Effective Date: October 29, 2025

Entity: Tutorpeers LLC dba EdSpan Global (“EdSpan Global,” “we,” “us,” or “our”)

Address: 291 Central Park West, New York, NY 10024

Contact: support@sparkz.space

Data Protection Officer: To be appointed. Until then, please direct all privacy inquiries to our Privacy Officer at the above email.

1. Introduction

This Privacy Policy explains how EdSpan Global collects, uses, discloses, and protects personal information in connection with the Sparkz.Space platform (“Sparkz” or “the Service”). Sparkz is an educational AI guide that provides text and voice chat, file upload features, live avatar sessions, and related learning tools for students ages 13 and older.

By accessing or using Sparkz, you acknowledge that you have read and understood this Policy. Where Sparkz is offered through a school, district, or other educational institution (collectively, “Schools”), EdSpan Global acts as a School Official under the Family Educational Rights and Privacy Act (FERPA) and processes student data only as directed by the School.

2. Definitions

Personal Data means any information relating to an identified or identifiable individual.

Processing means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.

Controller means the entity determining the purposes and means of Processing.

Processor means the entity Processing Personal Data on behalf of a Controller.

School Official refers to EdSpan Global’s role under FERPA when providing Sparkz to Schools with a legitimate educational interest.

Student Data means data that directly relates to a student and is maintained by a School or by EdSpan Global on its behalf.

3. Scope of Application

This Policy applies to Sparkz.Space websites, mobile or web applications, APIs, and any other services that link to it.

• Individual Accounts (B2C): Users who register directly with Sparkz.
• School-Managed Accounts (B2B): Users whose access is provisioned through a School agreement.

In the latter case, the School remains the data controller, and EdSpan Global acts solely as a processor under that School’s written instructions.

4. Information We Collect

Category	Examples	Purpose / Basis
Account Information	Name, email address, password hash	Account creation and authentication
Learning Interactions	Prompts, chat messages, voice inputs, AI responses	Delivery of educational features
Uploads and Files	Documents or images shared for learning tasks	Enabling file-based learning support
Device and Service Data	IP address, browser type, OS, timestamps, logs	Security, performance, diagnostics
Cookies and SDKs	Login/session cookies; analytics cookies	Authentication and feature analytics
Approximate Location	Inferred from IP (city/region only)	Fraud prevention and service localization
Feedback Data	Ratings, comments, survey responses	Quality improvement and support

EdSpan Global does not collect biometric identifiers, government-issued IDs, or precise GPS data.

5. How We Use Personal Data

We use Personal Data to:

1. Operate, maintain, and improve Sparkz features and user experience.
2. Facilitate learning support, content recommendations, and feedback loops.
3. Secure accounts, detect misuse, and protect user safety.
4. Perform internal diagnostics and de-identified analytics.
5. Communicate service notices, product updates, and support responses.
6. Comply with legal obligations and School data-use agreements.

EdSpan Global does not sell Personal Data, nor does it use student information for targeted advertising or profiling.

6. Legal Bases for Processing

• Contractual Necessity – to provide the Sparkz service you request.
• Legitimate Interests – ensuring security, service reliability, and internal analytics.
• Consent – for optional activities such as surveys or promotional updates.
• Legal Obligation – to meet compliance, safety, or record-keeping requirements.
• FERPA School Official Role – when processing Student Data on behalf of Schools.

7. Data Retention

Data Type	Retention Period	Deletion Trigger
Chats and Voice Sessions	Removed when a user starts a new chat; summaries stored in-app memory until account closure	Account deletion or School request
Uploads and Files	Retained until deleted by the user or until account closure	User deletion or School request
Account Information	While the account is active	30–60 days after verified deletion request
Analytics Logs	Stored only in aggregated or de-identified form	Never re-identified

8. Data Sharing and Disclosure

We share Personal Data only as follows:

1. Service Providers and Processors

   • Hosting: DigitalOcean (transitioning to AWS in 2026)

   • AI Engines: OpenAI (text generation), AssemblyAI (speech-to-text), ElevenLabs (text-to-speech), Pinecone (vector database), Recall (avatar sessions)

   • Authentication and Analytics: Google (Google Sign-In and Google Analytics)

   • Support: Software Arrows (customer support platform)

     Each vendor operates under written data-processing terms limiting use to EdSpan Global’s instructions.

2. Schools and Educators – as authorized under FERPA agreements.

3. Legal and Compliance – when required by law, subpoena, or to protect rights and safety.

4. Business Transfers – in the event of a merger or acquisition, with safeguards and notice.

We may publicly share aggregated or de-identified statistics, never re-identifiable.

9. Educational Data Stewardship

EdSpan Global acts as a School Official under FERPA when Sparkz is deployed by a School.

• Ownership of Student Data remains with the School.
• We process Student Data solely for authorized educational purposes.
• We follow each School’s consent, record-retention, and deletion policies.
• Under COPPA, Sparkz restricts access to users 13+ and employs an age gate.

If we discover data from a child under 13 without verifiable consent, it will be deleted promptly.

10. Cookies and Tracking Technologies

We use:

• Strictly Necessary Cookies for login and security.
• Functional Cookies to remember preferences.
• Analytics Cookies (Google Analytics 4) to measure feature usage.

You may control cookies through your browser settings. Certain features may not function without essential cookies.

Sparkz.Space does not respond to Do-Not-Track signals, as no industry standard currently exists.

11. Security Measures

We employ reasonable administrative, technical, and physical safeguards, including:

• Encryption in transit (TLS 1.2 or higher)
• Role-based access controls and MFA
• Hardened server environments
• Continuous monitoring and log auditing
• Personnel training on data protection

12. Data Breach and Incident Response

If a breach involving Personal Data occurs, EdSpan Global will:

1. Investigate and contain the incident immediately.
2. Notify affected Schools, users, and regulators (as required) within 24 hours of confirmation.
3. Coordinate remediation and follow-up per School policies.

13. International Data Transfers

Personal Data is primarily processed in the United States. For users in the EEA and UK, transfers rely on the European Commission’s Standard Contractual Clauses and additional technical and organizational safeguards.

Where translated versions of this Policy exist, the English version governs in case of discrepancy.

14. Your Rights and Choices

Depending on jurisdiction, you may have the right to:

• Access and obtain a copy of your data.
• Request correction or deletion.
• Restrict or object to Processing.
• Receive your data in portable form.
• Withdraw consent where applicable.

To exercise these rights, contact support@sparkz.space. Verification of identity may be required.

Parents and Guardians: For student accounts managed by Schools, requests must be directed to the School, which will coordinate with EdSpan Global to fulfill them under FERPA.

15. Children’s Privacy

Sparkz is intended for users 13 years and older.

• Users under 13 may not create accounts.
• For School pilots, participation requires parental or School consent consistent with FERPA and COPPA.
• We do not knowingly collect data from children under 13 outside those channels.

16. Changes to This Policy

We may update this Policy periodically. Material updates will be posted with a new Effective Date and, where required, notice to affected users or Schools. Continued use after updates indicates acceptance of the revised Policy.

17. Accessibility

Sparkz.Space is committed to providing an accessible digital experience for all users. If you encounter any barriers while using our platform or reading this Policy, please contact support@sparkz.space. We review and address accessibility inquiries promptly and strive to maintain conformance with WCAG 2.1 Level AA standards.

18. Contact Information

For all privacy, data protection, or accessibility inquiries:

Privacy Officer

Tutorpeers LLC dba EdSpan Global

291 Central Park West, New York, NY 10024

Email: support@sparkz.space

If you are located in the EEA or UK and believe your rights have been violated, you may also contact your local data-protection authority.

19. Annex A – AI Ethics and Safety Principles

Sparkz operates according to the following responsible-AI principles:

1. Transparency – Users are informed when they interact with an AI system.
2. Fairness and Non-Discrimination – We monitor model behavior for potential bias and continually refine prompts to promote inclusivity.
3. Safety and Appropriateness – AI responses are filtered and audited to reduce harmful or age-inappropriate content.
4. Human Oversight – Educational use of Sparkz is supported by educators or program facilitators who can review and guide AI interactions.
5. Privacy by Design – AI interactions are processed transiently; conversations and uploads are never used to train external models or to profile users.
6. Accountability – We maintain internal governance procedures and log audits to ensure compliance with these principles.

These commitments are integral to EdSpan Global’s educational mission and supplement, rather than replace, its legal obligations under applicable data-protection laws.