA TRANSFERS

Our Service is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, which may have different data protection laws than your country.

For transfers from the EU and UK, we rely on Standard Contractual Clauses approved by the European Commission. For transfers from other jurisdictions, we implement appropriate safeguards as required by applicable law.

10. THIRD-PARTY LINKS

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any information.

11. CHANGES TO THIS POLICY

We will notify you of material changes to this Privacy Policy via email to your registered address and through a notice in the application, at least thirty (30) days before changes take effect. We will update the "Last updated" date at the top of this page. Material changes affecting how we use children's data will require fresh parental consent where required by COPPA.

12. CONTACT US

Privacy questions and requests:
privacy@msi3.com
LOTSOG Learning / MD3C, LLC
5800 N. Kilbourn Ave, Chicago, IL 60646

Data Protection Officer (if applicable):
legal@msi3.com

California Privacy Requests:
privacy@msi3.com — Subject: "CCPA Request"