Vendor Management Agreement (VMA)

This Vendor Management Agreement outlines how ClassCraftAI manages third-party services, data-sharing practices, and security measures. By using ClassCraftAI, you agree to the terms regarding third-party service integration essential to the AI-driven functionalities of our platform.

1. Purpose of Third-Party Integration

ClassCraftAI integrates third-party services to deliver enhanced functionality through AI-powered content generation, data processing, and Retrieval-Augmented Generation (RAG) capabilities.

2. Third-Party Vendors and Services Used

ClassCraftAI uses the following third-party services to provide our AI-driven tools:

  • Azure OpenAI Service: For educational content generation, lesson plans, and summaries based on client input. All AI processing occurs within Microsoft's European data centers, ensuring UK/EU data residency and enhanced privacy protection for educational institutions.
  • Microsoft Azure: For secure authentication, tenant management, and user management.
  • AI Image Generation Services: For generating visual assets and presentation visuals.
  • Stock Photo APIs: For retrieving publicly available images to include in generated content.
  • Web Data Services: For retrieval of publicly available course specifications from accreditation bodies.

3. Data Types Collected and Shared

ClassCraftAI transmits only essential data to these services:

  • User Input Data: Text inputs provided by users (e.g., prompts for content creation, names for feedback).
  • Metadata: Limited anonymised metadata used to optimise generation processes in OpenAI and FAL.AI.
  • Public Information: Data such as unit specifications from accreditation websites used in RAG-based resource generation.

Note: No user details are shared with third-party APIs involved in resource generation except for secure user authentication with Microsoft Azure.

4. Data Security and Privacy Measures

We employ the following security practices:

  • Data Minimisation: Only necessary data is transmitted to minimise exposure.
  • Data Encryption: All data sent to third parties is encrypted using HTTPS.
  • Access Control: Strict access control measures limit data access to authorised systems only.
  • Session Management: Authentication data shared with Azure follows secure session management protocols.

5. UK/EU Data Residency

All AI content generation is processed through Azure OpenAI Service within Microsoft's European data centers, ensuring that sensitive educational data never leaves the UK/EU region. This provides enhanced privacy protection and regulatory compliance specifically designed for UK educational institutions.

6. Vendor Compliance

Each vendor complies with relevant data protection laws and security standards:

  • Azure OpenAI Service: Operates under Microsoft Azure's comprehensive compliance framework including ISO/IEC 27001, SOC 2, GDPR, and UK data protection standards. All data processing occurs within European data centers, providing enhanced privacy and regulatory compliance for UK educational institutions.
  • AI Image Generation Services: SOC 2 compliant with secure data handling practices.
  • Microsoft Azure: Full compliance with ISO/IEC 27001, GDPR, SOC 2, and UK data protection requirements for authentication and user management services.

7. Data Retention and Deletion Policies

Data is retained only as long as necessary for processing and deleted or anonymised upon task completion, per each vendor’s policy.

8. Data Breach Notification and Response

In case of a data breach involving third parties, we will notify affected clients within 72 hours and coordinate with the vendors to contain and address the breach.

9. User Consent and Transparency

Users are informed of third-party integrations upon registration, and significant updates to this agreement will be communicated.

10. Modifications to This Agreement

Updates to this Agreement will be posted on this page. We encourage users to review this document regularly for the latest information.

Contact Us

For questions about this Vendor Management Agreement, please contact us at: compliance@classcraft.ai.

Last Updated: 20th September 2025

ClassCraftAI Logo
© 2025 ClassCraft AI

Resources

Help Center Make Enquiry About Us

Legal

Privacy Policy Terms of Service Cookies Policy Third-Party Agreement
Sign In
Accessibility Statement ClassCraftAI Logo