Privacy Policy

1. Information We Collect

Account and Identity Information

When a teacher, school administrator, or student creates an account on Viva, we collect the information provided during registration, which may include:

• Full name — used to identify users within the platform.
• Email address — used for authentication, notifications, and support.
• School or institution name — used to associate users with the correct organisational account.
• Role — whether you are a teacher, student, or administrator.
• Grade level or class section — provided by teachers when setting up assignments.

For students enrolled through an institutional account, accounts are typically created or provisioned by the school. Students may not be required to provide an email address if their school uses single sign-on (SSO) or teacher-managed enrollment.

Interview Audio and Transcripts

The core of the Viva platform is the AI-conducted oral assessment. When a student completes a Viva session, we collect and process:

• Audio recordings of the student's spoken responses during the interview session.
• Real-time transcripts generated from those audio recordings.
• Interview responses, including follow-up exchanges with the AI interviewer.
• Assessment scores generated by our AI grading system, including understanding and authenticity metrics.
• Viva Card data — structured credential records summarising a student's verified performance.

Audio recordings are transcribed and then deleted from our primary systems within 30 days of the session, unless longer retention is required by the school's data agreement. Transcripts and scores are retained for the duration of the school's contract plus one additional year, after which they are permanently deleted or anonymised.

Linguistic Patterns Derived from Transcripts

To support the integrity panel and the longitudinal capability profile, Viva computes a small set of aggregate linguistic indicators from each interview transcript. These are derived numbers, not raw audio, and are stored alongside the session record. They include:

• Speaking rate (words per minute) over the student's spoken responses.
• Vocabulary diversity — the ratio of unique words to total words.
• Filler-word density — frequency of fillers such as "um", "uh", "음", "어".
• Hedging frequency — frequency of uncertainty markers such as "I think", "maybe", "같아요".
• Average response length and short-answer ratio.
• Response delay — time between the AI's prompt ending and the student starting to speak.
• Submission-vs-spoken vocabulary gap — words used in the student's written submission that were not used in their spoken responses, used as a possible indicator of AI-assisted writing or rote copying.

These indicators are not biometric voiceprints and are not used to uniquely identify a person across services. They are used solely to (a) help teachers spot inconsistencies between a student's submission and oral defence ("authenticity") and (b) build a longitudinal profile of the student's own growth that the student and their teacher can review. The indicators are deleted together with the parent transcript per the retention schedule above.

Longitudinal Profile and Integrity Comparisons

Once a student has completed two or more interviews, Viva compares each new interview against that student's own prior history to surface unusual deviations (e.g. a sudden drop in vocabulary range or a large mismatch between written and spoken vocabulary). This comparison is shown to the student's teacher inside the grading workflow and to the student inside their own profile page.

The longitudinal profile is scoped to a single school's contract: we do not combine data across schools to build a portable profile of an individual student. Aggregate, de-identified statistics across the platform may be computed (see "Aggregate platform metrics" below), but those statistics never expose data about a specific student.

Aggregate Platform Metrics

We compute periodic de-identified, aggregate metrics across the platform — for example, the average speaking rate at a given grade level, or the distribution of authenticity scores across a subject. These metrics are used to give teachers benchmarks ("your class's average understanding score is X; the platform-wide average for this grade level is Y") and to calibrate the integrity panel's thresholds.

Aggregate metrics never include individual identifiers, and we apply minimum cohort sizes (typically n ≥ 25) before publishing any benchmark to prevent re-identification.

Public Profile (Optional, Student-Controlled)

Students can optionally publish a shareable, verified record of their interviews at a URL such as vivacheck.org/p/[name-slug]. This feature is off by default. When a student turns it on, only the interviews they explicitly select are included, and they can toggle individual elements (growth curve, recurring strengths, school name) on or off. Students can disable their public profile at any time, which immediately removes the page from the web. Search engines are blocked from indexing public profiles by default (noindex headers).

Teacher AI Co-pilot Drafts

When a teacher clicks "Draft with AI" on the feedback editor, the student's name (first name only), assignment context, scores, strengths, and growth areas are sent to our AI provider (Anthropic) to generate a draft message. The teacher reviews and edits the draft before publishing — Viva never sends AI-generated feedback to students automatically.

Usage and Technical Data

We automatically collect certain technical information when you access or use the Viva platform, including:

• IP address and general geographic location (country or region).
• Browser type, operating system, and device identifiers.
• Pages visited, features used, and session duration.
• Error logs and performance diagnostics.

This data is used solely for platform operation, security monitoring, and service improvement. It is not linked to individual students for advertising or profiling purposes.

De-identified Research Corpus (Opt-in Only)

For students whose school has signed a Data Processing Agreement (DPA) granting research use, AND who have personally opted in (the "Research Consent" toggle in Settings, or the optional checkbox at signup), we extract a de-identified copy of completed interview sessions into a separate research corpus. This corpus enables educational research, academic publications, and shared benchmarks. We have built it with the following safeguards:

• Both gates required. School-level DPA AND per-student consent must both be in place. The absence of either means no row is extracted.
• 30-day extraction lag. Sessions are not extracted until at least 30 days after they were completed. This gives students a window to revoke consent before any data enters the corpus, and prevents timing-based re-identification.
• Hashed identifiers. Every direct identifier (user ID, school ID, email, name) is replaced with a one-way cryptographic hash computed using a server-side secret. The corpus contains no names, emails, or school IDs.
• Date-only timestamps. Precise interview timestamps are reduced to a date (YYYY-MM-DD) before extraction.
• PII scrubbing. Free-text fields (transcripts, written submissions, AI summaries) are passed through an automated PII scrubber that strips emails, phone numbers, IDs, URLs, and names from a Korean and English name database.
• Minimum cohort size. Any aggregate output published or shared (papers, benchmarks, derivative datasets) must use a cohort of n ≥ 25.
• Audit log. Every read or write of the corpus is recorded in an internal audit log including who, when, why, and how many rows were touched.
• Withdrawal. You can withdraw research consent at any time from Settings. Future sessions will not be extracted. Rows already in the corpus, which are de-identified, remain unless you specifically request their deletion at privacy@vivacheck.org.

Research consent is strictly optional and entirely separate from using the Viva service. You can use Viva fully without ever opting in, and there is no service-level penalty for declining or withdrawing.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Viva service — operating the platform, conducting AI oral assessments, generating scores, and producing Viva Cards.
• Authentication and access control — verifying identities and ensuring only authorised users access protected data.
• Teacher and administrator tools — enabling teachers to create assignments, view results, and manage students within their classes.
• Customer support — responding to questions, troubleshooting issues, and communicating service updates.
• Security and fraud prevention — detecting and preventing misuse, impersonation, and attempts to manipulate AI assessment results.
• Platform improvement — analysing aggregated, anonymised usage patterns to improve reliability and user experience.

3. Sharing with Third Parties

We do not sell personal information. We do not share personal information with advertisers or data brokers. We share data with third parties only in the following circumstances:

Sub-processors and Service Partners

To deliver the Viva service, we engage the following third-party sub-processors who may process personal data on our behalf:

• ElevenLabs — provides the AI voice technology that powers the spoken interview experience. Audio is transmitted to ElevenLabs for real-time voice synthesis and processing. ElevenLabs processes this data under a Data Processing Agreement (DPA) with Viva that restricts use to service delivery only.
• Anthropic — provides the Claude AI model used for transcript analysis and scoring. Interview transcripts are submitted to Anthropic's API for grading. Anthropic processes this data under a DPA with Viva. Anthropic's API terms prohibit using API-submitted data to train their models.
• Supabase — provides our database and authentication infrastructure. All data at rest is encrypted and stored within Supabase's SOC 2-compliant infrastructure.
• Vercel — hosts the Viva web application. Request logs may be processed through Vercel's infrastructure.

A complete and current list of sub-processors is available upon request by emailing privacy@vivacheck.org.

Educational Institutions

Student data is shared with the student's school and relevant teachers as part of the service. This includes assessment scores, Viva Cards, and transcript summaries. Under FERPA, schools act as the data controller for student educational records, and Viva acts as a school official with a legitimate educational interest.

Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Viva, our users, or the public.

4. Student Data Protections

FERPA Compliance

Viva operates as a "school official" under the Family Educational Rights and Privacy Act (FERPA) when schools provide access to student educational records. We use student data solely to provide the contracted educational service and do not disclose student records to third parties without school authorisation, except as permitted by FERPA.

Schools retain the right to access, correct, and request deletion of student records at any time. Teachers and administrators can export or delete student assessment data directly from the Viva dashboard.

COPPA Compliance

Viva does not knowingly collect personal information directly from children under the age of 13 without verifiable parental or institutional consent. Direct self-registration on the Viva platform requires users to be at least 13 years of age.

Schools may enroll students under the age of 13 through their institutional Viva account. In doing so, the school acts as the operator on behalf of the student and represents that it has obtained any necessary parental consent in accordance with COPPA and applicable state law. Viva does not collect personal information from students under 13 beyond what is necessary to provide the educational service.

No Advertising or Profiling of Students

5. Data Security

Viva employs industry-standard technical and organisational measures to protect personal information against unauthorised access, alteration, disclosure, or destruction:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
• Encryption at rest: Database records, including interview transcripts and scores, are encrypted at rest using AES-256.
• Access controls: Internal access to user data is restricted on a need-to-know basis and subject to multi-factor authentication.
• Audit logging: Access to sensitive data is logged and monitored.
• Penetration testing: We conduct periodic security assessments to identify and remediate vulnerabilities.

Despite these measures, no system is perfectly secure. If we become aware of a security breach that affects your personal data, we will notify affected schools and users in accordance with applicable law, including within 72 hours where required by GDPR.

6. Data Retention and Deletion

We retain personal information only for as long as necessary to provide the service and comply with our legal obligations. Our standard retention schedule is as follows:

• Audio recordings: Deleted within 30 days of the interview session.
• Interview transcripts and AI scores: Retained for the duration of the school's active contract plus one (1) additional year after contract expiration, then permanently deleted or irreversibly anonymised.
• Viva Card credentials: Retained as long as the student holds an active account or until deletion is requested. Students may export or request deletion of their Viva Cards at any time.
• Account data: Retained for the duration of the account and deleted within 90 days of account closure.
• Usage and log data: Retained for up to 12 months for security and operational purposes.

Schools may request early deletion of all student data associated with their institution by contacting privacy@vivacheck.org. We will complete verified deletion requests within 30 days.

7. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Access: The right to request a copy of the personal information we hold about you or your child.
• Correction: The right to request that inaccurate or incomplete information be corrected.
• Deletion: The right to request that we delete your personal information, subject to our legal obligations and data retention requirements.
• Portability: The right to receive your personal data in a structured, machine-readable format (such as JSON or CSV) for transfer to another service.
• Restriction: The right to request that we restrict processing of your data in certain circumstances.
• Objection: The right to object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, the right to withdraw that consent at any time without affecting prior processing.

For students, these rights are typically exercised through the school or by the student's parent or guardian on their behalf. Teachers and administrators may access and export student data directly from the Viva dashboard. All other requests can be directed to privacy@vivacheck.org.

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with a data protection authority, you also have the right to lodge a complaint with your local supervisory authority if you believe we have not handled your data lawfully.

8. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy team:

Email: privacy@vivacheck.org
Response time: We aim to respond to all privacy inquiries within 5 business days, and to complete verified data requests within 30 days.

For schools seeking to execute a Data Processing Agreement (DPA) or review our security documentation, please contact privacy@vivacheck.org with the subject line "DPA Request."