Privacy Policy

Effective Date: December 2025

1. Introduction & Organisational Info

Edusensys Ltd ("Otem", "we", "us") provides a secure, AI-powered digital platform to enhance educational interactions. We are committed to the responsible management of personal information in strict compliance with the UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

  • Data Protection Contact: privacy@otem.co.uk
  • Regulatory Registration: Edusensys Ltd is registered with the Information Commissioner’s Office (ICO) under registration number:  

2. Scope and Application

This policy applies to all visitors, registered users, and customers of our website otem.co.uk and our digital services, including the Sigma AI conversational agent. It outlines our practices and your rights concerning the collection, use, and protection of your personal information, ensuring it is processed with the highest standards of privacy and security. This specifically includes Educators, Education Managers, Teachers, Parents, Adult Learners, and students (13–17).

3. Cookies and Consent Management

We use cookies to deliver and improve our services, analyse site usage, customise your experience, and market our services to you.

  • Consent Management: We use Cookiebot, a Consent Management Platform (CMP), to manage your cookie preferences and to obtain and document your consent.
  • Your Choices: Upon your first visit, our website will present you with a cookie consent banner, where you can accept, reject, or customise your preferences.
  • Withdrawal of Consent: You can update or withdraw your consent at any time by using the privacy trigger (a small icon on our website) or by visiting our Cookie Policy page.

4. Data Collection and Secure Authentication

We process only information essential for delivering a secure, authenticated digital service.

  • Identity & Access Management: We use Google Cloud technology to create a secure environment. We collect your Google email and basic profile info via Google OAuth 2.0.
  • Cloud API Authorization: To interact with Sigma, users must "Request Access" and allow the Cloud API scope via the Google consent screen. This ensures all interactions take place within a secure, authenticated session.
  • Subscription & Payment Processing:
    • The Outseta & Stripe Integration: We use Outseta to manage your membership and subscription lifecycle. Outseta is integrated with Stripe to facilitate secure payment processing.
    • Upgrade Path: Users may access Sigma via a Free Trial. Upon the expiry of the trial, users must upgrade to a paid subscription and complete a payment via Stripe in order to maintain access to Sigma.
    • Data Processed: Stripe collects and processes payment method details (e.g., card information), transaction amounts, and billing addresses. Otem does not store your full credit card details on our own servers; all financial data is handled by Stripe in accordance with PCI-DSS standards.
  • Scheduling: We use Calendly as our third-party integration for scheduling and booking meetings.

5. Sigma: AI Tutor & Learning Companion Logic

Sigma is designed to support educational interactions while maintaining maximum user privacy.

  • Data Minimisation & DLP: We have implemented a mandatory Data Loss Prevention (DLP) process using Google Cloud Sensitive Data Protection. This automatically redacts PII (names, phone numbers, identifiers) from conversational input before it is written to logs.
  • Purpose Limitation: Conversation history is used exclusively for auditing, measuring performance, and enhancing educational relevance.
  • Underlying AI Models: Sigma utilises the Gemini model. End-user data is not used by Google or Otem to train or improve foundational Large Language Models (LLMs).
  • Data Residency: All data is stored at rest in the Google Cloud region europe-west2 (London, UK).

Children’s Privacy (13–17)

In accordance with the ICO Children’s Code, we do not knowingly collect personal data from individuals under 13. For students aged 13–17, a Parent or Legal Guardian must provide verifiable consent via our signup process and assume full responsibility for the account and payment.

6. Automated Processing and AI Interaction

Our service utilises Sigma, an AI conversational agent, to provide real-time educational support. While Sigma generates automated responses based on user input, Otem does not use "solely automated decision-making" that produces legal or similarly significant effects on users. All critical account decisions (such as billing disputes or access revocations) involve human intervention. Users have the right to request human review of any automated interaction by contacting privacy@otem.co.uk.

7. Storage, Retention & Deletion

  • Retention Period: Redacted interaction logs are retained for a maximum of 24 months to satisfy educational auditing requirements and service improvement.
  • Account Closure: Upon subscription termination or trial expiry, all associated data is permanently deleted following a 30-day grace period.

8. Data Storage and International Transfers

  • Data Storage: Personal information is stored on secure servers located in the UK, EU, and US. While Sigma’s conversation logs are stored at rest in London (UK), account and payment data processed by our partners (Outseta and Stripe) may be stored in the United States.
  • International Transfers: When we transfer your personal data to countries outside of the UK and EU, we do so using a legally compliant transfer mechanism. For transfers to the US, we rely on the UK-US Data Bridge (the UK Extension to the EU-U.S. Data Privacy Framework) for certified organizations. Where a partner is not certified under the Data Bridge, we utilize Standard Contractual Clauses (SCCs), which are legally binding agreements that require the recipient to adhere to GDPR-level data protection standards. We ensure all data transfers are protected by robust technical and organisational safeguards.

9. Third-Party Technical Integrations

We share data with the following processors only as necessary to provide our digital platform:

  • Webflow: Website hosting.
  • Outseta: Membership, subscription management, and authentication.
  • Stripe: Secure payment processing and financial fraud prevention.
  • Calendly: Scheduling and booking software for meetings.
  • Google Cloud Platform: Identity management, AI processing (Dialogflow CX), and data storage.

10. User Rights and Choices

At Otem, we recognise and respect your rights regarding your personal information, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

  • Right of Access (Article 15 GDPR): Request access to the personal information we hold about you and how we process it.
  • Right to Rectification (Article 16 GDPR): Request the correction or completion of incorrect or incomplete information.
  • Right to Erasure (‘Right to be Forgotten’) (Article 17 GDPR): Request the deletion of your personal information when it is no longer necessary.
  • Right to Restriction of Processing (Article 18 GDPR): Request that we restrict the processing of your personal information under certain conditions.
  • Right to Data Portability (Article 20 GDPR): Receive your personal information in a structured, commonly used, and machine-readable format.
  • Right to Object (Article 21 GDPR): Object to the processing of your personal information, including processing for direct marketing.
  • Right to Withdraw Consent (Article 7(3) GDPR): Withdraw consent at any time where processing is based on consent.
  • Right to Lodge a Complaint (Article 77 GDPR): Lodge a complaint with a supervisory authority (the ICO) if you believe our processing violates applicable laws.

11. Direct Marketing & Communications

We may use your personal information to send you direct marketing communications about our products and services.

  • Obtaining Consent: We will only send you marketing communications if you have given us clear consent. Every communication includes clear instructions on how to unsubscribe or opt-out.
  • Managing Your Preferences: You can manage your preferences using the unsubscribe link in our emails or by emailing us using the contact us page on our website.

12. Data Breach & Security

In the event of a data breach that poses a risk to your privacy rights and freedoms, we have established procedures for promptly identifying, assessing, and mitigating the impact.

  • Notification Obligations: If required by law, we will notify the relevant data protection authorities of the data breach within 72 hours. If a data breach poses a significant risk to you, we will notify you without undue delay.
  • Point of Contact: Contact us immediately at privacy@otem.co.uk if you believe you have been affected.

13. Policy Updates

These Terms may be updated due to technological advancements or regulatory changes. We will notify you of significant changes via email or platform notification. Your continued use of Otem indicates agreement to the revised terms.

Cookie PolicyPrivacy PolicyTerms of ServiceAI Safety & Governance