Privacy Notice

How Munkey AI handles school data

Munkey AI is designed for institution-managed course support. This notice describes the data the app handles, where it is processed, and the controls reflected in this repository. It is not a legal contract and should be paired with institution-specific policies and vendor agreements.

Data Collected

Account, membership, course chat, and uploaded course material data needed to deliver the product.

Institution Context

Access is scoped by institution and course membership before chat, materials, and management features are exposed.

Current Posture

This repository removes unsupported compliance claims and adds transparency, request workflows, and private image handling.

Data categories used in the app

`Account data`: email address, authentication identifiers, and institution membership.

`Course data`: course rosters, roles, assignments, and uploaded PDF materials.

`Chat data`: conversations, citations, structured response forms, and temporary prompt images uploaded during a chat.

Third-party processors used by the product

`Supabase` provides authentication, database, and storage infrastructure.

`OpenAI` processes prompts, course context, and embeddings to generate or ground assistant responses.

`Pinecone` stores vector embeddings derived from uploaded course materials for retrieval.

Institutions should review and execute their own vendor terms, direct-control language, retention commitments, and approved-use policies before deploying the system with student records.

User access and requests

Signed-in users can export their current Munkey AI education record package and submit FERPA-related review or amendment requests from Account Settings.

Institution admins can review incoming requests from Institution Settings and record follow-up notes in the app.

For FERPA-specific details, review the FERPA Notice.