Trust & Privacy

Built for high-stakes learning. Accountable by design.

Sukrat handles student learning data because the product needs it to personalise teaching. Not for advertising, resale, or model training.

Core commitments

What we promise every family and school.

No data sales

Student data is used to personalise learning and show progress. It is not sold to advertisers or data brokers.

No AI training on student data

Student data is not used to train third-party AI models. This is enforced in architecture and in vendor agreements.

No personal data in AI calls

Personally identifiable information is stripped before any external model call. Providers receive curriculum context and anonymised session content only.

Content built to exam standards

Practice and feedback are grounded in retrieved exam materials, not pulled from random internet searches. Off-topic prompts are blocked.

Account-level isolation

Row-level security means each student sees only their data, teachers see only their cohort, and schools see only their institution.

EU-region infrastructure

Student data is stored in the EU region. Encryption at rest and in transit across application and pipeline layers.

Student safety

A system that guides, not a homework answer engine.

Sukrat teaches to the weak topic, not to the answer. Feedback traces to the specific criterion a student missed. The system scaffolds understanding through follow-up questions, enforced at the system level rather than as a prompt afterthought.

Student services are intended for users aged 13+. Guardrails screen inputs and outputs before they reach students. Generated school content is teacher-reviewable before students see it.

  • Input validation and output filtering on tutoring calls
  • Grounding over thousands of real exam materials
  • Curriculum scope filters by subject, level, and paper
  • AI calls traced for quality and safety review
  • Outcome claims published only when measured and permissioned
Data handling

What we store, where it lives, and how long we keep it.

CategoryApproach
Learning dataAnswers, mastery scores, session history, and topic maps. Used only to personalise teaching and show progress.
Account dataName, email, school affiliation, and role. Used for authentication and access control.
RetentionActive accounts keep data for the life of the account. Deletion requests are processed within 30 days, and backups are purged on standard rotation.
Storage regionPrimary student data in EU-region infrastructure. Encryption at rest and in transit.
Subprocessors

Third parties that process data on our behalf.

All vendors are bound by data-processing terms. Personal data is stripped before external AI calls.

ProviderPurpose
SupabaseDatabase, authentication, row-level security
VercelWeb application hosting
DigitalOceanBackend API and ML pipeline
AI model providersContent generation with anonymised curriculum context only. No personal data, and no training on student data.

Full subprocessor list and data-processing terms are provided during school procurement. Request: sahmad@sukrat.ai

Trust should be inspectable, not implied.

Explore the product, read the policies, or talk to us about school deployment.