Privacy Policy — RedEye Labs
Policy Version: v0.1-staging (draft) Effective Date (draft): TBD — will be set at v1.0 public launch Last Updated: 2026-04-17
This Privacy Policy explains how RedEye Networks Solutions, LLC ("RedEye Networks," "RedEye," "we," "us," or "our") — operating the RedEye Labs brand — handles personal information in connection with our AI literacy classes and the RedEye Labs learning platform at https://ailearning.redeyelabs.ai (the "Service").
Protecting the privacy of your personal information is very important to us. If you do not agree with the practices described here, please do not use the Service.
We do not sell your personal information. We do not share it for third-party marketing. We collect the minimum we need to deliver a high-quality class and we purge it on a tight schedule after the class ends.
1. Who We Are
RedEye Networks Solutions, LLC ("RedEye Networks") is a Limited Liability Company registered in the United States, operating the RedEye Labs sub-brand for AI training services. Our mailing address is:
RedEye Networks Solutions LLC 18014 N 50th Place Scottsdale, AZ 85254 United States of America
For privacy questions or to exercise any rights described in §9 below, contact us at privacy@redeyelabs.ai (for LMS-specific matters) or info@redeyenetworks.com (general).
2. Scope
This Privacy Policy applies to the RedEye Labs LMS at ailearning.redeyelabs.ai and related class-delivery services. It does not cover:
- The
redeyenetworks.comwebsite or MSSP services — those are governed by the separate RedEye Networks Privacy Policy at https://redeyenetworks.com/privacy-policy. - Third-party services you use in connection with a class (e.g., your Claude account, your Microsoft Copilot account). Those are governed by their respective providers' policies.
3. What We Collect
We collect different information depending on your role.
3.1 Class Instructors and Administrators
- Name and email address
- Account credentials (password hash and TOTP multi-factor authentication secret)
- Session metadata (IP address, browser user-agent, login timestamps)
- Actions taken in the platform (for audit purposes)
3.2 Students (Class Participants)
When you enroll in a RedEye Labs class, we collect:
- Always: email address, full name, your preferred language for class materials
- Consent confirmations: that you are 16 years of age or older; that you accept this Privacy Policy and our Terms of Service; that you consent to AI generating personalized class materials using the inputs you provide
- For private (customer-specific) classes only: your job title
- Personalization information you choose to provide — such as your role type (professional, job seeker, student/learner, hobbyist), a short description of your job or target role, your favorite subjects or potential careers (for student-learners), your hobbies, your goals for the class, and the software or SaaS tools you use regularly
- Resume (optional): if you upload one, we use it only to personalize your class lab guide and we hard-delete it within 24 hours after the class ends
- Attendance signal: whether your lab guide was generated (our proxy for in-class engagement)
3.3 Everyone Who Visits the Site
- Minimal technical information needed to deliver the site securely (for example, session cookies and network-level logs with IP addresses for rate limiting and abuse prevention)
- Limited behavioral analytics via our infrastructure provider, used solely to monitor Service performance and security — not for advertising or re-targeting
We do not run third-party analytics (no Google Analytics, no Segment, no Hotjar, no advertising pixels) on the student-facing LMS in v1.
4. Why We Collect It
We collect this information to:
- Deliver the class you enrolled in (scheduling, communications, generating your personalized lab guide)
- Create a learning artifact personalized to your role, goals, and tools
- Issue an attendance certificate if you completed the class
- Process payment for paid classes (via Stripe — we never store your card number)
- Meet our legal obligations (e.g., maintaining accurate consent records)
- Operate the Service securely (authentication, abuse prevention, audit logging)
Legal bases (for people whose privacy is protected by the EU GDPR, UK GDPR, California CCPA, or similar regimes):
- Consent — for AI-driven personalization and for resume processing
- Performance of a contract — to deliver the class you enrolled in
- Legitimate interests — to operate the Service securely and maintain audit logs
5. How Long We Keep It
We believe in data minimization. Our retention schedule is tight:
| Data | Retention | Why this long |
|---|---|---|
| Your uploaded resume file | Hard-deleted within 24 hours after class ends | Only used for lab-guide personalization; not kept beyond that purpose |
| Intake personalization (hobbies, goals, role details, tools used, resume text extracted from the file, etc.) | Hard-deleted within 24 hours after class ends | Same |
| Your email, full name, class enrollment record, attendance status, lab-generation timestamp | Retained indefinitely | To let you retrieve your lab guide within 30 days and for minimal business records |
| The lab guide artifact we generated for you | 30 days after the class ends, retrievable by you via email magic link | So you can download it at your convenience; after 30 days it is hard-deleted |
| Consent records (which policies you accepted, when, from what IP) | Retained indefinitely | Required to evidence lawful processing |
| Payment records | Retained per applicable tax and accounting law (typically 7 years) | Legal obligation |
| Audit logs (who did what, when) | Retained indefinitely | Security and accountability |
| Instructor / administrator accounts | Retained while the account is active; deleted or deactivated on request |
If you request deletion of your data under §9, we act within 72 hours and remove everything except records we are legally required to retain (consent records and payment history, which remain but no longer identify you beyond what is legally necessary).
6. Who We Share It With
We do not sell your personal information. We do not share it for third-party marketing. We share only with a limited set of service providers ("sub-processors") who help us deliver the class:
| Sub-processor | What they receive | Why |
|---|---|---|
| Microsoft (Azure) | All service data at rest and in transit (Azure hosting, PostgreSQL, Blob Storage, Service Bus, Key Vault, Microsoft Graph for email + Teams) | Primary cloud platform + email/calendar/Teams infrastructure |
| Anthropic | Your name, intake personalization, and (if uploaded) resume content — used to generate your lab guide | Primary AI provider for most classes |
| Other AI providers (e.g., OpenAI, Google, xAI, Microsoft Copilot) | Only used if the class you enrolled in is configured for a different provider; we redact your resume content and name before submission to any non-Anthropic provider | Per-class provider choice at the instructor's discretion |
| Stripe | Payment details (card number flows directly from you to Stripe; we never see it), amount, currency, billing email | Payment processing for paid classes |
| GitHub | Only aggregate service metadata (deployment events, commit metadata) — no student personal information | Source control and deployment |
We may disclose information if required by law, court order, or to protect the rights, safety, or property of RedEye, our users, or others. Where disclosure is subject to a lawful-process obligation, we will notify you unless prohibited by law.
7. AI-Generated Content — Important Disclosure
The RedEye Labs class experience relies on large language models (LLMs) — primarily Anthropic's Claude — to generate personalized lab guides and class materials. You should know:
- Your inputs (intake, resume, free-text fields) are sent to the AI provider to generate your lab guide.
- The AI may make mistakes. While we apply a second-LLM quality review pass to catch obvious errors, AI-generated content can contain factual errors, outdated information, or "hallucinations." Do not rely on AI-generated content for legal, medical, financial, or other consequential advice without independent verification.
- Our generation is grounded in your inputs; if your inputs contain instructions intended to manipulate the model (so-called "prompt injection"), we have technical defenses but none are perfect.
- By enrolling, you consent to this AI-driven processing of your inputs for the specific purpose of generating your lab guide. You can decline the resume upload step and still participate.
8. Cookies and Similar Technologies
We use the minimum cookies needed to run the site securely. Specifically:
- Session cookies for authenticated users (instructors, administrators) — to keep you signed in
- Student portal cookies (class-scoped, short-lived) after you redeem your class token
- Retrieval cookies (30-minute, scoped to
/lab-guide) after you click the email magic link to access your saved lab guides - CSRF / security cookies to prevent common web attacks
We do not use advertising cookies, cross-site tracking cookies, or analytics cookies on the student-facing surface.
For visitors in the EU or California, a cookie banner will be displayed at first visit with the option to accept the essential cookies we need.
9. Your Rights and Choices
You have the following rights regarding your personal information:
- Access — you can request a copy of the personal information we hold about you
- Correction — you can ask us to fix information that is inaccurate
- Deletion — you can ask us to delete your personal information; we will act within 72 hours and comply except where we are legally required to retain specific records
- Portability — you can request an export of your lab guide and enrollment records in a machine-readable format
- Withdraw consent — for processing that depends on your consent (such as AI-driven personalization), you can withdraw at any time; this will not affect prior lawful processing
For students, the fastest way to exercise any of these rights:
- Visit
https://ailearning.redeyelabs.ai/lab-guide/retrieve - Enter the email address you used when you enrolled
- Click the magic link we send you
- On the resulting page, use the appropriate action button:
- "Download my lab guides" — immediate in-browser download of any retained lab guides (HTML + PDF) associated with this email
- "Export my data" — request a ZIP archive containing all personal data we hold about you (enrollment records, consent records, payment history, redacted prompt history if any, lab guide + certificate PDFs). Delivered via a fresh email link within 72 hours of the request. Satisfies GDPR Article 15 (Access) + Article 20 (Portability).
- "Delete my data" — queues a deletion job with a 24-hour cancellation window. Within that window, you receive a confirmation email; if you don't cancel, deletion completes at T+24h. Deletion removes all personal data except records we must retain by law (consent records and payment history, which remain de-linked from identifying fields).
You can also email privacy@redeyelabs.ai with any request. We may ask you to verify your email before acting.
9.1 California Residents (CCPA / CalOPPA)
California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, used, and shared; the right to delete; and the right to opt out of the sale of personal information. We do not sell your personal information in any sense of that term.
In compliance with the California Online Privacy Protection Act (CalOPPA):
- This Privacy Policy is linked from our home page with the word "Privacy"
- Types of personal information collected and shared are listed under §3 and §6
- Guidance on policy updates is in §13
- Effective date is at the top of this document
- Users can request changes or deletion per §9
- Our Do Not Track stance is described in §10
9.2 European Residents (GDPR)
If you are in the EU, UK, or any jurisdiction with equivalent protections, you have additional rights including the right to lodge a complaint with a supervisory authority. Our legal bases for processing are described in §4.
10. Do Not Track
Some browsers support a "Do Not Track" signal. Because the providers of these signals do not operate under an industry-accepted standard, we currently do not respond to them. We do not modify your experience or the personal information we collect based on whether this preference is enabled. We recognize this may change as industry standards evolve.
11. Children's Privacy
The Service is restricted to users who are 16 years of age or older. We collect a self-affirmation to this effect at intake. The Service is not intended for, and should not be used by, anyone under 16.
We do not knowingly collect personal information from anyone under 16. If we learn that we have inadvertently collected information from someone under 16, we will delete it promptly. Parents or legal guardians who believe we have collected such information may contact us at privacy@redeyelabs.ai to request removal.
RedEye Networks' broader company Privacy Policy covers users 13 and above under the Children's Online Privacy Protection Act (COPPA); however, for RedEye Labs Service specifically, we set the minimum age at 16 to reflect the nature of AI-personalized class content and applicable child-safety regulations.
12. Data Protection and Security
We maintain reasonable physical, technical, and procedural safeguards designed to protect personal information, including:
- Encryption in transit (TLS 1.3) and at rest (Microsoft-managed or customer-managed encryption keys depending on data sensitivity)
- Customer-managed encryption keys (CMK) for resume storage
- Access controls (least-privilege, role-based, multi-factor authentication for staff)
- Private network endpoints for sensitive data stores
- Audit logging for all administrative actions
- Regular security review and dependency patching
That said, no method of transmission or electronic storage is fully secure. You acknowledge an inherent risk in providing your personal information over the internet. If you become aware of a security incident affecting the Service, please contact us immediately at privacy@redeyelabs.ai.
In the event of a personal data breach affecting your information, we will notify you within 72 hours of confirming the breach and its scope, in accordance with applicable law.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will:
- Cause a new policy version (e.g., from
v1.0tov1.1) - Trigger a re-consent prompt the next time you interact with the Service in a way that requires consent
- Be reflected in the
Last Updateddate at the top
Every consent you give is tagged with the specific policy version in effect at the time. We retain that record so both of us have an authoritative history.
14. Contact
Questions, requests, or concerns about this Privacy Policy or your personal information:
Email (LMS-specific): privacy@redeyelabs.ai Email (general / parent company): info@redeyenetworks.com Mail: RedEye Networks Solutions LLC 18014 N 50th Place Scottsdale, AZ 85254 United States of America
We acknowledge every good-faith inquiry within five business days.
Appendix A — Sub-Processor List (as of v0.1-staging)
| Sub-processor | Role | Location |
|---|---|---|
| Microsoft Corporation | Cloud hosting, email/Teams/calendar infrastructure, database, storage | United States + global |
| Anthropic PBC | Primary AI generation and QA | United States |
| OpenAI, LLC | Optional AI provider (per-class enable only) | United States |
| Google LLC | Optional AI provider (per-class enable only) | United States |
| Stripe, Inc. | Payment processing (paid classes only; stubbed until launch) | United States |
| GitHub, Inc. | Source control and CI/CD metadata | United States |
| Cloudflare, Inc. | DNS, edge security (WAF), and bot-protection (Turnstile) for the student-facing LMS | United States + global |
We will update this list when sub-processors change. Enterprise customers with a Data Processing Agreement receive advance notification of sub-processor changes per the DPA.
End of Privacy Policy v0.1-staging.