MathVoice Privacy Policy & Data Processing Agreement

MathVoice — Privacy Policy & Data Processing Agreement

MathVoice Privacy Policy

Effective: April 11, 2026 · Version 1.0 · [email protected]

Core FERPA claim: In the default Web Speech API configuration, voice audio is processed by the browser's built-in speech recognition engine. In Google Chrome, this means audio is transmitted to Google's speech recognition servers — it does not stay on the device. Only a structured JSON object describing the mathematical intent is sent to MathVoice servers. This object contains no audio, no voice biometrics, and no personally identifiable information. Users who require fully on-device processing should use a browser with a local speech engine (e.g. Firefox with on-device ASR) or the Whisper backend running locally.

1. Who we are

MathVoice operates the Studio web application at mathvoice.app and the REST API at api.mathvoice.app. References to "MathVoice", "we", "us", or "our" refer to the MathVoice service and its operators. Contact: [email protected].

2. What data we collect and why

2.1 Formula data (API calls)

When you use the Studio or an application built on the MathVoice API, the following data may be sent to our servers:

IntentResult JSON — a structured object like {"type":"REPLACE_VALUE","target":{"role":"denominator"},"value":{"raw":"n"}}. This contains mathematical intent, not personal information.
Formula LaTeX strings — the mathematical formulas you are editing (e.g., \frac{-b}{2a}). These are sent to the /v1/intent and /v1/mutate endpoints as formulaContext.latex.

We use this data to process your request and return a result. We do not store formula data beyond the duration of a single API request unless you have enabled session logging for debugging (opt-in only, available to Institutional accounts).

2.2 Voice audio

Default (Web Speech API): Voice audio is processed by your browser's built-in speech recognition. In Google Chrome and other Chromium-based browsers, audio is transmitted to Google's servers for recognition — it does not remain on your device. MathVoice itself never receives your audio; only the recognised text transcript is sent to the MathVoice intent API. If your institution requires that no audio leave the device, use Firefox with a local speech engine or enable the on-device Whisper mode. We recommend disclosing this to students and obtaining appropriate consent under FERPA/GDPR.

Whisper ASR backend (optional, off by default): If you or your institution enables the Whisper provider, audio recordings are transmitted to OpenAI's servers for transcription. You are responsible for obtaining appropriate consent under applicable law (FERPA, COPPA, GDPR) before enabling this mode for students. See your institution's DPA with OpenAI.

2.3 API usage logs

Our API server logs standard access data: endpoint path, HTTP method, status code, response time, and API key prefix (e.g., mv_live_abc…). We do not log request bodies. Logs are retained for 30 days for security and billing purposes.

2.4 Account data

If you create a Pro or Institutional account, we collect your email address and billing information. Payment is processed by Stripe; MathVoice does not store card details.

3. FERPA compliance

MathVoice is designed for FERPA-compliant use in US educational institutions. The FERPA compliance claim rests on two facts:

Voice audio in Chrome is sent to Google's servers via the Web Speech API — not to MathVoice, and not stored by MathVoice, but institutions should be aware of this third-party data flow. Firefox with a local speech engine, or the on-device Whisper mode, avoids this.
The only data transmitted — IntentResult JSON and LaTeX formula strings — does not contain student names, IDs, or any directly identifying information. A formula like \frac{-b}{2a} is not a student education record.

For institutional deployments where student-authored formulas might be considered education records, a signed Data Processing Agreement (DPA) is available (see Section 7). Under FERPA, MathVoice acts as a "school official" processing records for legitimate educational purposes.

4. COPPA (Children under 13)

MathVoice does not offer direct-to-student accounts for children under 13. The Studio may be used by students under 13 in an institutional context under a signed DPA with the school or district, which acts as the COPPA-compliant intermediary. We do not knowingly collect personal information from children under 13 outside of a signed institutional agreement.

5. GDPR (EU residents)

For users in the European Economic Area: MathVoice processes personal data (email, billing, API logs) on the legal basis of contract performance (Art. 6(1)(b) GDPR) for account holders, and legitimate interests (Art. 6(1)(f)) for security logging. Formula data and IntentResult objects are not personal data. You have the right to access, correct, or erase your personal data by emailing [email protected].

6. Data retention

API access logs: 30 days, then permanently deleted
Account data: retained while account is active; deleted within 30 days of account closure on request
Formula/IntentResult data: not retained beyond request processing
Backups: encrypted, retained for 7 days, then deleted

7. Data Processing Agreement (DPA)

A signed Data Processing Agreement is available for institutional customers. The DPA covers:

Description of processing activities
Data subject rights obligations
Security measures and breach notification (72-hour notification commitment)
Sub-processor list (Anthropic for LLM intent parsing; OpenAI optional for Whisper)
Data deletion commitments
Standard Contractual Clauses (EU SCCs) for cross-border transfers

Request a DPA: [email protected]

8. Security

All API traffic over TLS 1.3
API keys stored as bcrypt hashes, never in plain text
Infrastructure on Vercel/AWS with SOC 2 Type II certification
No production data in development or staging environments

9. Changes to this policy

We will notify institutional customers of material changes by email at least 30 days before the change takes effect. The current version is always at mathvoice.app/legal/privacy.

DATA PROCESSING AGREEMENT — TEMPLATE v1.0

This template is provided for reference. Institutional customers receive a countersigned version from MathVoice. Fill in bracketed fields before signature.

Parties

This Data Processing Agreement ("DPA") is entered between [Institution Name], a [type of entity] ("Controller"), and MathVoice ("Processor"), effective [Date].

1. Purpose and scope of processing

Processor provides the MathVoice Studio and REST API to enable voice-controlled mathematical formula editing for students and staff of the Controller. Processing is described in Annex A.

2. Categories of data subjects and personal data

Data subjects: Students, staff, and faculty of the Controller using the MathVoice service
Personal data categories: Email address (account holders only); API access logs (key prefix, timestamp, endpoint, IP address); voice audio only if Whisper ASR backend is enabled by Controller
Special categories: None, unless Controller explicitly enables Whisper ASR for identified students with disabilities

3. Controller obligations

Controller confirms it has a lawful basis to share personal data with Processor, has provided appropriate privacy notice to data subjects, and will not enable the Whisper ASR backend for students under 13 without parental consent.

4. Processor obligations

Processor will: process personal data only on Controller's documented instructions; ensure persons authorised to process data are bound by confidentiality; implement security measures as described in Section 5; not engage sub-processors without Controller's prior authorisation; assist Controller in fulfilling data subject rights requests; delete or return all personal data on termination.

5. Security measures (Technical and Organisational)

Encryption in transit: TLS 1.3 minimum
Encryption at rest: AES-256 for all stored data
Access control: Role-based access, MFA required for all staff with production access
Audit logging: All access to personal data logged with timestamps
Incident response: Breach notification to Controller within 72 hours of discovery
Penetration testing: Annual third-party penetration test

5a. LTI 1.3 Integration

MathVoice supports embedding via LTI 1.3 (Learning Tools Interoperability) in Learning Management Systems including Canvas (Instructure) and Moodle, as well as Schoology and Blackboard. When accessed via an LTI launch, MathVoice receives the LTI context ID and optionally a pseudonymous user identifier from the LMS platform. This data is used solely to maintain session state and is not persisted beyond the active session unless a Data Processing Agreement (DPA) has been executed with the institution. No LTI user data is transmitted to third-party sub-processors without explicit institutional consent.

6. Sub-processors

Sub-processor	Purpose	Location	DPA
Anthropic, PBC	LLM intent parsing (/v1/intent LLM tier only)	USA	Anthropic Usage Policy
Google LLC	Cloud TTS (/api/tts — optional)	USA	Google Cloud DPA
OpenAI, LP	Whisper transcription — disabled by default	USA	OpenAI DPA (Controller must sign separately)
Vercel Inc.	Web hosting and CDN	USA/EU	Vercel DPA

7. International transfers

Transfers of EU personal data to the USA are covered by Standard Contractual Clauses (EU Commission Decision 2021/914). Processor will execute the relevant Module 2 (Controller to Processor) SCCs with Controller on request.

8. Term and termination

This DPA remains in force for the duration of the service agreement and terminates automatically upon its expiry. Processor will delete all personal data within 30 days of termination, with written confirmation provided to Controller.

Signatures

Controller: ___________________________ Authorised signatory · Date: ___________

Processor (MathVoice): ___________________________ · Date: ___________

Completed DPAs: [email protected]