Privacy Policy

At shuriii, we are committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, and safeguard the personal information of our users.

Information We Collect

We collect “Non-Personal Information” and “Personal Information.” Non-personal information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. Personal Information includes your username, email, password, IP address, contact details, and any other information you submit to us through the registration process or use of our services. We collect this information solely for purposes indicated in this privacy policy and for legitimate business purposes related to providing services for the shuriii platform.

How We Use Personal Information

We use your personal information to:

  • Identify you as a user in our system
  • Provide improved administration of our Site and services
  • Provide the services you request
  • Improve the quality of experience when you interact with our site and services
  • Send you a welcome e-mail to verify ownership of the e-mail address provided when your account was created
  • Send you administrative e-mail notifications, such as security or support and maintenance advisories
  • Respond to your inquiries related to employment opportunities or other requests

In addition, shuriii verifies the identity of any third-party sources from whom users' personal information is collected and provides options for users to opt out of optional cookies.

Google Drive Data

If you connect your Google account to our services, we will access and use certain information from your Google Drive account to enhance your experience with our services. User data obtained through Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models. The specific types of Google Drive data we access include:

  • Files and folders in your Google Drive account
  • Metadata of files and folders in your Google Drive account (e.g., file names, types, sizes)
  • Google Drive files and folders content (Read and Write)

How We Use Google Drive Data

We use Google Drive data to:

  • Provide the core functionalities of our application, such as accessing and managing your files stored in your Google Drive
  • Create and update files and folders in your Google Drive to store files uploaded to your private account in shuriii or you generated with AI
  • Improve our services by analyzing how users interact with their Google Drive files through our app
  • Ensure seamless and efficient operation of features that rely on Google Drive integration
  • Share your files with other users if you choose to share your files (you have the option for each file to share or not)

Data Security

shuriii is currently in the process of issuing its SOC 2 report with the following Trust Services Criteria in scope:

  • Security
  • Confidentiality
  • Availability
  • Privacy

Request of the copy of the report can be made to privacy@shuriii.com.

In support of the highest standards of security and privacy, shuriii has established the following policies which are reviewed on at least an annual basis:

  • Information Security and Governance
  • Privacy
  • Code of Conduct and Acceptable Use
  • Asset Management
  • Data Classification and Lifecycle Management
  • Logical Access
  • Vulnerability Management
  • Incident Response
  • Secure Software Development and Management
  • Vendor Risk Management
  • Business Continuity and Disaster Recovery

The policies noted above include security and privacy processes such as:

  • Access controls for provisioning, changes, reviews, and offboarding
  • End-to-end encryption by design (in addition, we use more layers of complex encryption for teachers' notes that may contain student-related information.)
  • Code reviews and change management
  • Audit logging implemented across all services
  • Application and cloud security posture scanning and management
  • Incident response and breach notification target of 72 hours of discovery
  • Privacy by design and impact assessments
  • Personally Identifiable Information (PII) inventory
  • Testing of business continuity and recoverability
  • Continuous risk assessments
  • Continuous vendor/supplier risk assessments and reviews (security and privacy)
    • - Includes enforcement of Data Protection Agreements (DPAs) or equivalent certification/compliance standards (e.g. SOC 2, ISO 27001, etc.)

We do not share any data, including Google Drive data, with third parties except when required by applicable legal enforcement actions. Our robust security program upholds our privacy commitments under GDPR, PIPEDA, and other relevant privacy regulations.

Data Analytics

To improve our product and user experience, we use third-party analytics tools such as Microsoft Clarity and Google Analytics to help us measure traffic and usage trends for the Service. These tools collect information sent by your browser as part of a web page request, including the web pages you visit, your browser add-ons, your browser’s width and height, and other information that assists us in improving the Service. We may collect and use this analytics information together with your Personal Information to build a broader profile of our individual users so that we can serve you better.

Subprocessors

We use the following subprocessors to process your data:

  • Google Cloud Platform (GCP): We use GCP for our infrastructure, including compute, storage, and database services.
  • Intercom: We use Intercom for customer support.
  • Microsoft Clarity and Google Analytics: We use these tools for data analytics.

Any updates to the subprocessor will be notified to users by shuriii as part of the privacy policy updates.

Data Retention and Deletion

We retain your personal information only for as long as necessary to provide you with our services. We do not store your Google Drive files and folders in our system unless you choose to add a file from your Google Drive to shuriii. In such cases, we retain the files and associated information until you request deletion. However, we may also be required to retain this information to comply with legal and regulatory obligations, resolve disputes, and enforce our agreements.

We retain your data for the duration of your use of our services and for a period of up to six months after you request deletion of your data, unless a longer retention period is required by law or to resolve ongoing issues. Our standard retention is currently set to 7 years for federally regulated data.

If you wish to rectify, amend, opt-out, or delete data related to the processing of your data, please contact us at privacy@shuriii.com.

If you wish to delete your added files (from Google Drive or uploaded) or your entire account, please contact us at privacy@shuriii.com. We will respond to your request within 48 business hours. If you wish to continue using shuriii but disconnect your Google Drive account from shuriii, you can simply log out or refrain from using shuriii for 24 hours, after which your Google Drive account will be automatically disconnected. We do not store any Google account access information in our system.

Contact information

If you have any concerns or inquiries regarding our privacy practices, please get in touch with us at privacy@shuriii.com.

Updates to Privacy Policy

This privacy policy will be updated on at least an annual basis with notifications sent to all enrolled users of the shuriii platform. Also, shuriii notifies users if their personal information is used for a different or new purpose.

Last updated: December 11, 2024