Privacy Policy

Last updated: April 10, 2026

Introduction

BDNet LLC ("we," "us," or "our") operates manabiQ ("the Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you consent to the data practices described in this policy. If you do not agree with our policies, please do not use the Service.

1. Information We Collect

1.1 Personal Information

We may collect personal information that you provide directly, including:

  • Account Information: Email address, name, organization name
  • Payment Information: Billing address, payment card details (processed by Stripe)
  • Profile Information: Profile picture, job title, preferences
  • Communications: Messages you send to us for support

1.2 User Content

Content you upload to create training materials, including:

  • Documents (PDF, Word, text files)
  • URLs and web content
  • Files selected from Google Drive / OneDrive
  • Custom instructions and prompts

1.3 Learner Data

We collect and process the following data about course learners:

  • Email Address: Used for course invitation and access management
  • Learning Progress: Completed modules, quiz scores, last access time
  • Content Feedback: Feedback submitted by learners on course content

1.4 Automatically Collected Information

  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent on Service
  • Log Data: IP address, access times, error logs
  • Cookies: Session cookies, preference cookies (see Section 5)

2. How We Use Your Information

We use collected information for the following purposes:

Service Delivery

  • • Provide and maintain the Service
  • • Process AI content generation
  • • Manage user accounts
  • • Process payments

Improvement

  • • Analyze usage patterns
  • • Improve AI accuracy
  • • Develop new features
  • • Fix bugs and issues

Communication

  • • Send service notifications
  • • Respond to inquiries
  • • Provide customer support
  • • Send product updates

Security

  • • Prevent fraud and abuse
  • • Monitor for security threats
  • • Enforce our Terms
  • • Comply with legal obligations

3. AI Processing and Data Usage

How AI Uses Your Data

When you upload content, it is processed by Google's Gemini AI through Vertex AI to generate training materials. Your content is:

  • Processed Temporarily: Content is sent to AI for generation and not permanently stored by the AI provider
  • Not Used for Training: Your content is NOT used to train Google's AI models (per Vertex AI terms)
  • Encrypted in Transit: All data is encrypted using TLS 1.2 or higher
  • Subject to Safety Filters: Content is checked against AI safety guidelines

3.1 Enterprise AI Features

Enterprise plan users who opt-in to Agentic AI features (Prompt Evolver, Adaptive Quizzes, Freshness Manager) may have their feedback and usage patterns analyzed to improve AI performance within their organization only. This data is isolated per-tenant and not shared between organizations.

3.2 Content Optimization (Machine Learning)

We use per-organization machine learning models (contextual bandits) to improve course quality. These models process:

  • Topic category and learner type (aggregated, non-identifying data)
  • Average quiz scores (anonymized)
  • Content parameter effectiveness (detail level, quiz difficulty, etc.)

Model data is fully isolated per organization and contains no personally identifiable information.

3.3 Source Fidelity Check

For AI-generated content quality assurance, we generate an AI Confidence Report that verifies generated content against source materials. This process temporarily sends uploaded source content to AI but does not permanently store it.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

4.1 Service Providers

  • Google Cloud Platform: Infrastructure, AI processing (Gemini / Vertex AI), storage
  • Firebase: Authentication, database
  • Stripe: Payment processing (card details managed directly by Stripe)
  • Google Drive API: Read-only file access (drive.readonly scope) only when explicitly connected by user
  • Email Services: Transactional emails

4.2 Legal Requirements

We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of our users or others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction. You will be notified of any such change.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences
  • Analyze usage patterns
  • Improve service performance

Cookie Types

TypePurposeDuration
EssentialAuthentication, securitySession
FunctionalPreferences, settings1 year
AnalyticsUsage statistics2 years

You can control cookies through your browser settings. Note that disabling essential cookies may affect service functionality.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: TLS 1.2+ for data in transit, Google-managed encryption for data at rest
  • Authentication: Secure magic link authentication, session management
  • Access Control: Role-based access control (RBAC), principle of least privilege
  • Infrastructure: Google Cloud Platform with SOC 2, ISO 27001 compliance
  • Monitoring: Continuous security monitoring, intrusion detection

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6.1 Audit Logging

For security and compliance, we maintain tamper-evident audit logs for critical operations including course publishing/unpublishing, learner data anonymization, and data exports. Logs record the actor, action, target, and result.

7. Data Retention

We retain your data as follows:

  • Active Accounts: Data is retained while your account is active
  • After Cancellation: Data is retained for 30 days, then permanently deleted
  • Operation Logs: Retained for the duration of your contract
  • Legal Requirements: Some data may be retained longer if required by law

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

Access & Portability

Request a copy of your data in a portable format

Correction

Request correction of inaccurate personal data

Deletion

Request deletion of your personal data

Opt-Out

Opt out of marketing communications

To exercise these rights, please contact our support team. We will respond within 30 days.

8.1 Data Export and Anonymization

We provide the following capabilities via API and admin interface:

  • Data Export: Download all your data (subscriptions, courses, learning progress, feedback) in JSON format
  • Data Anonymization: When an employee leaves or requests deletion, personal data is irreversibly anonymized while preserving statistical data
  • Processing Time: Export and anonymization requests are processed immediately

9. International Data Transfers

Your data may be transferred to and processed in the United States, where our servers are located. If you are located outside the United States, your data will be transferred across international borders. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

10. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete that information.

11. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

12. Japan Personal Information Protection Act (APPI)

Customers located in Japan are afforded additional protections under the Act on the Protection of Personal Information (APPI):

  • Purpose Specification: Personal information is used only for purposes specified in Section 2 above
  • Restrictions on Third-Party Provision: We do not provide personal data to third parties without your consent (except as required by law)
  • Cross-Border Transfer: Data is transferred to US servers for AI processing. Google maintains appropriate security measures
  • Disclosure, Correction, and Cessation: You may request these at any time through our support team
  • Anonymously Processed Information: We may create anonymized data for statistical analysis. This data cannot be used to re-identify individuals

13. EU General Data Protection Regulation (GDPR)

Customers located in the EEA have the following rights under GDPR:

  • Legal Basis for Processing: Performance of contract (service delivery), legitimate interests (service improvement), consent (marketing)
  • Data Portability: Right to receive data in a structured, machine-readable format
  • Restriction of Processing: Right to request restriction of data processing in certain circumstances
  • Right to Erasure: Right to request deletion of personal data (GDPR Art. 17)
  • Supervisory Authority: Right to lodge a complaint with a data protection authority in your country

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

15. Contact Us

For privacy-related questions or to exercise your rights, please contact us:

BDNet LLC - Privacy Team

Contact Support

Website: www.manabiq.com

Terms of ServiceBack to Home