Privacy Policy

Last updated: March 17, 2026

1. Who We Are

Zeric ("Zeric," "we," "us," or "our") is an independent study-aid platform. We are not affiliated with, endorsed by, or sponsored by Instructure, Inc., Canvas LMS, or any educational institution. Zeric is a tool built for students, by a student.

2. Information We Collect

a. Account Information

When you create an account, we collect your email address and a hashed password. We use Supabase for authentication; passwords are never stored in plaintext.

b. Canvas Access Token

You may provide a Canvas Personal Access Token to connect your course data. This token is encrypted at rest using AES-256-GCM encryption and is used solely to retrieve your own course data from Canvas on your behalf. We do not share your token with any third party and do not use it to take any action on Canvas other than reading data you have authorized us to access.

c. Course Data

With your authorization, we retrieve and store course data from Canvas including: course names and codes, assignment names and descriptions, announcements, course pages, uploaded files (PDFs, documents, presentations), quiz descriptions, and grade summaries. This data is stored in your private account and is never shared with other users.

d. AI Chat Messages

We store your chat history with the Zeric AI assistant. Your messages and course context are sent to Anthropic's Claude API to generate responses. Anthropic's API does not use your data to train their models. You can find Anthropic's privacy policy at anthropic.com/privacy.

e. Usage Data

We collect basic usage metrics (number of AI messages sent per month) to enforce plan limits and improve the service. We do not sell usage data.

f. Payment Information

Payment processing is handled by Stripe, Inc. We do not store credit card numbers or payment details on our servers. Stripe's privacy policy applies to payment data.

3. How We Use Your Information

  • To provide the Zeric service — syncing your course data and enabling AI-assisted study
  • To authenticate your account and maintain your session
  • To enforce subscription plan limits
  • To process payments through Stripe
  • To respond to support requests
  • To improve the service (aggregate, anonymized analytics only)

We do not sell your personal data, course materials, or chat history to any third party. We do not use your course data to train any AI model.

4. FERPA Notice

The Family Educational Rights and Privacy Act (FERPA) generally governs how educational institutions handle student education records. When you voluntarily provide your Canvas access token and authorize Zeric to retrieve your own records, you are exercising your own rights as the student data subject. Zeric acts on your behalf, at your direction, to access records you have a right to access. We do not disclose your education records to any other party and do not use them for any purpose other than providing the service to you. You may revoke access at any time by deleting your Canvas token in Settings or deleting your account.

5. Data Sharing

We share data only with the following sub-processors, strictly as necessary to provide the service:

ProviderPurpose
SupabaseAuthentication and database hosting
AnthropicAI response generation (Claude API)
Voyage AIText embedding for semantic search (optional)
DeepgramAudio transcription for lecture recordings (audio discarded after transcription)
StripePayment processing
VercelApplication hosting and infrastructure

No other third parties receive your personal data or course content.

5b. Lecture Recording Feature

Zeric offers an optional lecture recording feature that transcribes audio from your device's microphone using Deepgram's speech-to-text API. By using this feature, you acknowledge and agree to the following:

  • Audio is not stored. Your audio recording is sent directly to Deepgram for transcription and is never saved to Zeric's servers or any storage service. Only the resulting text transcript is retained.
  • Deepgram processes your audio. By using this feature, your audio is subject to Deepgram's Privacy Policy (deepgram.com/privacy). Deepgram is a HIPAA-compliant, SOC 2 Type II certified provider.
  • You are responsible for recording consent. Many institutions, jurisdictions, and instructors require consent from all parties before a conversation may be recorded. It is your sole responsibility to obtain any required consent and to comply with your institution's recording policies, applicable law (including two-party consent laws), and FERPA obligations before using this feature.
  • Transcripts are personal study materials only. Lecture transcripts generated through this feature are for your personal academic use and may not be shared, published, or distributed without appropriate authorization.

Important: If your institution, instructor, or applicable law prohibits recording, do not use this feature. Zeric takes no responsibility for any policy violation, legal liability, or disciplinary consequence arising from unauthorized use of the recording feature.

6. Data Retention

We retain your account data and course data for as long as your account is active. If you delete your account, we will delete your personal data, Canvas token, course data, and chat history within 30 days, except where we are required to retain records for legal or financial compliance purposes (e.g., payment records required by law).

7. Security

We use industry-standard security practices including AES-256-GCM encryption for stored Canvas tokens, TLS for all data in transit, and access controls to prevent unauthorized access to your data. No method of transmission or storage is 100% secure. You use the service at your own risk and are responsible for keeping your Zeric account credentials confidential.

8. Your Rights

You may at any time:

  • Revoke your Canvas token connection in Settings
  • Delete your account and all associated data via Settings or by emailing us
  • Request a copy of the personal data we hold about you

9. Children's Privacy

Zeric is intended for use by college and university students who are at least 13 years old. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of Zeric after changes are posted constitutes your acceptance of the updated policy.

11. Contact

For privacy questions, data requests, or to delete your account, contact us at: privacy@zeric.app