Privacy Policy
Last updated: May 2026
This Privacy Policy explains how Hello Ada ("we", "us", "our") collects, uses, stores and protects personal data across:
- helloada.ai (parent/teacher accounts)
- edu.helloada.ai (student classroom environment, no login)
We are committed to ensuring safety, privacy, and transparency, especially when working with children, schools, and municipalities.
1Who We Are
2Roles and Responsibilities
edu.helloada.ai (school use)
- Data Controller: The school or municipality
- Data Processor: Hello Ada
We act only on documented instructions from the school, as required by GDPR Article 28.
helloada.ai (consumer site)
- Data Controller: Hello Ada
3Who Uses Hello Ada
Students (edu.helloada.ai)
- No accounts
- No names or emails collected
- No identifiers generated
- Use occurs exclusively under teacher supervision or with parental consent
- Designed so student use does not require any personal data
Parents and Educators (helloada.ai)
- Create accounts using email and password
- Access platform features and receive updates
4Data We Collect
4.1 Student Environment (edu.helloada.ai)
To minimise data processing risks for schools and municipalities, we collect only what is strictly necessary for the service.
We collect:
- Text written by the student in the platform (project descriptions, ideas, AI prompts)
- Technical logs (IP address, browser type) for security, uptime, and incident handling
- Non-identifiable server-side analytics (aggregated usage patterns)
We do not collect:
- Names
- Emails
- Student IDs
- Learning records linked to identity
- Behavioural tracking data
- Non-essential cookies
Students are instructed not to include personal data when using the platform.
4.2 Parent and Teacher Accounts (helloada.ai)
We may collect:
- Email address
- Password (hashed and salted)
- Optional name
- Support messages
- Server-side analytics
- Newsletter preferences (when consented)
5How We Use the Data
Students
- Generating code prototypes using AI
- Ensuring availability, performance, and security
- Providing aggregated usage analytics to the school (not identifiable)
- Preventing misuse
- Maintaining logs necessary for incident resolution and statutory obligations
We do not:
- Profile students
- Sell or transfer data for marketing
- Share student data with third-party advertising systems
Parents and Educators
- Managing accounts
- Providing service updates
- Supporting feature functionality
- Delivering customer support
- Improving the platform and user experience
6AI Processing
Hello Ada uses AI model providers through three application tiers: Ordbogen/Odin for the Danish provider tier, Mistral for the European provider tier, and Google Vertex AI/Gemini plus Anthropic Claude through AWS Bedrock for the Europe-hosted tier.
We process AI prompts as follows:
- User input is sent to the selected AI provider solely for generating an output, including prompts, relevant chat history, current project code or configuration, and runtime error details when needed for the feature.
- We do not intentionally send personal data to AI providers.
- The student environment is designed so that no personal data is required to use the tool.
- Students are explicitly instructed not to include personal or identifying information.
- Schools are responsible for supervising student input to ensure no personal data is included.
- AI providers are used with no-training, no-retention, or equivalent processing controls intended to prevent model training and limit provider-side retention.
- Provider and region choices depend on the selected model tier and deployment configuration.
This approach aligns with requirements from Danish municipalities, Datatilsynet guidance, and EU child data protection expectations.
7Legal Basis for Processing
edu.helloada.ai (schools)
Processing is based on:
- Performance of a task carried out in the public interest (education)
- A data processor agreement (Article 28 GDPR) between the school and Hello Ada
helloada.ai (consumer site)
- Account creation: Contract (Article 6(1)(b))
- Newsletter: Consent (Article 6(1)(a))
- Security and logs: Legitimate interest (Article 6(1)(f))
8Cookies
edu.helloada.ai
- Uses only essential cookies necessary for security and functionality.
- No analytics cookies are placed.
- No cookie banner is required.
helloada.ai
- May use essential cookies and minimal functional cookies.
- Details are provided in the Cookie Policy.
9Data Retention
- Student project data: Deleted after 90 days
- AI logs: 30–90 days
- Backups: 30 days
- Parent/teacher accounts: Deleted after 18–24 months of inactivity
- Support messages: Up to 12 months
Schools may request shorter retention or immediate deletion.
10Subprocessors
We use GDPR-compliant subprocessors, all operating within the EU or under appropriate safeguards:
- Google Cloud Platform, including Vertex AI/Gemini
- Amazon Web Services, including Bedrock-hosted Claude
- Ordbogen/Odin (Danish AI provider)
- Mistral (European AI provider)
- Mixpanel (server-side EU proxy mode)
- PostHog (EU analytics and error tracking)
A full and updated list is available upon request.
We do not use advertising, social media or behavioural tracking subprocessors.
11Security Measures
We apply industry-standard security measures including:
- Encryption at rest and in transit
- Role-based access control
- Access logging and audit trails
- Network segmentation
- Secure development practices
- Data minimisation by design
- Internal access restricted to authorised engineering personnel
12Rights of Data Subjects
Under GDPR, users (and for students, their schools or guardians) may request:
Requests can be submitted to privacy@helloada.ai.
For student requests, the school acts as the primary contact point.
13Complaints
You may contact: