Privacy Policy

1. Purpose

Rayon provides course calendars and teacher dashboards. This policy explains what data is processed, why it is processed, and how users can exercise their rights.

2. Data processed

Teacher accounts: username, password hash, session token hash, and course/topic content managed in the dashboard.

Student calendar visits: IP addresses are immediately pseudonymized with a salted hash and transformed into a readable alias (for example, "Happy Rabbit"). The raw IP is not stored in analytics tables.

3. Why data is processed

- To authenticate teachers and secure access to their dashboards.
- To render student course calendars.
- To provide course engagement analytics to the owning teacher (daily unique accesses and pseudonymized visitor list).

4. Legal basis (GDPR)

Processing is based on the legitimate interest of operating the service, securing teacher access, and providing educational engagement feedback to course owners.

5. Retention

Engagement data is stored as daily aggregates. Teacher account and course data are retained while the account is active, then deleted according to operational and legal requirements.

6. Security

Passwords are never stored in clear text. Access is restricted to authenticated teachers for their own courses only. Pseudonymization salt is stored server-side.

Service infrastructure may rely on separate processors for application hosting and database hosting. Data processing agreements and safeguards are maintained with each provider where required.

7. User rights

Data subjects may request access, rectification, deletion, restriction, objection, or portability in accordance with applicable law. To submit a request, use the contact listed in the legal mentions page.