Privacy Policy

Our Privacy Standard: McFLAI AS is built around European data residency. Your account data is stored in the European Union, and we keep reliance on third parties to a minimum. Where a feature does depend on a provider outside the EU, we tell you below and explain how that data is protected.

This Privacy Policy describes how McFLAI AS ("the Company", "We", "Us") collects, uses, and protects your information. By using our Pathfinder platform, you consent to the data practices described in this policy.

1. Where Your Data Lives

Your account data and family charters are stored in the European Union (our database is in Madrid; our application hosting is with IONOS in Germany). Some features rely on third parties: if you sign in with Google or Microsoft, your sign-in is handled by those US-headquartered providers and some data is processed outside the EU, under Standard Contractual Clauses and the EU–US Data Privacy Framework. You can avoid this by signing in with an email address and a password instead. Our website fonts are self-hosted, so loading a page makes no request to any third-party font network.

Within the EU, our runtime database and chat storage run on Firebase (Google Cloud), and generative AI features are powered by Mistral and Teuken models via IONOS infrastructure.

2. Data Collection & Usage

Personal Identifiers

To provide access and manage user accounts, we collect:

• Name and Email address (via Google or Microsoft Authentication).
• Institutional or School affiliation.

Technical Logging ("Flight Recorder")

Our application includes a local debugging tool called a "Flight Recorder." This tool captures a rolling log of your last 100 interactions (such as page views and clicks) to assist in technical support. This data is only transmitted to our Firebase database if you proactively click "Submit Feedback." If no feedback is submitted, these logs remain on your local device and are cleared upon session end.

Site Usage Analytics

We measure basic site usage with our own privacy-respecting analytics, hosted entirely within the EU. We do not use cookies. We do not store IP addresses. We do not assign persistent identifiers, and we cannot link a visit on one day to a visit on another. We do not share any analytics data with third parties. The data we collect is limited to pages viewed, country, device class, browser family, referring site, and aggregated engagement signals.

Hosting Cookies

Our hosting provider (IONOS) may set a small technical cookie used for load distribution and infrastructure-level visitor counting. It contains no personal data and is not accessed or used by us for any analytics or profiling purpose.

3. Artificial Intelligence & Curriculum Data

AI Integrity

We use AI to support educational outcomes while maintaining strict privacy boundaries:

• No Training: Your inputs and personal data are never used to train or improve the underlying AI models (Mistral/Teuken).
• Contextual Accuracy: We connect to official governmental APIs including Norway (Udir) and Finland (ePerusteet) to ensure AI responses align with national curriculum standards.

4. Third-Party Services

We do not sell your data. We share information only with the following essential processors:

• IONOS: Cloud infrastructure and AI model hosting.
• Google/Firebase: Authentication and runtime data storage.
• Microsoft: Authentication services.

5. Links & Embedded Content

We link to news and articles from third parties. Once you click through, that site's own privacy policy applies and what happens there is beyond our control.

Our own video — including webinar recordings — is hosted on our EU infrastructure (IONOS) and streamed through our own backend, so no third-party video service is involved and only our servers see your request. Where we instead embed a third-party video (for example YouTube or Vimeo), it loads from that provider, which may see your IP address or set its own cookies when the video plays; for YouTube we use its privacy-enhanced "no-cookie" embed.

6. Institutional Compliance & Children's Privacy

As an EdTech provider, McFLAI often acts as a Data Processor for schools or municipalities (the Data Controllers). We do not knowingly collect data from children under the age of 13 without appropriate authorization from the educational institution or legal guardian, in accordance with national laws in Norway.

7. Your Rights & Data Retention

You can access, correct, export, or delete your data at any time via our contact page. We delete your account data and family charter when you delete your account. We keep payment and invoice records for the period required by law. We respond to data requests within one month.

8. Contact Information

For privacy inquiries or to exercise your data rights, please contact:

McFLAI AS
Huldreveien 6J, 0781 Oslo, Norway
Email: support@crafting-tomorrow.eu