Privacy Policy

Korosen ("we," "us," or "our") respects your privacy and is committed to protecting the personal data of our users, including students, parents, and educators. This Privacy Policy outlines how we collect, use, disclose, and protect personal data in compliance with the Personal Data Protection Act (PDPA) of Singapore and the PDPC Advisory Guidelines on the Use of Personal Data in AI Systems.

By using our software, website, or services (collectively, the "Service"), you consent to the data practices described in this policy.

We collect data to provide personalized learning and automated marking. This includes:

• Account Information: Name, email address, password, and school level/grade.
• Learning Data: Answers to questions, essays, math workings, quiz scores, progress reports, and time spent on tasks.
• AI Inputs: Text, handwriting images, or audio inputs provided by the student for AI analysis.
• Technical Data: IP address, device type, operating system, and browser information.
• Cookies: Data on session activity and preferences (see Section 8).

We use personal data for the following purposes ("Purposes"):

• Service Delivery: To create accounts, authenticate users, and provide customer support.
• AI Analysis & Marking: To automatically grade assignments, identify learning gaps, and recommend personalized practice questions.
• Progress Tracking: To generate performance reports for students, parents, and (where applicable) teachers.
• Communication: To send service updates, password resets, or important notices to parents.
• Safety & Security: To detect, prevent, and investigate fraud, abuse, or security incidents.

Transparency about our AI is a core part of our commitment to you.

• How it Works: Our AI algorithms analyze student answers to provide instant feedback.
• Human Oversight: While our AI is highly accurate, it is not infallible.
• Disclaimer: Significant decisions (such as final school grades) should not rely solely on our AI. Korosen is an independent edtech tool and is not endorsed by or affiliated with the Singapore Examinations and Assessment Board (SEAB) or the Ministry of Education (MOE).
• Model Training (Business Improvement Exception): We may use de-identified or anonymized student data to retrain and improve our AI models. We do not use personally identifiable data (e.g., names, emails) for AI training.

We do not sell your personal data. We only disclose data in the following situations:

• To Parents/Guardians: To report on the progress of their child.
• To Schools/Teachers: If the account is linked to a school class, the teacher can view the student's progress.
• Service Providers: We use trusted third-party providers (e.g., cloud hosting like AWS/Google Cloud, email delivery services) to help run our Service. They are contractually bound to protect your data.
• Legal Requirements: If required by Singapore law or a court order.

• Security Measures: We use industry-standard encryption (TLS/SSL) for data in transit and at rest. Access to personal data is restricted to employees who need it to perform their job functions.
• Retention: We retain personal data only for as long as necessary to fulfill the Purposes. Upon account termination, data will be deleted or anonymized within 30 days, unless a longer retention period is required by law.
• International Transfers: While our primary operations are in Singapore, some third-party service providers (such as AI processors) may process data overseas. In such cases, we ensure the recipient is bound by legally enforceable obligations to provide a standard of protection comparable to the PDPA.
• Data Breach Notification: In the unlikely event of a data breach that is likely to result in significant harm or affects more than 500 individuals, we will notify the Personal Data Protection Commission (PDPC) and the affected individuals as required by law.

Under the PDPA, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of any error in your data.
• Withdraw Consent: Withdraw consent for our use of your data (this may prevent us from providing the Service).
• Deletion: Request the deletion of your account and associated data, subject to legal retention requirements.

To exercise these rights, please contact our Data Protection Officer (DPO).

We use cookies to facilitate your session, remember your preferences, and analyze site traffic. You may decline cookies via your browser settings, but this may limit your ability to use certain features of the Service (e.g., staying logged in).

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the Service after such changes constitutes your acceptance of the new policy.

This Privacy Policy shall be governed in all respects by the laws of the Republic of Singapore.