1. Data Security
AlgoSuite is built on Google Cloud Platform (GCP) and Firebase, which provide enterprise-grade infrastructure with continuous security monitoring and compliance certifications including SOC 2, ISO 27001, and FedRAMP.
- Encryption in transit: All data transmitted between your browser and AlgoSuite is encrypted using TLS 1.2 or higher.
- Encryption at rest: All stored data is encrypted at rest using AES-256.
- Secret management: API keys and sensitive credentials are stored in Firebase Secret Manager and Google Cloud Secret Manager — never in source code or environment files accessible to client applications.
- Authentication: User authentication is handled by Firebase Authentication, which supports industry-standard protocols and multi-factor authentication.
- Access controls: Firestore security rules enforce per-user data isolation. No user can access another user's data.
2. What We Collect & Store
We collect only what is necessary to provide and improve the AlgoSuite service.
Account information: Email address, display name, and authentication provider (Google, email/password). This is required to maintain your account and session.
Analysis results & conversation history: When you submit prompts and receive AI responses, those results may be stored to support history, replay, and export features. You control this data and can delete it at any time.
Usage metrics: Aggregate, non-identifying usage data (feature usage counts, session durations, error rates) to improve the product. This data is never linked to your identity in analytics systems.
AlgoTeacher — client-side processing: AlgoTeacher's Layer 1 analysis (e.g., assignment matching and initial scoring) runs client-side in your browser. This data is not transmitted to AlgoSuite servers unless you explicitly save or submit results.
AlgoCode — local workspace: AlgoCode stores your code files and workspace state locally in your browser (IndexedDB / localStorage). This data does not leave your device unless you explicitly use a sync or export feature.
We do not collect biometric data, precise location, contacts, or any sensitive personal information beyond what is described above.
3. AI Providers & Sub-processors
AlgoSuite routes your prompts to one or more AI model providers depending on the feature you use. Each provider processes your prompt to generate a response. We have confirmed with each provider that submitted data is not used to train their models under our enterprise/API agreements.
| Provider | Model(s) | Data Region | Training Use |
|---|---|---|---|
| Google DeepMind | Gemini family | US | No |
| OpenAI | GPT family | US | No |
| Anthropic | Claude family | US | No |
| xAI | Grok family | US | No |
| DeepSeek | DeepSeek family | China | No |
| Moonshot AI | Kimi family | China | No |
| Mistral AI | Mistral family | EU | No |
| Perplexity AI | Perplexity family | US | No |
| Cohere | Command family | US / Canada | No |
Note on DeepSeek and Moonshot Kimi: These providers are based in China and data submitted to them may be processed on servers subject to Chinese data regulations. If data sovereignty is a requirement for your institution, we recommend avoiding these providers or using your own API keys with data-residency agreements in place.
When you use your own API keys, your data flows directly from AlgoSuite's Cloud Functions to the provider under your own account's terms of service.
4. No Advertising, No Profiling, No Data Sales
- We do not display third-party advertising on AlgoSuite.
- We do not build behavioral profiles of users for marketing or advertising purposes.
- We do not sell, rent, or trade your personal data or your students' data to any third party.
- We do not use student data for any purpose other than providing the educational service.
- We do not use student data to target advertising to students or their parents.
5. State Privacy Law Compliance
California SOPIPA (SB 1177): AlgoSuite complies with the Student Online Personal Information Protection Act. We do not use student data for targeted advertising, create student profiles for non-educational purposes, sell student information, or disclose student data to third parties except as required to provide the service.
California AB 1584 (Education Code § 49073.1): Pupils retain ownership of their data. AlgoSuite will not use pupil data for any purpose not related to the K-12 school purpose. Schools may access, correct, or delete pupil data upon request.
New York Education Law 2-d and 8 NYCRR Part 121: AlgoSuite is committed to compliance with New York's student data privacy requirements. Educational agencies retain ownership of student data. We maintain a data security program consistent with industry standards and will notify schools of any breach involving student data within 48 hours of discovery.
NY SHIELD Act: AlgoSuite implements reasonable safeguards to protect the private information of New York residents, consistent with the requirements of the Stop Hacks and Improve Electronic Data Security Act.
CCPA / CPRA (California): California residents have the right to know what personal information we collect, the right to delete personal information, the right to opt-out of sale (we do not sell data), and the right to non-discrimination for exercising these rights. To exercise your rights, contact support@algosuite.ai.
FERPA: When AlgoSuite is used by schools that have enabled FERPA mode, we act as a "school official" with a legitimate educational interest as defined under FERPA. Educational records are processed solely for the purposes authorized by the institution. Schools retain full ownership and control over student education records.
6. Data Retention & Deletion
You are in control of your data. You can delete individual conversations, results, and saved content at any time from within the AlgoSuite interface.
When you delete your account, all personal data associated with your account — including conversation history, analysis results, and account information — is permanently deleted from our systems within 30 days.
For institutional accounts, schools may request deletion of all student data associated with their institution. We will fulfill verified deletion requests within 30 days.
To request account deletion or a full data export, contact us at support@algosuite.ai.
7. Contact
For privacy inquiries, data requests, or to report a security concern, please contact us at:
We aim to respond to all privacy-related inquiries within 5 business days.