Privacy Policy

Lectame is an AI-supported presentation and interaction platform for teachers, trainers and educational institutions. Users can create, import, share and use presentations during interactive sessions in which participants join via a session code or QR code.

This privacy policy applies to:

• Visitors to our website and information pages.
• Teachers, trainers and administrators who have an account or use the guest feature ("Start for free") without an account.
• Participants in live sessions — typically students or course attendees — who join without an account via a session code or QR code.

The General Data Protection Regulation (GDPR) distinguishes between the controller and the processor. For Lectame the following applies:

• Lectame is an independent controller for the management of our website, account management, security, billing and operational communication.
• Lectame is a processor when a school or organisation uses Lectame to process participants' data in an educational context. The educational institution is then the controller. For that processing we offer a data processing agreement .

• Providing and maintaining Lectame.
• Enabling teachers and participants to collaborate during sessions.
• Securing the platform against abuse and attacks.
• Performing agreements with paying users (including billing and statutory administration).
• Optionally improving the product based on aggregated statistics (only after consent).

We base our processing on the following legal grounds:

• Performance of a contract — for providing the service to logged-in users and paying customers.
• Legitimate interest — for security, abuse prevention and the operation of the guest flow with quota monitoring.
• Consent — for optional analytics cookies and for features where we explicitly ask for it.
• Legal obligation — for retaining billing and accounting data.

You can log in with an email address and password. Passwords are stored hashed by our authentication provider. We support two-factor authentication (TOTP); we recommend it for accounts with sensitive content.

Depending on your account settings, you can also log in via an external provider (such as Google). In that case we only receive from that provider the data needed to create your account: email address and (optionally) name.

Presentations are stored primarily in the cloud, linked to your account or guest session. For network interruptions we temporarily keep a recovery buffer in your browser's local storage (localStorage); this is automatically overwritten once the cloud version is back in sync.

Uploaded images are kept in cloud storage as long as they are in use in a presentation. When importing a PowerPoint file (.pptx) the file is converted to our internal structure and not retained as the original file; images are stored separately so they remain visible in the presentation.

You are responsible for the content you upload or enter. Do not enter personal data, patient data or special categories of personal data for which you have no lawful basis.

During a live session we process data to make the session work. Participants choose a display name themselves — a pseudonym is sufficient and is our preference. Answers and responses are linked to that display name within the session.

With anonymous participation, it is possible that answers can no longer be linked to one specific person. This may affect the feasibility of certain privacy rights (see below).

Lectame offers two types of AI features:

• AI lesson generation: Based on the topic, level and learning objectives the teacher enters, our AI system generates a draft presentation.
• AI feedback and summaries: Optionally, a teacher can have summaries or formative feedback generated based on answers from a session.

AI requests are carried out via our AI supplier (see the supplier table below). The content of a prompt — topic, assignments, any case description — is sent to that supplier. The teacher is responsible for not including any personal data, patient data or confidential information in a prompt. Preferably use fictitious cases or pseudonyms.

We do not use your lesson content or participants' answers to train our own AI models. For arrangements with our AI supplier regarding the reuse of data, see the supplier table below.

AI feedback is intended as formative support. It is not a binding assessment and is never used on its own for decisions with legal or similar effects.

We use a limited number of cookies and local storage items. Analytical cookies are only loaded after explicit consent via our cookie banner. You will find a detailed table with all cookies and stored items in the cookie statement.

To secure the platform, we keep logs of failed login attempts, technical errors, blocked requests and relevant security events. These logs may contain IP addresses and technical identifiers. We do not retain them longer than necessary (see retention periods).

We do not use external error monitoring services. Logs are kept in our own infrastructure.

We use carefully selected suppliers. With each supplier we have, where applicable, concluded a data processing agreement or equivalent safeguard.

We do not sell personal data, do not use it for advertising and do not pass it on to third parties other than as described in this table or where legally required.

Our primary storage is located within the European Economic Area. For suppliers whose processing (partly) takes place outside the EEA, we apply safeguards such as the EU-US Data Privacy Framework or Standard Contractual Clauses, as indicated in the table above. This concerns in particular our AI supplier (United States) and the global edge network of our CDN supplier.

We do not retain personal data longer than necessary for the purpose for which we collected it. The main periods:

Under the GDPR you have the following rights:

• Right of access to the data we process about you.
• Right to rectification of inaccurate data.
• Right to erasure ("right to be forgotten").
• Right to restriction of processing.
• Right to object to processing based on a legitimate interest.
• Right to portability of your data in a machine-readable format.
• Right to withdraw consent given at any time.
• Right to lodge a complaint with the supervisory authority (see "Contact and complaints").

Would you like to exercise a right? Email [email protected] or use (for logged-in users) the export and delete options in your settings.

Participants in a live session do not have an account. When a school or organisation uses Lectame as a processor, participants' privacy requests go through that school or organisation. They are the controller and can request deletion or access from us on the participant's behalf.

With fully anonymous participation (pseudonym only, no other identifying characteristics) it is possible that answers can no longer be linked to a specific person. In that case a deletion or access request cannot be fully complied with.

Lectame is intended for use in an educational context, in which minors can participate via a session code under the responsibility of their school. We do not knowingly collect account data of children under 16 without parental or school authorisation. Do you suspect that an account was created improperly? Contact us at [email protected].

We take appropriate technical and organisational measures to protect your data, such as encryption of connections, storage within a shielded EU platform, role-based access, monitoring and logging. You will find a more detailed explanation on the security page.

We may amend this privacy policy from time to time. We announce substantial changes via the website or, for logged-in users, by email. The date of the most recent version appears at the bottom of this page.

Questions about this policy or about the processing of your data? Email us at [email protected]. General questions can also go to [email protected].

Do you disagree with our response? You always have the right to lodge a complaint with the Autoriteit Persoonsgegevens.