We may collect and process the following types of personal data:

• Personal Identification Information: Name and email address.
• Technical Data: IP address, browser type, operating system.
• Usage Data: Information when you use the application as chat, interact withlearning material, or upload fi les.

• We use the information we collect for various purposes, including: To provide, operate, and maintain our services
• To improve, personalize, and expand our services
• To communicate with you, including customer service and support
• To process transactions and send related information To comply with legal obligations

We do not sell, trade, or otherwise transfer your personal data to outside parties except as described in this policy. We may share your information with:

• Third-party Service Providers: the LLM used
• Legal Requirements: When required by law or to protect our rights

Note that we use external service providers to generate the output or track performance of our platform, for instance, we allow users to use OpenAI’s ChatGPT to generate chat output as outlined in Section 9. By using our service you agree that we may send data to third-party providers and this data is subject to their terms of service.

Depending on your location, you may have the following rights regarding your personal data which is stored on our services:

• The right to access – You have the right to request copies of your personal data.
• The right to rectification – You have the right to request that we correct any information you believe is inaccurate.
• The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

The software is a website (https://chattutor.dk) which allows students to:

• See their course material (as PDF files)
• Get help from an AI agent (a large language model such as ChatGPT)

These features are enabled by parsing the PDF fi les of the course material. The website uses the following components which will be referenced below:

The front-end application uses javascript/html. The frontend is executed by the user's browser.

The backend application uses python code which deals with all requests the user makes (i.e., store and retrieve data from the database, call external services, etc.)

Server: The server which runs the backend.

ChatTutor is written in python using the django framework. Django is the most popular web-development framework for python. Since Django is the most popular framework for python, it has been used to build thousands of open and closed-sourced projects and we have assessed this framework with CIS Benchmarks.

We have followed standard recommendations when building ChatTutor and selected packages which appear to have wide-spread commercial use.

We have avoided using trial versions of libraries, as well as libraries which seemed to have controversial licensing terms or source availability.

Currently ChatTutor is hosted on https://www.digitalocean.com/ . The server is physically located in Frankfurt, Germany.

The server instance follows a typical configurationdjango server, i.e., to the best of our knowledge we use a stack of open-source products that are in widespread commercial use by many companies, and which are typically recommended for such projects. The four main services we use to serve ChatTutor are:

• NGINX https://nginx.org/en/ (gateway and hosting of static fi les)
• Gunicorn https://gunicorn.org/ main application server
• daphne websocket server https://github.com/django/daphne
• Postgresql database server https://www.postgresql.org/

We use the following types of external services which may process user-sensitive data:

• LLM endpoints for generating answers from large language models
• PDF OCR services for parsing equations (however, all PDF documents are storedand served from our servers)
• Hosting services for sending and receiving emails and other typical tasks
• Bug aggregation services and other tools for performance monitoring

ChatTutor is designed to store data centrally on a server we control (currently hosted on digitalocean.com) and will only use third-party dependencies as demanded. Third-party services are in all cases used to process data or information stored on our servers and not as the primary storage medium of user-sensitive data.

• AI on-Demand
  Terms if use: https://aiod.eu/terms-conditions/
  
• OpenAI ChatGPT LLM paid endpoint
  Terms of use: https://openai.com/policies/terms-of-use/. The service isaccessed through OpenAIs own library https://github.com/openai/openai-python which is released under Apache-2 (The library is listed below in the relevant section)
• Mathpix Convert OCR service
  The terms of use are here: https://mathpix.com/terms. We access the service by directly sending requests to the server endpoints over http using the linux command line utility CURL so there is no library license.
• One.com domain name hosting and SMTP service. To our knowledge, One.com does not put restrictions on the use of their hosting service and is commonly used for businesses, see https://www.one.com/en/terms-and-conditions-usd