Privacy Policy

Effective Date: April 1, 2023

Last Updated: June 24, 2024

This Privacy Policy applies to all of the services offered by Rumi ("Rumi", "we" or “Company”) including the Rumi’s website, and any other features, content, or applications offered from time to time by Rumi (collectively, the "Services"). You should not use the Services if you do not agree to the terms of this Privacy Policy. Your continued use of Services represents your consent to the terms of this Privacy Policy. 

At Rumi, we understand the importance of protecting the privacy of our users’ personally identifiable information and we take appropriate steps to protect the personally identifiable information of our users. The purpose of this Privacy Policy is to explain what information we collect from our users when they interact with our Services, including what personally identifiable information and non-personally identifiable information we collect, how to use that information, with whom we share that information and what steps we take to protect that information.

Our Services are hosted in the United States and if you are accessing them from outside the United States, please be advised that you are transferring information to the United States. Your continued use of our Services represents your consent to this transfer of information. 

Personal Information Collected

To enable the Services to be used, we may collect the following Personal Information: 

Student data, including:

  1. Names: First, middle and last names including pseudonyms (if utilized). 
  2. User-specific account identifiers: Information that only a User would know in order to secure their account, which may include the answer to a ‘secret question’. 
  3. Email address and Account Names: We require an email address and Account Name in order to service an account. 
  4. Any data that is provided to us by a Customer to permit students to access their account: For example, a personal email address rather than an institutional one or contact details we may require to contact a Users.
  5. Educational Data: This may include grade/year and educational institution, as well as data submitted pursuant to use of the Services, such as written materials in the form of essays, papers, examination answers, and other writings (“Submissions”).
  6. (For standalone integrations i.e. non-LMS Integrations) Passwords: We may ask Users to provide Passwords which are essential for the security of an account. 

Educator data, including: 

  1. Names and email addresses: for the same reasons that we collect that data for Students, as stated above. 
  2. Role: We either collect or assign an Educator’s role within the Service so we can administer the account, such as ‘Instructor’ or ‘Teaching Assistant’. 
  3. Education institution: We will collect this data so we know that a User is using an account that is linked to their Institution.
  4. (For standalone integrations i.e. non-LMS Integrations) Passwords: We may ask Users to provide Passwords which are essential for the security of an account.

Use of Personal Information

We do not harvest, sell or rent your Personal Information, as the terms are defined under applicable laws. We use and disclose your Personal Information to operate, provide, improve, and develop our Services. Our purposes for using and disclosing your Personal Information are as follows: 

  • To understand, measure, and improve our Services, for legally permissible purposes, including, but not limited to, analyzing the performance of our Services, improving our Services, research, product development, and/or to offer customized service suggestions. Usage Information helps us provide the Services in the local language, to diagnose technical problems, and to administer and secure the Services. We also aggregate and analyze Usage Information to better understand how our Services are used and to help us improve our Services. 
  • To provide the Services to our Customers and their Users, including the processing of Submissions which is required in order to provide the results of the Services to our Customers. 
  • To create and manage log-in credentials, for the creation, maintenance, and administration of Customer and User accounts, and to authenticate Users. 
  • To provide customer support, including via email or text message to resolve a problem or support issue, to notify Customers or Users about changes or issues impacting the Services, and to otherwise communicate and solicit feedback on Customer experiences with the Services. 
  • To protect our rights, such as to establish or exercise our legal rights or defend against claims. For example, sharing may be necessary in order to assert a legal claim or defense, such as to enforce our End User License Agreement. 
  • In relation to a known or suspected violation of our terms of use, fraud prevention, or other unlawful use, including to share Personal Information with entities assisting us in an investigation and as may be required by applicable law. 
  • In connection with legal or regulatory obligations, including to disclose your Personal Information as necessary to protect our rights or the rights and safety of our Users, or as necessary in the event of a court order, regulatory inquiry or other lawful request. Provided, however, that unless legally prohibited, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime. 
  • In the event of a reorganization, merger, sale, assignment, bankruptcy, or similar business change, we may need to transfer your Personal Information to that re-organized entity or new owner after the sale or reorganization for them to use in accordance with this Privacy Policy. 
  • To provide our Customers with updates and offers about our Services. At any time, you may unsubscribe or opt-out of further communication on any electronic marketing communication by emailing us.

Use of Writing Data

We will not use any words, content, or keystroke patterns from student submissions for any purpose other than providing plagiarism screening and determining the originality and authenticity of submissions. Student content and keystroke data will NOT be utilized for building student profiles, targeted advertising, or any other purpose besides powering the core service offering of our platform.

Compliance with Family Educational Rights and Privacy Act (FERPA)

The Family Educational Rights and Privacy Act (FERPA) is a United States federal law that protects the privacy of student educational records. By using our services, you acknowledge and agree that we are committed to complying with FERPA and ensuring the confidentiality of any personally identifiable information (PII) contained within the educational records of students. To the extent that we collect, store, process, or share PII from student educational records, we shall do so in accordance with FERPA's requirements and any applicable state or local laws or regulations. 

We will only disclose PII from education records with the written consent of the student or the student's parent or legal guardian, or as otherwise permitted under FERPA and applicable law. In the event that we receive a request for the disclosure of PII from a student's educational records, we will promptly notify the educational institution, agency, or organization responsible for the records in question. We will cooperate with such institutions, agencies, or organizations in determining the appropriate response to the request, in accordance with FERPA and any other applicable laws. 

We maintain strict security measures to protect the confidentiality of all PII contained within student educational records and require our employees, contractors, and service providers who have access to PII from educational records to comply with FERPA and any other applicable laws. In the event of a breach or suspected breach of security involving PII from student educational records, we will promptly notify the affected educational institution, agency, or organization, and take all necessary steps to investigate and remediate the breach, as required by FERPA and any other applicable laws. If you are an educational institution, agency, or organization subject to FERPA, you represent and warrant that you have all necessary rights, permissions, and consents to provide us with access to PII from student educational records, in accordance with FERPA and any other applicable laws, and agree to indemnify and hold us harmless from and against any claims, damages, or expenses resulting from your breach of this representation and warranty.

Compliance with Children's Online Privacy Protection Act (COPPA)

Our Company is committed to safeguarding children's personal information collected online and is in full compliance with the Children’s Online Privacy Protection Act (COPPA). COPPA mandates that we provide notice and obtain parental consent prior to collecting, using, or disclosing personal information from children under the age of 13.

Parental Consent and Control

Before collecting any personal information from children, we will provide parents or guardians with notice about our data practices and seek verifiable parental consent. Parents and guardians have the right to review, modify, or delete their child’s personal information, and may refuse to permit further collection or use of their child’s information. Instructions for accessing and managing your child's personal information will be provided upon verification of parental consent.

To review, modify, or delete you child's personal information, please send an email to

Protecting Children's Information

We implement a variety of security measures to maintain the safety of children's personal information. All personal information is stored on secure servers and is only accessible by a limited number of authorized personnel.

Should you have any questions or concerns regarding our compliance with COPPA and our efforts to ensure the privacy and safety of your child’s personal information, please contact us at

Data Retention

We may retain certain User and Customer Personal Information for the period necessary to enable the continued use of the Services, to fulfill the purposes outlined in this Policy, for legally permissible business purposes, or as otherwise required by law. How long we retain specific Personal Information varies depending on its type and use, after which it will be deleted. We may retain non-Personal Information, including aggregated, de-identified, or anonymized data for lawfully permissible purposes.

Any content submitted by students will be deleted from our servers once the affiliated faculty and student accounts are deleted. To request account deletions please send a request via email to

For Children under 13 years old, we have a retention period for user account information for 1 year after account inactivity. We automatically delete accounts and personal data after that period.

Information Security

Rumi takes appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of user personal data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorized access to systems where we store personal data. 

Rumi restricts access to user personal information to our employees, contractors, and agents who need to know that information in order to process it on our behalf. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution if they fail to meet these obligations. 

Despite our efforts regarding data security, no system can be 100% secure and there is always a risk of unauthorized access to your personal data. By using our Services, you assume this risk. We also urge you to use a unique and strong password to your user account on Rumi Services as well as to protect such password.

Third-party Services

We use Google Analytics to enhance user experience by understanding user interactions on our platform. It allows us to make improvements while safeguarding your data. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.

Information Tracking & Cookies

Most browsers can be set to detect browser cookies and to let a user reject them but refusing cookies may impact your experience with the Services. To learn more about browser cookies, including how to manage or delete them, refer to the Tools, Help, or similar section of your web browser.

Updating or Removing Information

Rumi users may modify or remove any of their personal information at any time by emailing our technical support team at


You have the right to receive your personal data which you have provided Rumi, in accordance with relevant personal data regulation, provided that such request does not adversely affect the rights and freedoms of others.

Changes to our Privacy Policy

We may update this Privacy Policy from time to time and will notify you of any material changes. However, these changes will only apply to you and your personal information after we receive your explicit consent. If you do not agree to the changes, we will continue to handle your information in accordance with the most recent version of the Privacy Policy you accepted. You have the right to review any proposed changes before deciding whether to accept them. We encourage you to periodically review this Privacy Policy to stay informed about how we protect your data. The date of the last modification is listed at the top of this Privacy Policy.

Contacting Rumi

If you have any questions about this privacy statement or Rumi please contact us at: Email: