Vendor Management Agreement (VMA)

This Vendor Management Agreement outlines how ClassCraftAI manages third-party services, data-sharing practices, and security measures. By using ClassCraftAI, you agree to the terms regarding third-party service integration essential to the AI-driven functionalities of our platform.

1. Purpose of Third-Party Integration

ClassCraftAI integrates third-party services to deliver enhanced functionality through AI-powered content generation, data processing, and Retrieval-Augmented Generation (RAG) capabilities.

2. Third-Party Vendors and Services Used

ClassCraftAI uses the following third-party services to provide our AI-driven tools:

  • OpenAI API: For educational content generation, lesson plans, and summaries based on client input.
  • FAL.AI: For generating visual assets, including slide images and presentation visuals.
  • Pexels API: For retrieving publicly available images to include in generated content.
  • Microsoft Azure: For secure authentication, tenant management, and user management.
  • Manual Scraping (RAG): Retrieval of publicly available course or unit specifications from accreditation bodies such as SQA.

3. Data Types Collected and Shared

ClassCraftAI transmits only essential data to these services:

  • User Input Data: Text inputs provided by users (e.g., prompts for content creation, names for feedback).
  • Metadata: Limited anonymised metadata used to optimise generation processes in OpenAI and FAL.AI.
  • Public Information: Data such as unit specifications from accreditation websites used in RAG-based resource generation.

Note: No user details are shared with third-party APIs involved in resource generation except for secure user authentication with Microsoft Azure.

4. Data Security and Privacy Measures

We employ the following security practices:

  • Data Minimisation: Only necessary data is transmitted to minimise exposure.
  • Data Encryption: All data sent to third parties is encrypted using HTTPS.
  • Access Control: Strict access control measures limit data access to authorised systems only.
  • Session Management: Authentication data shared with Azure follows secure session management protocols.

5. Vendor Compliance

Each vendor complies with relevant data protection laws and security standards:

  • OpenAI: SOC 2 compliant, with GDPR alignment for EU users.
  • FAL.AI: SOC 2 compliance, ensuring secure data handling.
  • Microsoft Azure: Complies with ISO/IEC 27001, GDPR, and HIPAA for user security and data integrity.

6. Data Retention and Deletion Policies

Data is retained only as long as necessary for processing and deleted or anonymised upon task completion, per each vendor’s policy.

7. Data Breach Notification and Response

In case of a data breach involving third parties, we will notify affected clients within 72 hours and coordinate with the vendors to contain and address the breach.

8. User Consent and Transparency

Users are informed of third-party integrations upon registration, and significant updates to this agreement will be communicated.

9. Modifications to This Agreement

Updates to this Agreement will be posted on this page. We encourage users to review this document regularly for the latest information.

Contact Us

For questions about this Vendor Management Agreement, please contact us at: compliance@classcraft.ai.

Last Updated: 5th November 2024

Accessibility Statement ClassCraftAI Logo