Last updated: 29 April 2026
This notice supplements our main Privacy Policy and provides additional information relevant to schools, teachers, and educational institutions ("School" or "Schools") that use Tête-à-Tête with their students.
1. Our Role
When a School directs students to use Tête-à-Tête as part of its curriculum or educational programme, the School is the data controller for the student data it instructs us to process, and Tête-à-Tête acts as a data processor on the School's behalf.
Where a student signs up independently (not through a School), Tête-à-Tête is the data controller in its own right. Our main Privacy Policy applies in that case.
2. Data We Process on Behalf of Schools
When students use the Service through a School, we process:
- Account information: Name, email address, school affiliation, year group
- Educational data: Practice session transcripts, AI-generated scores and feedback, progress metrics
- Voice data: Audio recordings of French and Spanish speaking practice (streamed in real time for AI processing — see section 5 for retention details)
- Technical data: Device type, session timestamps, error logs
3. How Student Data Is Processed
- Audio is streamed in real time to OpenAI via LiveKit for transcription and AI response generation. Tête-à-Tête does not permanently store audio. See section 5 for full retention details.
- Transcripts of student speech are stored in our database for progress tracking and review.
- AI-generated scores and feedback are stored against the student's account.
- We do not use student data for marketing, advertising, profiling, or any purpose unrelated to providing the educational Service.
- We do not perform biometric identification or create voice prints from audio data.
4. Sub-Processors
We use the following sub-processors to deliver the Service. Each processes student data only on our instructions and under appropriate contractual safeguards:
| Provider | Purpose | Location | Certifications |
|---|
| OpenAI | AI processing services per Controller's instructions | US | — |
| LiveKit | Voice infrastructure; may temporarily retain session audio for a limited period for debugging purposes | US | SOC 2 Type II; GDPR |
| Railway | Application and database hosting | US | — |
| Vercel, Inc. | Web hosting and consent-gated analytics | US | SOC 2 Type II |
| Cloudflare, Inc. | Image hosting and CDN delivery (no personal data uploaded; viewer IP and user-agent recorded for standard CDN logging) | US | SOC 2 Type II; ISO 27001; ISO 27018 |
| Functional Software, Inc. (Sentry) | Error monitoring (transcript and audio content excluded) | US | SOC 2 Type II |
| Resend | Transactional email delivery | US | — |
| Stripe, Inc. | Payment processing (web subscriptions) | US | — |
| Apple Inc. | App Store distribution, in-app purchases (iOS) | US | — |
| RevenueCat, Inc. | Subscription and in-app purchase management | US | — |
| Slack Technologies, LLC | Internal staff notifications about new signups, subscription events, and operational alerts (user email and name only; transcript and audio content excluded) | US | SOC 2 Type II; ISO 27001; ISO 27018 |
International transfers are protected by Standard Contractual Clauses and/or data processing agreements with each provider.
5. Audio and Recording
- Audio is streamed in real time for AI processing. Tête-à-Tête does not permanently store audio.
- LiveKit, our voice infrastructure provider, may temporarily retain session audio and telemetry for a limited period for technical debugging and quality assurance purposes, then permanently deleted. Any retained data is accessible to authorised Tête-à-Tête staff for debugging purposes only and is not used for marketing, training AI models, or any other purpose.
- A visible "recording" indicator is displayed to the student whenever audio capture is active.
- We do not create or store voice prints, biometric templates, or any form of biometric identifier from student audio.
- OpenAI does not use API data to train its models. Audio processed by OpenAI may be retained for a limited period for safety monitoring purposes, then permanently deleted.
6. Data Retention
- Educational records (transcripts, scores, feedback): Retained for up to 7 years for educational continuity and safeguarding purposes. Deleted on request.
- Audio recordings: Not permanently stored by Tête-à-Tête. LiveKit, our voice infrastructure provider, may temporarily retain session audio for a limited period for debugging purposes, then permanently deleted.
- Account data: Retained while the account is active, plus up to 2 years after closure.
- Technical logs: Retained for up to 90 days. Transcript and audio content is not included in logs.
Schools may request earlier deletion of all student data at any time by contacting us.
7. Deletion and Data Subject Rights
Schools can exercise the following rights on behalf of their students:
- Access: Request a copy of all student data we hold
- Rectification: Correct inaccurate student data
- Erasure: Request deletion of student accounts and all associated data
- Portability: Receive student data in a structured, machine-readable format
- Restriction: Limit processing while a request is being handled
Deletion requests are processed within 30 days. When a student account is deleted, all associated data (transcripts, scores, progress records) is permanently removed from our database and cannot be recovered.
8. Security Measures
- All data encrypted in transit (TLS) and at rest
- Access restricted to authorised personnel only
- Transcript and audio content excluded from error monitoring and application logs
- Documented incident response procedures with 72-hour notification to Schools where a breach affects their students' data
9. Data Processing Agreement
Schools that require a formal Data Processing Agreement (DPA) under UK GDPR Article 28 can review and use our standard DPA:
To execute a DPA or discuss bespoke data processing requirements, please contact us at privacy@tete-a-tete.ai.
10. Contact
Privacy enquiries: privacy@tete-a-tete.ai
Legal / compliance: legal@tete-a-tete.ai
General support: support@tete-a-tete.ai
Address: Tête-à-Tête AI, c/o Berg Kaprow Lewis LLP, 35 Ballards Lane, London, N3 1XW, UK
ICO Registration: ZC135288
