Education Privacy Policy
Effective date: February 27, 2026
This policy explains how Sukma handles institution-managed session data, user data, and course data when a college, school, or learning organization is the governing party. It is written to give institutions a clear view of how records are used, protected, and retained in supported deployments.
What Data Is Covered
• Session data such as learner, educator, host, and agent conversation records
• Audience query lifecycle records for governed live-session accountability
• Session artifacts such as examples, assessments, whiteboards, and summaries
• User data such as account identity, role assignment, and access events
• Course data used to provide learning context and session continuity
Why This Data Is Used
• To run institution-managed sessions and deliver meaningful learning support
• To enforce role-based access, governance workflows, and policy decisions
• To support auditability, operational review, and incident response
Institution Control and Ownership
In institution-managed deployments, the institution remains the governing party for student-related records generated in that environment. Sukma processes those records under institution instructions, configured controls, and contract terms.
Retention and Deletion
Institutions can configure conversation retention from 7 to 90 days, with a default of 30 days. After the configured window, governed conversation payloads can be redacted while metadata remains available to support review, evidence, and traceability. Institutions can also request explicit purge operations for governed records such as conversation events, audience queries, examples, assessments, whiteboards, and session summaries.
Security and Accountability
• Role-based access controls for sensitive actions and governance settings
• Policy and evidence records showing what changed, when, and by whom
• Session continuity based on summaries rather than indefinite raw message storage
Personal Accounts Are Handled Separately
Independent learner accounts are governed by the Privacy Notice, not this education policy.