Last updated January 4, 2026

Privacy policy

1. Overview

This Privacy Policy applies to all of the services offered by Rumi Technologies, Inc. ("Rumi," "we," "us," or "Company") including Rumi's websites, applications, and any other features, content, or applications offered from time to time by Rumi (collectively, the "Services"). You should not use the Services if you do not agree to the terms of this Privacy Policy. Your continued use of Services represents your consent to the terms of this Privacy Policy.

At Rumi, we understand the importance of protecting the privacy of our users' personally identifiable information and we take appropriate steps to protect the personally identifiable information of our users. The purpose of this Privacy Policy is to explain what information we collect from our users when they interact with our Services, including what personally identifiable information and non-personally identifiable information we collect, how we use that information, with whom we share that information and what steps we take to protect that information.

Data Location: The Services are hosted in the United States on Google Cloud Platform (GCP). If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Services, you consent to this transfer.

2. Enterprise vs Self-Serve Roles

How administrative access and privacy requests work depends on how you use Rumi:

Enterprise: If your school or other institution provides access to the Services under an enterprise agreement, the institution is the customer. Institution administrators may manage user accounts and may have access to data in the institution environment consistent with the enterprise agreement and applicable law. Students and instructors in an enterprise environment should route privacy requests (access, correction, deletion, export) through their institution.

Self-serve: If you sign up directly (for example, as a student or instructor on a free or premium self-serve plan), Rumi operates the Services for your account. Your workspace owner (for example, the instructor who created a class) can manage classroom rosters and permissions for that workspace.

3. Personal Information Collected

To enable the Services to be used, we may collect the following Personal Information:

3.1 Student and Educator Data

Student data, including:

  1. Names: First, middle and last names including pseudonyms (if utilized).
  2. User-specific account identifiers: Information that only a User would know in order to secure their account, which may include the answer to a "secret question."
  3. Email address and Account Names: We require an email address and Account Name in order to service an account.
  4. Any data that is provided to us by a Customer to permit students to access their account: For example, a personal email address rather than an institutional one or contact details we may require to contact Users.
  5. Educational Data: This may include grade/year and educational institution, as well as data submitted pursuant to use of the Services, such as written materials in the form of essays, papers, examination answers, and other writings ("Submissions").
  6. (For standalone integrations i.e. non-LMS Integrations) Passwords: We may ask Users to provide Passwords which are essential for the security of an account.

Educator data, including:

  1. Names and email addresses: For the same reasons that we collect that data for Students, as stated above.
  2. Role: We either collect or assign an Educator's role within the Service so we can administer the account, such as "Instructor" or "Teaching Assistant."
  3. Educational institution: We will collect this data so we know that a User is using an account that is linked to their Institution.
  4. (For standalone integrations i.e. non-LMS Integrations) Passwords: We may ask Users to provide Passwords which are essential for the security of an account.

3.2 Student Submissions and Classroom Information

When the Services are used in a classroom, we collect information needed to provide the Services, such as classroom rosters, assignment metadata, and user-submitted content (e.g., student writing submissions) that you submit through the Services.

3.3 Usage, Device, and Log Information

We automatically collect information about how the Services are accessed and used, such as IP address, device identifiers, browser type, operating system, access times, pages/screens viewed within Rumi, and diagnostic and error logs.

3.4 Cookies and Analytics

We use cookies and similar technologies to operate, secure, and maintain the Services. We also use Google Analytics to help us understand Service performance, reliability, and feature usage in aggregate and to troubleshoot issues. For more information about Google Analytics, please visit Google's Privacy & Terms page at https://policies.google.com/privacy.

We do not use analytics providers to deliver targeted advertising to students, and we do not share student personal information with advertising partners.

3.5 Payment Information

Self-serve subscriptions (Instructor Premium): Payments are processed through Stripe. When you provide payment information, it is transmitted directly to Stripe. Rumi does not store complete payment card numbers on its servers. We collect billing and payment-related information, such as:

  • Billing name and billing address.
  • Payment method details (payment card number, expiration date, and CVV are processed by Stripe and are not stored on Rumi's servers).
  • Transaction history and billing records.

To learn more about how Stripe processes personal information, please review Stripe's privacy policy at https://stripe.com/privacy.

Enterprise subscriptions: For institutions purchasing Enterprise subscriptions, we may collect billing contact information, invoicing details, and tax or business identification information (for example, VAT/GST or W-9 information) as needed for invoicing and tax compliance. Enterprise payments are typically processed via invoice with payment by bank transfer or check, as specified in the Enterprise Agreement.

4. Use of Personal Information

We do not harvest, sell or rent your Personal Information, as the terms are defined under applicable laws. We use and disclose your Personal Information to operate, provide, improve, and develop our Services. Our purposes for using and disclosing your Personal Information are as follows:

  • To understand, measure, and improve our Services, for legally permissible purposes, including, but not limited to, analyzing the performance of our Services, improving our Services, research, product development, and/or to offer customized service suggestions. Usage Information helps us provide the Services in the local language, to diagnose technical problems, and to administer and secure the Services. We also aggregate and analyze Usage Information to better understand how our Services are used and to help us improve our Services.
  • To provide the Services to our Customers and their Users, including the processing of Submissions which is required in order to provide the results of the Services to our Customers (including generating originality/similarity reports).
  • To create and manage log-in credentials, for the creation, maintenance, and administration of Customer and User accounts, and to authenticate Users.
  • To provide customer support, including via email or text message to resolve a problem or support issue, to notify Customers or Users about changes or issues impacting the Services, and to otherwise communicate and solicit feedback on Customer experiences with the Services.
  • To protect our rights, such as to establish or exercise our legal rights or defend against claims. For example, sharing may be necessary in order to assert a legal claim or defense, such as to enforce our End User License Agreement.
  • In relation to a known or suspected violation of our terms of use, fraud prevention, or other unlawful use, including to share Personal Information with entities assisting us in an investigation and as may be required by applicable law.
  • In connection with legal or regulatory obligations, including to disclose your Personal Information as necessary to protect our rights or the rights and safety of our Users, or as necessary in the event of a court order, regulatory inquiry or other lawful request. Provided, however, that unless legally prohibited, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
  • In the event of a reorganization, merger, sale, assignment, bankruptcy, or similar business change, we may need to transfer your Personal Information to that re-organized entity or new owner after the sale or reorganization for them to use in accordance with this Privacy Policy.
  • To provide our Customers with updates and offers about our Services. At any time, you may unsubscribe or opt-out of further communication on any electronic marketing communication by emailing us.
  • To improve reliability and performance (for example, debugging, security monitoring, and service stability).
  • To comply with legal obligations and enforce our Terms of Service.

4.1 Marketing Communications

If you sign up for a self-serve instructor account (Free or Premium), we may send you information about product updates, new features, and promotional offers. You may opt out of marketing communications at any time by clicking the unsubscribe link in an email or by emailing support@rumidocs.com.

Even if you opt out of marketing communications, we may still send you transactional or service-related emails (for example, billing confirmations, security notices, and important service updates).

We do not send promotional marketing emails to student accounts except where permitted by law and consistent with applicable consent requirements.

5. Use of Writing Data

We will not use any words, content, or keystroke patterns from student submissions for any purpose other than providing plagiarism screening and determining the originality and authenticity of submissions. Student content and keystroke data will NOT be utilized for building student profiles, targeted advertising, or any other purpose besides powering the core service offering of our platform.

No Training on Student Content: We do not use student submission content to train or improve the Services.

We may use and retain aggregated or de-identified usage and performance analytics (for example, feature usage, reliability metrics, error rates, and system performance) for internal product improvement. These analytics do not include student submission content.

6. How We Share Information

We do not sell personal information. We do not sell, rent, or share personal information with third parties for their own marketing purposes.

We may share information in the following circumstances:

  • Service Providers:We use third-party service providers to help us operate the Services, including:
    • Google Cloud Platform (GCP): Our hosting infrastructure provider.
    • Stripe: Payment processing for self-serve subscriptions.
    • Google Analytics: Service performance and usage analytics.
    • Other processors for customer support tools, monitoring, and security.
  • With classroom/workspace administrators (for example, institution administrators in Enterprise, and the instructor/workspace owner in self-serve) as needed to administer accounts and classrooms.
  • With professional advisors (for example, lawyers, auditors, and insurers).
  • To comply with law or legal process, enforce our Terms, or protect the rights, safety, and security of Rumi, our users, or others.
  • In connection with a business transaction such as a merger, acquisition, reorganization, or sale of assets.

Our service providers may change over time as we operate and improve the Services.

7. Compliance with Family Educational Rights andPrivacy Act (FERPA)

The Family Educational Rights and Privacy Act (FERPA) is a United States federal law that protects the privacy of student educational records. By using our services, you acknowledge and agree that we are committed to complying with FERPA and ensuring the confidentiality of any personally identifiable information (PII) contained within the educational records of students. To the extent that we collect, store, process, or share PII from student educational records, we shall do so in accordance with FERPA's requirements and any applicable state or local laws or regulations.

Disclosure: We will only disclose PII from education records with the written consent of the student or the student's parent or legal guardian, or as otherwise permitted under FERPA and applicable law.

Notification of Requests: In the event that we receive a request for the disclosure of PII from a student's educational records, we will promptly notify the educational institution, agency, or organization responsible for the records in question. We will cooperate with such institutions, agencies, or organizations in determining the appropriate response to the request, in accordance with FERPA and any other applicable laws.

Security Measures: We maintain strict security measures to protect the confidentiality of all PII contained within student educational records and require our employees, contractors, and service providers who have access to PII from educational records to comply with FERPA and any other applicable laws.

Breach Notification: In the event of a breach or suspected breach of security involving PII from student educational records, we will promptly notify the affected educational institution, agency, or organization, and take all necessary steps to investigate and remediate the breach, as required by FERPA and any other applicable laws.

Institution Representations: If you are an educational institution, agency, or organization subject to FERPA, you represent and warrant that you have all necessary rights, permissions, and consents to provide us with access to PII from student educational records, in accordance with FERPA and any other applicable laws, and agree to indemnify and hold us harmless from and against any claims, damages, or expenses resulting from your breach of this representation and warranty.

Enterprise and Self-Serve Roles:

  • Enterprise: If the Services are provided to an educational institution under an Enterprise agreement, Rumi may act as a "school official" (or similar role) with a legitimate educational interest, as permitted by the institution and applicable law. In an Enterprise environment, students and instructors should submit privacy requests through their institution, and we will work with the institution to respond consistent with applicable law and the Enterprise agreement.
  • Self-serve instructor accounts: If an instructor uses a self-serve Free or Premium account (not provisioned through an Enterprise agreement), the instructor controls the classroom/workspace they create (including educational records generated within that workspace). Instructors using self-serve accounts are responsible for ensuring their use of the Services complies with applicable institutional policies and with FERPA to the extent they are employed by a FERPA-covered institution.

8. Compliance with Children's Online PrivacyProtection Act (COPPA)

Our Company is committed to safeguarding children's personal information collected online and is in full compliance with the Children's Online Privacy Protection Act (COPPA). COPPA mandates that we provide notice and obtain parental consent prior to collecting, using, or disclosing personal information from children under the age of 13.

8.1 Parental Consent and Control

Before collecting any personal information from children, we will provide parents or guardians with notice about our data practices and seek verifiable parental consent.

Parental Rights: Parents and guardians have the right to:

  • Review their child's personal information
  • Modify their child's personal information
  • Delete their child's personal information
  • Refuse to permit further collection or use of their child's information

To review, modify, or delete your child's personal information, please send an email to support@rumidocs.com.

8.2 Protecting Children's Information

We implement a variety of security measures to maintain the safety of children's personal information. All personal information is stored on secure servers and is only accessible by a limited number of authorized personnel.

8.3 Teens (13–17)

Users between 13 and 17 may use the Services, subject to additional steps or consents where required by applicable law.

If we learn that we have collected personal information from a child without appropriate consent, we will take steps to delete that information.

Should you have any questions or concerns regarding our compliance with COPPA and our efforts to ensure the privacy and safety of your child's personal information, please contact us at support@rumidocs.com.

9. Data Retention

We may retain certain User and Customer Personal Information for the period necessary to enable the continued use of the Services, to fulfill the purposes outlined in this Policy, for legally permissible business purposes, or as otherwise required by law. How long we retain specific Personal Information varies depending on its type and use, after which it will be deleted. We may retain non-Personal Information, including aggregated, de-identified, or anonymized data for lawfully permissible purposes.

9.1 Self-serve Retention (Free and Premium)

For self-serve accounts, we retain personal information while the account is active and for at least one (1) year after account closure, subscription cancellation, or the user's last activity, unless a longer period is required or permitted by law. After that period, we may delete or de-identify the personal information.

9.2 Account Inactivity

Free self-serve accounts may be deactivated or closed after prolonged inactivity (for example, 6 months) as described in our Terms of Service. If an account is closed, the retention period described above applies.

9.3 Student Content

Student submissions are stored within the Instructor Workspace where they were submitted. We do not retain student submission content for internal product improvement.

  • If a student account is deleted, their submissions are also removed from any Instructor Workspaces where they were submitted.
  • If an instructor closes a workspace or their account is deleted, all content within that workspace (including student submissions) may get deleted after the retention period described above.
  • Students should export any content they wish to retain before their account deletion or before an Instructor Workspace is closed.

Affiliated Account Deletion: Any content submitted by students may be deleted from our servers once the affiliated faculty and student accounts are deleted. To request account deletions please send a request via email to support@rumidocs.com.

9.4 Enterprise retention

For institution-managed (Enterprise) accounts, we retain data for at least one (1) year after account closure or inactivity, unless a different retention period is specified in the Enterprise Agreement between Rumi and the subscribing institution.

We may retain non-personal information, including aggregated, de-identified, or anonymized analytics, for internal product improvement and service reliability.

9.5 Children Under 13

For Children under 13 years old, we have a retention period for user account information for at least 1 year after account inactivity.

9.6 Non-Personal Information

We may retain non-personal information, including aggregated, de-identified, or anonymized analytics, for internal product improvement and service reliability.

10. Information Security

Rumi takes appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of user personal data. Rumi implements appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption, access controls, regular security reviews, and physical security measures to guard against unauthorized access to systems where we store personal data.

Rumi restricts access to user personal information to our employees, contractors, and agents who need to know that information in order to process it on our behalf. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution if they fail to meet these obligations.

Despite our efforts regarding data security, no system can be 100% secure and there is always a risk of unauthorized access to your personal data. By using our Services, you assume this risk. We also urge you to use a unique and strong password to your user account on Rumi Services as well as to protect such password.

Breach Notification: In the event of a breach or suspected breach of security involving personal information, we will take steps to investigate and remediate the breach and will notify affected users and institutions as required by applicable law.

11. Third-partyServices

We use Google Analytics to enhance user experience by understanding user interactions on our platform. It allows us to make improvements while safeguarding your data. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page at https://policies.google.com/privacy.

12. Information Tracking & Cookies

Most browsers can be set to detect browser cookies and to let a user reject them but refusing cookies may impact your experience with the Services. You can control cookies through your browser settings. Some features of the Services may not function properly if cookies are disabled. To learn more about browser cookies, including how to manage or delete them, refer to the Tools, Help, or similar section of your web browser.

13. Your Choices and Requests

13.1 Access, Correction, and Deletion

Enterprise accounts: If you use Rumi through a school or other institution, please submit requests to access, correct, or delete personal information through your institution. We will work with the institution to respond consistent with applicable law and our agreement with the institution.

Self-serve accounts: You may request access, correction, or deletion by emailing support@rumidocs.com.

13.2 Portability

Enterprise accounts: Portability requests should be submitted through your institution.

Self-serve accounts: You may request a copy of certain personal information by emailing support@rumidocs.com.

You have the right to receive your personal data which you have provided Rumi, in accordance with relevant personal data regulation, provided that such request does not adversely affect the rights and freedoms of others.

14. California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • The right to know what personal information we collect, use, and disclose.
  • The right to request deletion of your personal information.
  • The right to correct inaccurate personal information.
  • The right to opt out of the sale or sharing of personal information.

We do not sell or share personal information as those terms are defined under California law.

To exercise your California privacy rights, please contact us at support@rumidocs.com. We will not discriminate against you for exercising your privacy rights.

15. Changes to Our Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice (for example, by posting an updated policy in the Services, by email, and/or by updating the effective date).

Enterprise Customers: Material changes to this Privacy Policy will only apply to you and your personal information after we receive your explicit consent. If you do not agree to the changes, we will continue to handle your information in accordance with the most recent version of the Privacy Policy you accepted. You have the right to review any proposed changes before deciding whether to accept them.

Self-Serve Customers (Instructor Free, Instructor Premium, Student Free): For self-serve accounts, material changes will become effective on the date specified in the notice. Your continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you may stop using the Services and request deletion of your account.

We encourage you to periodically review this Privacy Policy to stay informed about how we protect your data. The date of the last modification is listed at the top of this Privacy Policy.

16. Contacting Rumi

If you have any questions about this privacy statement or Rumi Docs, please contact us at support@rumidocs.com

Get Started
Sign Up
Knowledge Hub
Interactive AI Policy Playbook
Integration
Canvas
D2L Brightspace
Moodle
Company
About Us
Contact Us
Blog
Legal
Privacy Policy
Terms & Conditions
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Follow Rumi on LinkedIn