Privacy Policy
Effective date: May 16, 2026 · Last updated: May 16, 2026
Plain English: We collect what you give us (account info, training content, learner data) so the platform can do its job. We never sell your data. We use specific third-party services (Anthropic for AI, Google Cloud for hosting, Stripe for billing) — they're listed below. You can delete your account and we'll erase your data within 90 days. Email
privacy@learnready.ai for any privacy question.
1. Who we are
This Privacy Policy explains how Cognautics LLC ("we", "us", "LearnReady") collects, uses, and shares information when you use LearnReady.AI — our AI-powered employee training platform — and the related websites and services (collectively, the "Service").
2. The data we collect
2.1 Information you give us directly
- Account information: name, email address, organization name, role, password (stored as a salted hash — we never store passwords in plain text)
- Payment information: billing address and payment method. Card numbers are handled by Stripe — we never store full card numbers on our servers
- Customer Content: training materials, documents, lesson content, quiz questions, branding assets, and any other content you upload or generate
- Learner data: learners' names, emails, training progress, quiz attempts, roleplay transcripts, certification records
- Communications: messages you send us (support tickets, sales inquiries, feedback)
2.2 Information collected automatically
- Usage data: pages visited, features used, click events, time spent in lessons — used to improve the product
- Device & connection: IP address, browser type, operating system, device type
- Cookies: session cookies (required for login) and a small number of preference cookies. We do not use third-party advertising cookies or cross-site trackers
- Server logs: standard request logs (timestamp, URL, status code) retained for 90 days for security and debugging
2.3 What we do NOT collect
- Sensitive personal data (race, religion, sexual orientation, biometric data, precise geolocation)
- Browsing activity outside the Service
- Microphone or camera data unless you explicitly enable a feature like Voice Challenge Me Out Loud — and even then, voice audio is processed in real-time, not retained
2.4 Proctored exams (opt-in, per assessment)
When your organization's trainer enables Proctored Exam Mode on a final exam, the Service can capture still photos via your device's camera at a small number of random moments during the exam, and log browser events (tab switches, copy/paste, fullscreen exits) to help the trainer detect cheating. This is opt-in: you see a consent screen with the photo count, retention period, and access policy before any capture happens.
- No facial recognition. The photos are evidence only — they are never run through facial recognition, biometric matching, or any other automated analysis. A trainer can look at them manually if a result is contested.
- Who can see them. Only your organization's trainers and admins. We (the Service) do not view them except as needed for support, legal compliance, or to investigate abuse.
- How long we keep them. 90 days after the exam, then the image files are deleted automatically. The event log (tab switches, etc.) is retained alongside the rest of the attempt record.
- Your choice. If your trainer marks the exam as optional-proctoring, you can decline camera access and take the exam unproctored — your attempt will be flagged as "unproctored" for trainer review. If the exam is marked required-proctoring, declining means you cannot take that exam.
- Your rights. You may request immediate deletion of any captured photos by emailing privacy@learnready.ai with your attempt ID. We honor these requests within 7 days.
- Optional network metadata (opt-in per program). If your organization's trainer enables the "Capture network metadata" toggle on the exam, your IP address and browser User-Agent are also recorded at each photo capture. This is disclosed on the consent screen before you accept, retained on the same 90-day schedule as the photos, and used solely for forensic audit when a cert is contested. It is not used for advertising, profiling, or any third-party purpose.
- Optional AI monitor (opt-in per program). If your trainer enables the "AI monitor" toggle on the exam, an automated risk analysis runs once at exam submission. It combines three signals: network-pattern deltas (deterministic, no AI), event-pattern detection (deterministic, no AI), and a single photo-scene analysis call via Anthropic Claude. The vision analysis looks for SCENE indicators (another person in frame, a phone in view, learner not in frame) — it is not facial recognition and does not produce a biometric template. The AI output is a suggestion for trainer review, never an auto-fail. The captured photos are sent to Anthropic only during this single analysis call and are not retained by Anthropic for model training under our contract with them.
3. How we use your data
- To provide the Service: render lessons, grade quizzes, run AI roleplay sessions, issue certificates, process payments
- To improve the Service: aggregate, anonymized usage analysis to identify bugs and improve UX
- To communicate with you: product updates, billing notices, security alerts, support responses
- To comply with law: tax records, response to lawful requests, fraud prevention
- For security: detect and prevent abuse, unauthorized access, and security incidents
We do NOT use Customer Content or Learner Data to train any AI model. When the Service calls an AI provider (e.g., Anthropic) on your behalf, those providers do not retain your data for training under our contract with them.
4. How we share your data
We share data only with the third-party services that make the Service work. We don't sell data, we don't share with advertisers, and we don't share for any purpose outside what's listed here.
4.1 Sub-processors
The current sub-processors used by the Service:
| Vendor | Purpose | Data flow |
|---|
| Anthropic | AI / LLM for lesson generation, roleplay, AI assistant | Lesson content, roleplay conversation turns (no retention for training) |
| Google Cloud Platform | Hosting, storage, databases | All Customer Content and Learner Data at rest |
| Stripe | Payment processing | Billing info, payment method (card numbers never touch our servers) |
| Twilio | SMS messaging (for orgs using CleanCall / SMS features) | Phone numbers, SMS message content |
| ElevenLabs | Voice synthesis and conversational voice agents | Audio content during active voice sessions only |
| Qdrant | Vector search for AI document retrieval | Embeddings of uploaded documents |
When we add a new sub-processor, we'll update this list. Customers on annual contracts can subscribe to sub-processor change notifications by emailing privacy@learnready.ai.
4.2 Other sharing
- Business transfers: if Cognautics LLC is acquired, merged, or sold, your data may transfer to the successor entity under terms no less protective than this policy
- Legal compliance: we may disclose data to comply with a subpoena, court order, or other lawful request. We'll notify you unless legally prohibited from doing so
- Protection of rights: to investigate fraud, protect our property, or defend ourselves in legal proceedings
5. Where your data lives
Customer Content and Learner Data are stored on Google Cloud Platform infrastructure located in the United States. If you require data residency in a different region, please contact us — we can discuss enterprise arrangements.
6. How long we keep your data
- Active accounts: retained for the duration of your subscription
- Cancelled accounts: Customer Content and Learner Data are deleted within 90 days of account cancellation. Anonymized aggregate metrics may be retained indefinitely for product analytics
- Billing records: retained for 7 years to comply with tax and accounting laws
- Audit logs: retained for 1 year for security and compliance purposes
- Server logs: 90 days
7. Your rights
Depending on where you live, you have some or all of the following rights:
- Access: request a copy of the personal data we hold about you
- Correction: ask us to fix inaccurate or incomplete data
- Deletion: ask us to delete your account and the data associated with it
- Portability: request your data in a structured, machine-readable format
- Restriction & objection: ask us to restrict or stop certain processing
- Withdrawal of consent: where we rely on consent, you can withdraw it at any time
- Complaint: lodge a complaint with your local data-protection authority
To exercise any of these rights, email privacy@learnready.ai. We respond within 30 days.
7.1 California residents (CCPA / CPRA)
If you live in California, you have additional rights including the right to know what categories of personal information we collect, the right to opt out of "sale" or "sharing" (we do neither), and the right not to be discriminated against for exercising your privacy rights.
7.2 European / UK residents (GDPR / UK GDPR)
If you're in the EEA, UK, or Switzerland, our legal bases for processing are: (a) performance of contract (running the Service), (b) legitimate interests (security, product improvement), (c) consent where required (e.g., marketing emails), and (d) compliance with legal obligations.
For data subject requests under GDPR, our data controller for the Service is Cognautics LLC. Our representative in the EU can be reached via the privacy email above.
8. Security
- All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Passwords are stored as salted hashes (bcrypt / scrypt)
- Access to production systems is restricted, logged, and audited
- We monitor for security incidents and will notify affected customers within 72 hours of confirming a breach
- Independent security audits are conducted periodically; SOC 2 Type II is on our roadmap
No system is perfectly secure. If you believe you've found a vulnerability in the Service, please email security@learnready.ai.
9. Children
The Service is intended for use in adult workplace training. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact us and we'll delete it.
10. Cookies and tracking
- Essential cookies (session, CSRF token, login persistence) — required for the Service to function; can't be disabled
- Preference cookies (UI language, banner dismissals) — set by you when you customize the experience
- Analytics cookies — we may use first-party analytics to count page views and identify broken features. No third-party advertising or cross-site tracking
You can disable cookies in your browser, but doing so will likely prevent login and break parts of the Service.
11. Changes to this policy
We may update this Privacy Policy. When we make material changes, we'll notify you via email or via a banner in the Service at least 30 days before the change takes effect. The "Last updated" date at the top of this page always reflects the most recent version. Continued use of the Service after a change constitutes acceptance of the updated policy.
12. How to contact us
Privacy questions: privacy@learnready.ai
Security disclosures: security@learnready.ai
General support: support@learnready.ai
Postal: Cognautics LLC · [STREET ADDRESS] · [CITY], [STATE] [ZIP] · United States
⚠ Note for site owner: Replace the postal address before going live. Have a privacy attorney review the full document before publishing to ensure compliance with GDPR, CCPA/CPRA, and any state-specific laws relevant to your customer base.