Privacy Policy

Last updated: May 3, 2025

1. Introduction

DrillUP Platform ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, with whom we share it, and your rights under applicable data-protection laws (including the EU's GDPR). This policy covers our AI-powered learning platform services including personalized assessments, adaptive learning paths, and progress tracking.

2. Data Controller

DrillUP Platform, located in Berlin, Germany, is the data controller for the personal data processed through our services.

3. Personal Data We Collect

3.1. Information You Provide

• Account Information: Name, email address, and account credentials
• Assessment Data: Responses to skill assessments and learning evaluations
• Learning Content: Progress through lessons, completion status, and performance metrics
• Reflection Data: Personal reflections, notes, and self-assessment content
• Communication: Messages, feedback, and support requests

3.2. Information We Collect Automatically

• Usage Data: Learning path progression, lesson completion times, interaction patterns
• Technical Data: IP address, browser type, device information, session data
• Performance Analytics: Response times, system performance metrics, error logs
• AI Processing Data: Data generated during AI analysis of your learning patterns

4. How We Use Your Personal Data

4.1. Service Provision

• Analyze assessments to identify potential improvement areas
• Generate personalized learning paths through AI processing
• Provide adaptive content that may adjust to your performance
• Track learning progress and manage content unlocking
• Deliver AI-generated educational content (accuracy not guaranteed)

4.2. Platform Improvement

• Attempt to optimize AI algorithms for personalization
• Work to improve system performance and response times
• Strive to enhance content quality and educational effectiveness
• Monitor and improve system reliability (no guarantees provided)

4.3. Communication

• Send learning progress updates and achievements
• Provide customer support and technical assistance
• Share product updates and new features (with consent)

5. Legal Basis for Processing

• Contract Performance: Processing necessary to provide our learning services
• Legitimate Interest: Improving our AI algorithms and platform performance
• Consent: Marketing communications and optional features
• Legal Obligation: Compliance with applicable laws and regulations

6. Data Sharing and Disclosure

6.1. Service Providers

We may share data with trusted third-party service providers who assist in:

• AI processing and machine learning services
• Cloud hosting and data storage
• Analytics and performance monitoring
• Customer support and communication

6.2. Legal Requirements

We may disclose personal data when required by law, court order, or to protect our rights and safety.

6.3. No Sale of Personal Data

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication systems
• Secure AI processing environments
• Regular backups and disaster recovery procedures

8. Data Retention

We retain personal data for as long as necessary to provide our services and comply with legal obligations:

• Account Data: Until account deletion or 3 years of inactivity
• Learning Progress: Until account deletion or as required for service provision
• Assessment Data: Retained to maintain learning continuity and personalization
• Technical Logs: Typically retained for 12 months for system optimization

9. International Data Transfers

Your data may be processed in countries outside the EU/EEA. We ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for certain countries
• Other appropriate safeguards as required by law

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, contact us at privacy@drillup.tech

11. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

12. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal data from children under 16 without parental consent.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through our platform.

14. Data Processing Disclaimers

AI PROCESSING LIMITATIONS: Our AI systems are experimental and may not always function as expected. We make no guarantees about the accuracy, completeness, or reliability of AI-generated assessments, learning paths, or content recommendations.

DATA ACCURACY: While we strive to process your data accurately, technical limitations may result in processing errors, data loss, or system failures. We are not liable for such occurrences.

THIRD-PARTY PROCESSING: Some data processing occurs through third-party AI services. We cannot guarantee the performance, security, or availability of these external services.

15. Contact Information

For privacy-related questions or to exercise your rights, contact us at:

Email: privacy@drillup.tech
Address: DrillUP Platform, Berlin, Germany

Data Protection Officer

If you have concerns about our data processing, you may also contact our Data Protection Officer at dpo@drillup.tech

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal data appropriately.