New

Now in Claude, ChatGPT, Cursor & more with our MCP server

Koji
Why KojiUse casesCompareFAQ
Back to Koji for Education
Trust centreGDPR / AVGData processingAI governanceSecurityAccessibilitySub-processorsTOMCookies

Last updated: May 2026

Privacy Policy

How personal data is collected, processed, and protected when universities use Koji for Education for course evaluation. Written for privacy officers, data protection officers, and institutional compliance teams.

Introduction

This privacy policy describes how Koji B.V. ("Koji", "we", "us") processes personal data through the Koji for Education course evaluation platform. Koji for Education enables universities and other higher education institutions to conduct AI-guided course evaluations, generating structured feedback and quality reports from student conversations.

This policy applies to all individuals whose personal data is processed through the platform, including:

  • Students who participate in course evaluation conversations.
  • Instructors whose courses are evaluated and whose names appear in reports.
  • Administrative staff at partner institutions who access the platform for management, reporting, or configuration purposes.

This policy should be read alongside the privacy notice provided by your institution (the data controller), which describes the institution's own obligations and the lawful basis for processing your data through the platform.

Controller and processor

The university or educational institution that deploys Koji for Education is the data controller under Article 4(7) of the General Data Protection Regulation (EU 2016/679). The controller determines the purposes and means of processing personal data collected through course evaluations. This includes deciding which courses are evaluated, which students participate, how results are used, and how long data is retained.

Koji B.V. is the data processor under Article 4(8) GDPR. Koji processes personal data solely on the documented instructions of the controller, as set out in a Data Processing Agreement (DPA) executed between Koji and the institution.

The DPA governs the subject matter, duration, nature, and purpose of processing, the types of personal data involved, and the categories of data subjects. The DPA is aligned with the SURF Model Verwerkersovereenkomst. A summary of the data processing terms is available at /edu/compliance/data-processing.

What data we collect

Student data

  • Email address or institutional identifier, provided via SAML SSO during authentication.
  • Conversation transcripts: the full text of responses during AI-guided evaluation conversations.
  • Voice recordings (optional): only when the institution enables voice-based interviews. Recordings are transcribed and, by default, deleted after transcription unless the institution opts for longer retention.
  • Quality scores: structured ratings generated from the evaluation conversation, such as satisfaction scores per evaluation dimension.
  • Timestamps: date and time of participation.
  • Language preference: the language selected for the evaluation conversation.

Instructor data

  • Name as it appears in course reports, provided by the institution during course configuration.
  • Institutional role, used for access control and report attribution.

Administrative data

  • Name, email address, and institutional role for platform access and configuration.

Technical data

  • Anonymised analytics: page views and usage patterns, collected without personally identifiable information.
  • Session data: authentication state maintained via session cookies.
  • Server logs: access logs, error logs, and authentication events, retained for 90 days.

What we do not collect

Koji does not collect browsing history, device fingerprints, precise or approximate location data, social media profiles, or any data from other applications on the user's device.

How we use data

Personal data processed through Koji for Education is used exclusively for the following purposes:

  • Conducting AI-guided course evaluation conversations with students on behalf of the institution.
  • Generating quality scores and thematic summaries from evaluation responses.
  • Producing course quality reports for institutional use, including programme-level and institution-level aggregations.
  • Providing role-based access to evaluation results for authorised staff at the institution.
  • Platform operation, maintenance, and security monitoring to ensure availability and integrity of the service.

Koji does not use personal data for marketing or promotional purposes, behavioural profiling or automated decision-making that produces legal or similarly significant effects, selling or licensing data to third parties, or training artificial intelligence models.

AI processing

Koji for Education uses large language models (LLMs) to conduct adaptive evaluation conversations with students and to generate quality scores and thematic summaries from those conversations. The following principles govern AI processing on the platform:

  • University-controlled LLM infrastructure. Each university connects Koji to its own enterprise LLM accounts. Conversation data flows through the institution's existing AI agreements, meaning LLM inference occurs under the university's direct control and contractual arrangements. Koji does not control or operate the LLM inference infrastructure.
  • EU-native alternatives. For universities that do not have their own enterprise LLM accounts, Koji offers EU-native LLM alternatives where inference takes place entirely within the European Union.
  • Advisory outputs. All AI-generated outputs, including quality scores and summaries, are advisory. Every output is traceable to the source transcript from which it was derived, allowing the institution to verify and audit AI conclusions.
  • PII redaction. Personally identifiable information is redacted from conversation data before it appears in summaries and reports accessible to instructors and programme managers.
  • No model training on student data. No personal data processed through Koji for Education is used to train, fine-tune, or improve any AI model. This applies to both university-provided LLMs and any EU-native alternatives offered by Koji.

Data sharing

Access to personal data processed through the platform is restricted to the following parties:

  • The deploying university (controller). The institution has full access to all data processed on its behalf, subject to the role-based access controls configured within the platform.
  • Koji staff. A limited number of authorised Koji personnel may access personal data for the purposes of technical support, incident resolution, and platform maintenance. All such access is subject to confidentiality obligations, logged, and conducted in accordance with the principle of least privilege.
  • Sub-processors. Koji engages a limited number of sub-processors to provide the service. Each sub-processor is contractually bound to equivalent data protection obligations. The current list of sub-processors is published at /edu/compliance/sub-processors.

Koji does not share personal data with other educational institutions, advertisers, data brokers, or any third party for their own independent purposes.

Data storage and security

All personal data is stored and processed within the European Union. The specific measures in place are:

  • Primary database: Supabase, hosted on AWS Frankfurt (eu-central-1), within the EU.
  • Application hosting: Vercel, using EU-region infrastructure.
  • Tenant isolation: each institution operates within its own fully isolated environment. Data from one institution is never accessible to another institution or commingled in shared databases.
  • Encryption at rest: all personal data stored in databases and file storage is encrypted using AES-256.
  • Encryption in transit: all data transmitted between the user's browser and Koji's servers, and between internal services, is encrypted using TLS 1.3. Older TLS versions are not supported.
  • Access controls: role-based access controls are enforced across all layers of the platform, following the principle of least privilege. Administrative access to production systems is restricted, logged, and subject to multi-factor authentication.

Further details on security measures, including incident response procedures and penetration testing, are available at /edu/compliance/security.

Data retention

Retention periods are configurable per institution. The defaults below represent the shortest periods that balance operational requirements with data minimisation:

  • Raw conversation data (transcripts and individual scores): retained for 2 years after the end of the relevant course or academic period. Institutions may configure shorter or longer retention periods based on their own policies and legal requirements.
  • Aggregated reports (programme-level and institution-level summaries): retained for a minimum of 6 years to support accreditation review cycles. These reports contain no directly identifiable personal data.
  • Voice recordings: deleted after transcription is complete unless the institution opts for longer retention (for example, for transcription quality assurance).
  • System logs: retained for 90 days for security monitoring and incident investigation. Logs are automatically purged after this period.
  • On contract termination: Koji provides a full data export to the institution upon request. All personal data, including data in backups, is permanently deleted within 30 days of the export or the end of the contract, whichever is later. A deletion confirmation certificate is provided.

Your rights

Under the General Data Protection Regulation and the Dutch Uitvoeringswet AVG, you have the following rights in relation to your personal data:

  • Right of access (Article 15): you may request a copy of the personal data held about you, including transcripts, scores, and timestamps.
  • Right to rectification (Article 16): you may request correction of inaccurate personal data.
  • Right to erasure (Article 17): you may request deletion of your personal data, subject to applicable legal retention obligations.
  • Right to restriction of processing (Article 18): you may request that processing of your data be restricted under certain circumstances.
  • Right to data portability (Article 20): you may request your data in a structured, commonly used, and machine-readable format.
  • Right to object (Article 21): you may object to processing of your personal data where the lawful basis is public interest or legitimate interests.

How to exercise your rights: because the university is the data controller, requests should be directed to your institution's data protection officer or designated privacy contact. The university may involve Koji to fulfil requests technically. Koji commits to actioning verified data subject requests within 72 hours of receiving the controller's instruction.

You also have the right to lodge a complaint with a supervisory authority. In the Netherlands, the competent authority is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

International transfers

All personal data processed through Koji for Education is stored and processed within the European Union. No personal data is transferred outside the European Economic Area as part of standard platform operation.

In the event that a transfer outside the EEA becomes necessary (for example, due to a specific sub-processor or support tool), such a transfer will only proceed with the explicit prior approval of the controller (the university) and with appropriate safeguards in place, including Standard Contractual Clauses adopted by the European Commission and supplementary technical measures where required.

Cookies and tracking

Koji for Education uses a minimal set of cookies, limited to those strictly necessary for platform operation:

  • Session cookies: used to maintain authentication state during a user's session. These cookies expire when the session ends or after a defined inactivity period.
  • Anonymised analytics: page views and usage patterns are collected without personally identifiable information, for the purpose of monitoring platform performance and availability.

Koji does not use advertising cookies, marketing cookies, or cross-site tracking technologies. No data is shared with advertising networks or analytics platforms that operate outside the institution's control.

Children

Koji for Education is designed for use in higher education settings. Users of the platform are typically students, instructors, and staff aged 18 and over. The platform is not intended for use by children under the age of 16. If an institution enrols students under 16, the institution is responsible for ensuring that appropriate parental or guardian consent is obtained in accordance with Article 8 GDPR and applicable national law.

Changes to this policy

Koji may update this privacy policy from time to time to reflect changes in the platform, applicable law, or regulatory guidance. When we make material changes, we notify the controller institution in writing (typically by email to the designated privacy contact) before the changes take effect.

Non-material changes, such as clarifications or formatting updates, may be made without prior notification. The "Last updated" date at the top of this page indicates when the policy was most recently revised. We encourage periodic review of this page.

Contact

For questions about this privacy policy or about how personal data is processed through Koji for Education, please contact:

  • Koji B.V., compliance@koji.so
  • Data Protection Officer, dpo@koji.so

If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Dutch supervisory authority: