Privacy Policy

Last Updated: 8 May 2025

1. INTRODUCTION

Welcome to MESO, an AI-powered educational planning platform designed to create personalised educational plans, enhance curriculum fidelity, and improve student outcomes. We respect your privacy and are committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR) and the EU AI Act (2024). 

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with our services, which are designed for schools, school districts, and departments of education. 

This policy applies to information we collect: 

• On our website and educational planning platform 

• Through our AI-powered planning and assessment tools 

• Through compliance-focused AI chatbots  

• In email, text, and other electronic communications 

• Through our curriculum alignment and administrative oversight features 

As an educational technology provider, we take our responsibility to protect student and teacher data with the utmost seriousness. Please read this Privacy Policy carefully to understand our practices regarding your personal data. 

2. DATA WE COLLECT

We may collect several types of information from and about users of our services, including: 

2.1. Personal Identification Information 

• Name and professional title 

• Educational institution or organisation affiliation 

• School district or department information 

• Work email address 

• Work postal address 

• Work phone number 

• Username and password 

• Billing and payment information for institutional subscriptions 

2.2. Technical and Usage Data 

• IP address 

• Browser type and version 

• Time zone setting and location 

• Operating system and platform 

• Device information 

• Application features used 

• Teaching resource usage patterns 

• AI tool interaction data 

• Session duration and frequency 

• System logs for compliance with EU AI Act requirements 

2.3. Educational Content Data 

• Curriculum planning information 

• Lesson plan content created using our platform 

• Assessment rubrics and templates 

• Educational resources generated 

• Feedback on AI-generated content 

• Student assessment metrics (in aggregated, anonymised form) 

• Teaching methodologies and approaches 

• Subject-specific curriculum standards implemented 

2.4. User Communications and Feedback 

• Communications with our support team 

• Feedback on platform features and AI outputs 

• Survey responses on educational outcomes 

• Pilot programme participation data 

• Product improvement suggestions 

3. HOW WE COLLECT YOUR DATA

We collect data through: 

3.1. Direct Interactions 

Information you provide by filling in forms, creating an account, or communicating with us. 

3.2. Automated Technologies

As you navigate through our site or use our applications, we may automatically collect technical data using: 

• Cookies 

• Web beacons 

• Server logs 

• Other tracking technologies 

3.3. Third Parties 

We may receive information about you from:

• Business partners 

• Service providers 

• Public databases 

• Social media platforms (when you connect your account) 

4. HOW WE USE YOUR DATA

We use your information for the following purposes: 

4.1. Educational Service Provision 

• To provide and maintain our AI-powered planning platform 

• To generate personalised educational plans and resources 

• To ensure curriculum alignment with national and international standards 

• To process institutional subscriptions and transactions 

• To manage school and teacher accounts and provide customer support 

• To deliver administrative oversight capabilities to school leaders 

4.2. AI Model Training and Improvement

• To improve our AI models' educational outputs through prompt engineering 

• To refine subject-specific knowledge and curriculum alignment 

• To develop new educational features and functionality 

• To understand teaching preferences and educational approaches 

• To improve the quality of planning, assessment, and feedback tools 

• To train EU AI Act compliant educational chatbots 

4.3. Educational Research and Analysis 

• To analyse educational trends and teaching methodologies 

• To measure the impact of AI-assisted planning on teaching efficiency 

• To evaluate student engagement and outcomes (using anonymised data) 

• To improve curriculum implementation and standards alignment 

• To generate insights for educational stakeholders 

4.4. Communication and Support 

• To respond to enquiries from educational institutions 

• To send administrative messages about institutional accounts 

• To provide updates about our educational services and features 

• To deliver professional development resources and guidance 

• To facilitate pilot programmes and feedback collection 

4.5. Marketing to Educational Institutions

• To send promotional materials about new educational features 

• To deliver relevant educational content and case studies 

• To inform educational stakeholders about product developments 

• To measure the effectiveness of our educational marketing 

• To communicate with school districts and departments of education

4.6. Regulatory Compliance and Protection 

• To comply with the EU AI Act (2024) and GDPR (2018) 

• To maintain records of AI system behaviour as required by regulations 

• To enforce our terms of service and educational use policies 

• To protect intellectual property rights in educational content 

• To ensure ethical AI use in educational contexts 

5. DATA SHARING AND DISCLOSURE 

We may share your personal information with: 

5.1. Service Providers 

Third parties that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting, and customer service. 

5.2. Business Partners 

Companies with whom we partner to offer joint promotional offers or products and services. 

5.3. Affiliates 

Parent companies, subsidiaries, and affiliates for the purposes described in this Privacy Policy. 

5.4. Legal Requirements 

When required by law, regulation, legal process, or governmental request. 

5.5. Business Transfers 

In connection with a merger, acquisition, bankruptcy, or sale of all or a portion of our assets. 

5.6. With Your Consent

We may share your information for any other purpose disclosed when you provide the information or with your consent. 

6. DATA SECURITY 

We implement appropriate technical and organisational measures to protect the security of your personal data, including: 

• Encryption of sensitive information 

• Secure access controls 

• Regular security assessments 

• Employee training on data protection 

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

7. DATA RETENTION  

We retain your personal data for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining retention periods, we consider: 

• The amount, nature, and sensitivity of the data 

• The potential risk of harm from unauthorised use or disclosure 

• The purposes for which we process the data 

• Whether we can achieve those purposes through other means 

• Legal requirements 

8. YOUR PRIVACY RIGHTS 

Depending on your location, you may have certain rights regarding your personal information, including: 

8.1. Access 

The right to request access to your personal data. 

8.2. Correction 

The right to request correction of your personal data. 

8.3. Deletion 

The right to request deletion of your personal data. 

8.4. Restriction 

The right to request restriction of processing of your personal data. 

8.5. Data Portability 

The right to receive your personal data in a structured, commonly used format. 

8.6. Objection 

The right to object to processing of your personal data. 

8.7. Withdraw Consent 

The right to withdraw consent at any time where we rely on consent to process your personal data. 

To exercise these rights, please contact us using the details provided in the "Contact Information" section. 

9. INTERNATIONAL TRANSFERS 

Your information may be transferred to, stored, and processed in countries other than the one in which you reside. By using our services, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules. 

We ensure appropriate safeguards are in place to protect your information when transferred internationally, including:

• Data processing agreements incorporating standard contractual clauses approved by relevant data protection authorities 

• Privacy Shield certification (where applicable) 

• Binding corporate rules for transfers within our corporate group 

10. CHILDREN'S PRIVACY AND EDUCATIONAL DATA 

10.1. Student Data Protection 

Our services are designed for use by educational institutions, teachers, and administrators, not for direct use by students under the age of 16. We do not knowingly collect personal information directly from students without appropriate consent from educational institutions acting in loco parentis or from parents/guardians. 

10.2. Institutional Responsibility 

Educational institutions using our platform are responsible for obtaining appropriate consents for student data processing where required. We process student data only as directed by the educational institution and in compliance with applicable education privacy laws. 

10.3. Student Data Minimisation 

Our platform is designed to minimise the collection of student personal data. Where student assessment data is processed, we employ data minimisation principles and anonymisation techniques whenever possible.

10.4. Special Protections for Student Data 

Where our assessment and feedback tools may process student work or performance data: 

• We implement additional security measures for this sensitive data 

• We never use student data for marketing purposes 

• We never sell student data under any circumstances 

• We never build profiles of students for commercial purposes 

• We delete student data upon request from the educational institution 

10.5. AI Chatbot Safeguards 

Our compliance-focused AI chatbot for educational use includes specific safeguards to protect students:

• Age-appropriate content filters 

• Prevention of harmful or inappropriate content 

• Records of interactions are maintained for educational oversight 

• Limitations on data collection from student users 

• Strict compliance with the EU AI Act (2024) requirements for high-risk AI systems in educational settings 

11. THIRD-PARTY LINKS AND SERVICES 

11.1. Exclusion of Certain Damages 

Our services may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third parties and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

12. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to collect and use information about you and to personalise your experience. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our services.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date. We encourage you to review this Privacy Policy frequently to stay informed about how we are protecting your information. 

14. CONTACT INFORMATION  

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: 

MESO ADAPT Center, Trinity College Dublin School of Computer Science and Statistics Dublin, Leinster, IE 

Email: privacy@meso-education.com  

For specific enquiries about our AI systems and compliance with the EU AI Act, please contact our AI Ethics Officer at ai-compliance@meso-education.com 

15. ADDITIONAL INFORMATION FOR SPECIFIC JURISDICTIONS 

15.1. European Economic Area (EEA), United Kingdom, and Switzerland 

As our platform is initially targeted at educational institutions in Ireland and subsequently the UK and other European markets, compliance with EEA data protection regulations is central to our operations. 

Legal Basis for Processing 

• Consent: Where the educational institution has given clear consent for us to process data for a specific purpose. 

• Contract: Where processing is necessary for the performance of our contract with the educational institution. 

• Legal Obligation: Where processing is necessary for compliance with legal obligations under the GDPR and EU AI Act. 

• Legitimate Interests: Where processing is necessary for our legitimate interests in improving educational technology, provided these interests are not overridden by the interests of data subjects. 

• Public Interest: Where processing is necessary for the performance of a task carried out in the public interest (applicable to public educational institutions). 

EU AI Act Compliance As our platform uses AI in educational settings, which the EU AI Act classifies as "high-risk", we implement the following measures: 

• Regular risk assessments of our AI systems 

• Human oversight of AI-generated educational content 

• Technical documentation of AI systems maintained for regulatory inspection 

• Registration in the EU database for high-risk AI systems (when applicable) 

• Quality management system for AI development 

• Logging capabilities to ensure traceability of AI system operations 

• Clear information to users about the capabilities and limitations of our AI tools 

Data Protection Officer Our Data Protection Officer can be contacted at privacy@meso-education.com. 

Supervisory Authority You have the right to lodge a complaint with your local data protection authority. For our operations in Ireland, the relevant authority is the Data Protection Commission (DPC). 

15.2. California Residents 

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA): 

California Privacy Rights 

• Right to Know: You can request information about personal information we've collected, used, disclosed, or sold. 

• Right to Delete: You can request the deletion of personal information we have collected from you. 

• Right to Correct: You can request correction of inaccurate personal information. 

• Right to Opt-Out of Sale or Sharing: You can direct us not to sell or share your personal information. 

• Right to Limit Use of Sensitive Personal Information: You can limit the use of your sensitive personal information. 

• Non-Discrimination: We will not discriminate against you for exercising any of these rights. 

To exercise these rights, please contact us using the methods described in the "Contact Information" section. 

California Shine the Light California Civil Code Section 1798.83 permits users who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. 

15.3. Other Jurisdictions

Additional privacy notices may apply based on your location. Please contact us for more information.