Privacy Resources
Overview
Welcome to Unihelper.io’s Privacy Resource Page. We are committed to data privacy and security, and take it seriously across all aspects of our work. Here you can learn about our security approach and request access to documentation.
Documents
-
VPAT
-
Software Access Agreement
-
Data Processing Agreement
-
HECVAT (Request Access)
-
Business Continuity Plan (Request Access)
-
Disaster Recovery Plan (Request Access)
-
Incident Response Plan (Request Access)
-
Pentest Report (Request Access)
-
Media Handling Process (Request Access)
-
ISAE 3000 Certification (Request Access)
-
ISAE 3000 English Summary (Request Access)
Subprocessors
Company | Purpose | Location |
|---|---|---|
Google | Business Network | EU |
Amazon Web Services (AWS) | Cloud Hosting, Data Protection, Log Monitoring | EU |
Zoho | Customer Relationship Management | EU |
Proton Technologies | Customer Communications | Switzerland |
Typeform | Hosting Questionnaires | US |
Privacy Policy Frequently Asked Questions (FAQs)
We collect personal data to deliver and improve our educational services, personalize learning experiences, comply with legal requirements, and communicate with users.
UniHelper ApS, based in Denmark, is the “data processor” under the EU and UK GDPR. We determine how and why your personal data is processed.
We collect information such as your name, email address, school affiliation, and usage data. If you are a student, we may also collect assignment data, progress reports, and other educational information.
Yes, but only as needed to provide educational services and always in compliance with laws like the GDPR and COPPA. We require parental or school consent where legally necessary.
We use it to provide our platform, support learning activities, personalize content, communicate with users, improve services, and comply with legal obligations.
We do not use student data for marketing. For other users, we may send relevant information if you’ve given consent. You can opt out at any time.
We only share data with trusted service providers who help us operate our platform, or when required by law. We never sell personal data.
Yes, in some cases. When we do, we use safeguards such as Standard Contractual Clauses to ensure your data remains protected.
You have the right to access, correct, delete, or restrict how we use your data. You can also object to processing and request data portability.
You can contact us at contact@unihelper.io. We will respond within the timeframes required by law.
We keep personal data only as long as necessary for the purposes described or as required by law.
We use technical and organizational measures, like encryption and access controls, to keep your data secure.
Schools are the data controllers for student accounts. They decide how student data is used, and we process it only on their instructions.
Parents can contact their child’s school or us directly to review, correct, or request deletion of their child’s data, subject to applicable laws.
Yes. We use cookies and similar technologies to improve your experience, analyze usage, and personalize content. You can manage or disable cookies through your browser settings.
Some features of our services may not function properly without cookies, but you can still use most parts of the platform.
We may use automated tools to personalize learning content or analyze user performance, but these do not make significant decisions without human oversight.
Yes. Where applicable, you can object to automated decision-making or request human review.
If you’re a U.S. resident, you may have rights under laws like the CCPA, FERPA, or COPPA. These may include the right to access, delete, or opt out of certain uses of your data.
We obtain parental or school consent before collecting personal data from children under 13, and we limit how that data is used and shared.
If a breach occurs that affects your personal data, we will notify you and relevant authorities as required by law, and take steps to minimize any impact.
Yes. We may update it from time to time. We’ll post changes on our website and, if significant, notify you directly.
Section 10 of Typeform's Master Enterprise Agreement states that Typeform executes "specific agreements following the requirements included in the Regulation (EU) no. 2016/679, the “GDPR”, or any other applicable law."
Annex III of Typeform's DPA covers Typeform's use of approved transfer mechanisms (EU-approved Standard Contractual Clauses).
Typeform uses AWS to host Typeform's services, and AWS is GDPR compliant:
-
Supplementary Addendum to AWS DPA addressing Schrems II ruling and invalidation of the EU-US Privacy Shield.
-
An explanation of the Supplementary Addendum
-
AWS's GPDR Center.
Email us at contact@unihelper.io. If you’re in the EU or UK, you can also contact your local data protection authority.