Privacy & Sovereignty

We build math tools that empower students and respect their right to domestic data residency.

🇨🇦 PIPEDA Federal📋 SK FOIP Compliant🛡️ No-PII AI Protocol🍁 Montréal Residency

⚖️

Compliance Context

MathMastery is natively aligned with Saskatchewan's FOIP Act. All student data is housed in Canadian regions to satisfy school board audit requirements.

🏫

1. Identity & Origin

MathMastery is a Saskatchewan-based educational infrastructure providing curriculum-aligned adaptive math practice for K–8 classrooms, with AI-assisted explanations and Socratic guidance. Our curriculum is outcome-aligned specifically for the Saskatchewan Ministry of Education standards.

📧 privacy@mathmastery.ca

🔍

2. Minimalist Data Collection

We collect only what is necessary to personalize the learning experience. We never collect full names, physical addresses, or phone numbers of students.

Data Point	Sovereign Purpose
Username / Email	Account recovery & Socratic profile identification
Grade & Province	Curriculum alignment (SK Outcomes)
Learning History	Mastery tracking and misconception analysis

SSO & Identity Roadmap (Fall 2026)We are currently building integrations for Single Sign-On (SSO) via Google Workspace, Microsoft 365, and Clever. This will allow schools to utilize their existing, board-authorized credentials, further minimizing the data we need to store directly.

🛰️

3. AI Sovereignty

Every AI call and every byte of student data lives inside Canadian Google Cloud regions. No US-hosted providers, no cross-border fallback.

AI Engine⚡

Google Gemini via Vertex AI — Montréal

Gemini handles problem generation and Socratic tutoring. Inference is pinned to northamerica-northeast1 (Montréal). Data is sent as transient inference — never stored by Google, never used for model training.

Gemini-only by policy · No US fallback

🍁

Domestic Data Residency

Student records live in Google Firestore, Montréal (northamerica-northeast1). They never leave Canadian soil.

🛡️

4. Security Pillars

Bcrypt Hashing

Passwords are irreversibly hashed; we never see them.

JWT Tokens

Secure, short-lived authentication sessions.

HTTPS Protocol

Military-grade encryption for all data in transit.

AI Sanitization

Identifiers are stripped before AI Link transmission.

👤

5. Your Privacy Rights

Under PIPEDA and FOIP, you have full control over your educational footprint.

✓ Right to Access & Export Data
✓ Right to Correction
✓ Permanent Account Deletion
✓ Withdrawal of Consent