Teacher Program
LoginJoin

Perplex Privacy Policy

As part of our commitment to privacy, Perplex Learning Incorporated (hereafter Perplex) provides this Perplex Privacy Policy to explain how we collect, use and safeguard personal data connected to your use of Perplex.org (the website) and any provided Services. This policy also sets forth your privacy rights and the means by which you may exercise them.

In connection with the Services:

  • We only collect personal information or student data (hereafter data) that is needed to provide the Services.
  • We share data only with third-party vendors who help us deliver and support the Services.
  • We do not share data with any third-party advertisers, nor does the website contain any targeted advertising.

In order to maintain our responsibility for information privacy, we may update this Privacy Policy to reflect changes to our practices or our business. You will be notified via the email connected to your account of any material changes to this policy that impact your privacy rights.

Effective date: November 13, 2025

Compliance statement

  • Designed to support compliance with GDPR when the Service is provided to EU institutions, students or teachers.
  • Operated as a processor and as a school official under FERPA when access is provided by a school.
  • Not directed to children under 13 and no student targeted advertising.

FERPA and School Official Status

When Perplex provides access through a school, district, or other educational institution (“Institution”), Perplex acts as a School Official with a legitimate educational interest under FERPA. Student Data and Education Records processed through the Service remain the property of and under the control of the Institution.

Perplex uses Student Data only to provide and improve the Service on behalf of the Institution and does not disclose Student Data to any third party except:

  • to Service Providers acting on our behalf under written contract,
  • as directed by the Institution, or
  • as required by law.

Note to minors

If you are under the age of 16, please get permission from your parent or legal guardian or your school before using the Services. If we discover that we have collected any personal information from a child under the age of 16 without the proper consent required by law, we will suspend the associated account or remove that information from our database as soon as possible.

Technical data

We collect technical information generated by use of the Service, including IP address, device and browser characteristics, operating system, timestamps, pages and endpoints requested, referring URLs, approximate location derived from network data, performance metrics, and error and security logs. This is collected for visitors, students, teachers, and school administrators.

We use technical data to provide, secure, and maintain the Service, to prevent fraud and abuse, to diagnose and fix errors, and to measure reliability and performance so the classroom experience is stable for students and teachers. In the European Economic Area we obtain consent before collecting non essential analytics through cookies or similar technologies.

Identity and authentication data

We collect identity and account information when an account is created or managed, such as name, email address, account and user identifiers, and a student or teacher role.

We use identity and authentication data to create and administer accounts, protect sign in and access, associate users with classes and institutions so students can access their own work and teachers can manage their classes, provide support, and enforce policies and contracts. In school provided implementations we process this information under the institution’s documented instructions.

Academic data

We collect academic settings and goals supplied by a user or an institution, including course type or track, target outcomes, assessment dates or periods, and self assessed targets. This applies primarily to students and to teachers who configure classes.

We use academic data to tailor study plans and content, align activities to curriculum requirements, track progress, and support institution authorized reporting so students see appropriate goals and teachers can view relevant settings for their classes. Processing is carried out under contract and our legitimate interests in delivering and improving pedagogically appropriate features, or under school direction where applicable.

Usage data

We collect event level records describing how features are used, such as activities started or completed, time on task, navigation flows, and outcome indicators, together with performance telemetry. Usage data is recorded for students, teachers, and administrators as they interact with the Service. When access is provided by an Institution, student usage data is de-identified.

We use usage data to operate and improve features, recommend appropriate content, monitor service quality, and generate dashboards that reflect engagement and progress so students can follow their own progress and teachers can view class level and student level metrics for the learners they oversee. In the European Economic Area we collect non essential analytics only after consent. All users can opt out of analytics tracking by visiting https://perplex.org/privacy-settings.

User generated data

We process content that users create or upload within the Service, including typed or uploaded work, images or PDF files, and the contents of instructional or support chats together with timestamps and content identifiers. This category primarily relates to students and teachers who use learning and classroom features.

We use user generated data to deliver core learning functionality, including saving and reviewing work, providing feedback, enabling teacher review and grading, and resolving user requested issues so students can revisit their own work and teachers can review the work of students in their classes. Processing is performed under our contract with you or your institution and, for school provided access, under the institution’s instructions.

Classroom data

We collect classroom administration information supplied by an institution or a teacher, such as student lists for a class, the classroom name, and a class invite code. This information supports enrollment and instructional workflows.

We use classroom data to manage rosters and enrollment, distribute and collect assignments, display upcoming and past classroom activities, and produce institution authorized reporting so students see the classes and assignments they are enrolled in and teachers see the rosters and artifacts for the classes they manage. Processing is performed under contract and, in school contexts, as a processor acting on the institution’s instructions.

Marketing and communications data

For teachers, administrators, and other users who opt in, we collect communication preferences, subscription status, and engagement with our messages.

We use marketing and communications data to deliver product updates, onboarding information, surveys, and other messages consistent with the user’s preferences and to honor unsubscribe and opt out choices. Essential service notices related to the Service may be sent regardless of marketing preference where permitted by law.

Financial data

If you purchase goods or services from us, payment information is processed by our payment processor, currently Stripe. We receive and store tokens and limited billing details such as billing name, email, and billing address as needed to complete the transaction, issue receipts, and maintain records. We do not store full card numbers on our systems.

We use financial data to process transactions, provide access to paid features, handle receipts and account queries, detect and resolve payment issues, and comply with tax and accounting obligations. For institutional purchases we may also process purchase order identifiers and billing contacts supplied by the institution.

Service providers

We use the following service providers to operate and support the Service. Each provider is engaged under a written contract that limits use to providing the contracted services and requires confidentiality and security. Transfers, where relevant, are supported by the EU United States Data Privacy Framework or the European Commission 2021 Standard Contractual Clauses.

  • Supabase (AWS us east). Database and operational logging for the application.
  • Google Firebase. Authentication and cloud storage of files uploaded through the Service.
  • PostHog. Product analytics processed in an EU data center and configured to limit direct identifiers and honor consent choices in the EEA.
  • OpenAI. Processing of messages and content to power AI features such as chat and automated feedback.
  • Anthropic. Processing of messages and content to power AI features such as chat and automated feedback.
  • Google Gemini. Processing of messages and content to power AI features such as chat and automated feedback.
  • Vercel. Hosting and delivery of the website and application.
  • Stripe. Payment processing and billing support. We do not store full card numbers on our systems.
  • Sentry. Error monitoring and performance telemetry for the application and website.
  • Langfuse. Observability and analytics for AI features.

This list may be updated from time to time. For questions about our providers or to request the current list, contact privacy@perplex.org.

Service Providers are prohibited from using Student Data for any purpose other than providing the contracted services and are prohibited from redisclosing Student Data except as permitted by the Institution or required by law.

AI Processing and Model Training

Certain features of the Service use third-party artificial intelligence tools to analyze, generate, or summarize content that users submit. When Student Data or user content is sent to these AI Service Providers, it is processed solely for the purpose of providing the requested output.

Perplex does not permit AI Service Providers to use Student Data or identifiable user content to train or improve their generalized models, and such data is not retained longer than necessary to deliver the feature. AI processing is carried out under written agreements that require confidentiality, security, and purpose limitation.

De-identified or aggregated data may be used by Perplex to improve the Service, but Perplex does not use identifiable Student Data for product development without the Institution’s authorization.

International transfers

Our primary hosting is in the United States. If personal data from the European Economic Area or Switzerland is processed in the United States or another country, we rely on the EU United States Data Privacy Framework where available or on the European Commission 2021 Standard Contractual Clauses with appropriate safeguards. We will provide additional information about these safeguards on request.

Cookies and similar technologies

We use cookies and similar technologies that are necessary to operate the Service. In the European Economic Area we obtain consent before setting non essential analytics cookies and we honor the choices you make through our cookie controls.

Rights and requests

Users may request access, correction, or deletion of personal data by contacting privacy@perplex.org or visiting https://perplex.org/privacy-settings. Where access is provided by an institution, requests must be routed through that institution. We aim to respond within 30 days and will comply with applicable law.

When access is provided by an Institution, Perplex will, upon the Institution’s request or upon termination of the agreement, delete or return all Student Data within 60 days, except where retention is required by law. Backups containing Student Data are deleted in accordance with our standard backup cycle.

Security and incident response policy

We use administrative, technical, and physical safeguards appropriate to the nature of the data, including encryption in transit and at rest and least privilege access controls. We strive to ensure that all our employees are aware of the importance of confidentiality and maintaining the privacy and security of your information.

If we become aware of unauthorized access to or disclosure of personal data, we will investigate promptly, take steps to contain and remediate the issue, and keep appropriate records. Where an institution provides access, we will notify the institution without undue delay consistent with our contract so the institution can meet its own obligations.

When notification to individuals or authorities is required by law, we will provide that notice in the manner and within the time periods required, and we will cooperate with the institution and with regulators. Notices may be delivered by email or through in-product messaging and will describe what happened, what information was involved, the steps we have taken, and available guidance for affected users.

Contact

To ask questions or to exercise rights of access, correction, or deletion, contact privacy@perplex.org. For school provided accounts, requests may be routed through the school or district consistent with its policies.

Perplex | Interactive Problems in IB Math