Privacy Policy

Last updated: November 2025

This Privacy Policy explains how Hello Ada ("we", "us", "our") collects, uses, stores and protects personal data across:

  • helloada.ai (parent/teacher accounts)
  • edu.helloada.ai (student classroom environment, no login)

We are committed to ensuring safety, privacy, and transparency, especially when working with children, schools, and municipalities.

1Who We Are

Hello Ada

CVR: 444473798

Ewaldsensvej 10, 3 tv; 2000 Frederiksberg

Email: privacy@helloada.ai

2Roles and Responsibilities

edu.helloada.ai (school use)

  • Data Controller: The school or municipality
  • Data Processor: Hello Ada

We act only on documented instructions from the school, as required by GDPR Article 28.

helloada.ai (consumer site)

  • Data Controller: Hello Ada

3Who Uses Hello Ada

Students (edu.helloada.ai)

  • No accounts
  • No names or emails collected
  • No identifiers generated
  • Use occurs exclusively under teacher supervision or with parental consent
  • Designed so student use does not require any personal data

Parents and Educators (helloada.ai)

  • Create accounts using email and password
  • Access platform features and receive updates

4Data We Collect

4.1 Student Environment (edu.helloada.ai)

To minimise data processing risks for schools and municipalities, we collect only what is strictly necessary for the service.

We collect:

  • Text written by the student in the platform (project descriptions, ideas, AI prompts)
  • Technical logs (IP address, browser type) for security, uptime, and incident handling
  • Non-identifiable server-side analytics (aggregated usage patterns)

We do not collect:

  • Names
  • Emails
  • Student IDs
  • Learning records linked to identity
  • Behavioural tracking data
  • Non-essential cookies

Students are instructed not to include personal data when using the platform.

4.2 Parent and Teacher Accounts (helloada.ai)

We may collect:

  • Email address
  • Password (hashed and salted)
  • Optional name
  • Support messages
  • Server-side analytics
  • Newsletter preferences (when consented)

5How We Use the Data

Students

  • Generating code prototypes using AI
  • Ensuring availability, performance, and security
  • Providing aggregated usage analytics to the school (not identifiable)
  • Preventing misuse
  • Maintaining logs necessary for incident resolution and statutory obligations

We do not:

  • Profile students
  • Sell or transfer data for marketing
  • Share student data with third-party advertising systems

Parents and Educators

  • Managing accounts
  • Providing service updates
  • Supporting feature functionality
  • Delivering customer support
  • Improving the platform and user experience

6AI Processing

Hello Ada uses AI model providers including Claude, Gemini, and SkoleGPT.

We process AI prompts as follows:

  • User input (prompts and relevant chat history) is sent to AI providers solely for generating an output.
  • We do not intentionally send personal data to AI providers.
  • The student environment is designed so that no personal data is required to use the tool.
  • Students are explicitly instructed not to include personal or identifying information.
  • Schools are responsible for supervising student input to ensure no personal data is included.
  • All AI providers are used in no-training, no-retention modes, meaning data is not stored or used to improve their models.
  • Processing occurs within EU or education-approved regions where available.

This approach aligns with requirements from Danish municipalities, Datatilsynet guidance, and EU child data protection expectations.

7Legal Basis for Processing

edu.helloada.ai (schools)

Processing is based on:

  • Performance of a task carried out in the public interest (education)
  • A data processor agreement (Article 28 GDPR) between the school and Hello Ada

helloada.ai (consumer site)

  • Account creation: Contract (Article 6(1)(b))
  • Newsletter: Consent (Article 6(1)(a))
  • Security and logs: Legitimate interest (Article 6(1)(f))

8Cookies

edu.helloada.ai

  • Uses only essential cookies necessary for security and functionality.
  • No analytics cookies are placed.
  • No cookie banner is required.

helloada.ai

  • May use essential cookies and minimal functional cookies.
  • Details are provided in the Cookie Policy.

9Data Retention

  • Student project data: Deleted after 90 days
  • AI logs: 30–90 days
  • Backups: 30 days
  • Parent/teacher accounts: Deleted after 18–24 months of inactivity
  • Support messages: Up to 12 months

Schools may request shorter retention or immediate deletion.

10Subprocessors

We use GDPR-compliant subprocessors, all operating within the EU or under appropriate safeguards:

  • Google Cloud Platform (EU region)
  • Amazon Web Services (EU region)
  • Mixpanel (server-side EU proxy mode)

A full and updated list is available upon request.

We do not use advertising, social media or behavioural tracking subprocessors.

11Security Measures

We apply industry-standard security measures including:

  • Encryption at rest and in transit
  • Role-based access control
  • Access logging and audit trails
  • Network segmentation
  • Secure development practices
  • Data minimisation by design
  • Internal access restricted to authorised engineering personnel

12Rights of Data Subjects

Under GDPR, users (and for students, their schools or guardians) may request:

• Access
• Correction
• Deletion
• Restriction
• Objection
• Data portability

Requests can be submitted to privacy@helloada.ai.

For student requests, the school acts as the primary contact point.

13Complaints

You may contact:

Hello Ada – Data Protection

privacy@helloada.ai

Danish Data Protection Authority

Datatilsynet

https://www.datatilsynet.dk/