Applies to: Ontario school boards + educational institutions globally
Version: [v1.0]
Last updated: January 1st, 2026
Contact: contact@resso.ai
What Resso.ai is (education context)
Resso.ai provides structured practice and feedback experiences for student communication, interview readiness, and career skill development. Institutions can deploy board-wide, school-wide, class-based, or pilot subscriptions, with flexible term lengths.
Core privacy commitments (K–12-ready)
• No selling or renting of personal information
• No targeted advertising and no ad-tech in the Education application
• No tracking outside the app (no browsing history, search history, social media tracking)
• No GPS collection
• No email marketing to students
• Canada-first hosting by default for Ontario Institutions: Microsoft Azure Canada regions
• No model training on Institution data by default (opt-in only via written agreement, if ever enabled)
Data categories we may process (Education)
Depending on deployment configuration and features enabled:
• Account/access: name/email/role (or pseudonymous identifiers for pilots), authentication metadata
• In-app content: student/educator content uploaded or created in the app (e.g., practice responses, resumes)
• In-app usage: progress/completion and feature usage events necessary to operate the service
• Security/diagnostics: logs, device/browser info, IP for security and abuse prevention
We do not embed marketing analytics in the Education application.
Data ownership & IP
• Students and educators retain ownership/copyright of their content.
• Resso.ai uses content only to provide the service and support the Institution’s use.
Subprocessors and third parties
• We use a small set of vetted subprocessors for hosting, authentication, monitoring, and support.
• Subprocessors are bound by contract to maintain safeguards equivalent to or stronger than ours.
• We provide a Subprocessor List (public page and/or on request) and advance notice of material changes per agreement. (please refer to our Resso.ai Education Subprocessor List)
Security controls
• Encryption in transit and at rest
• Role-based access controls and least privilege
• Administrative access protected with MFA (optional)
• Audit logging for administrative actions and security monitoring
• Vulnerability management (patching, dependency updates, security review practices)
• Backups and disaster recovery to support availability and resilience
Incident response & breach notification
• We maintain an incident response process for containment, investigation, remediation, and communication.
• If a confirmed incident involves Institution data, we notify the Institution without undue delay and according to any agreed contractual timeframe, and provide details needed to support the Institution’s legal/policy obligations.
Retention & deletion
• We retain data only as needed to provide the service and meet contractual/legal requirements.
• On termination, Institutions may request export (where available; manual export support can be provided).
• Data is deleted within an agreed timeframe after termination, and backups are purged on a rolling basis thereafter.
Governance and contracting
• Resso.ai supports institutional contracting at the board, school, or class level.
• Procurement-ready documentation available upon request:
o Education & Institutional Privacy Policy
o Subprocessor List
o Data Storage / Security Overview
o Data Processing Addendum / Board Addendum (if required by the Institution)