Privacy Policy
Applies to: LightleapAI™ web and mobile applications
Age Requirement. LightleapAI is intended for users 18 years of age or older. By creating an account or using our services, you represent and warrant that you are at least 18 years old. Persons under 18 do not have legal capacity to enter into a binding contract with N2N Services and may not use LightleapAI. If we learn that a user is under 18, we will promptly delete their account and any associated data.
1. Who We Are and How to Reach Us
LightleapAI™ is an AI-powered platform for higher education institutions, operated by N2N Services, Inc. ("N2N," "we," "us," or "our"), a SaaS company headquartered in the United States. This Privacy Policy explains how we collect, use, share, and protect personal information when you use LightleapAI through our web application or mobile app (collectively, the "Services").
Questions, requests, or concerns about your privacy may be directed to our Chief Privacy Officer at privacy@n2nservices.com or in writing to N2N Services, Inc., Attn: Privacy Officer. We will acknowledge requests within five business days and respond within the timeframe required by applicable law.
2. Scope and Who This Policy Covers
This policy applies to all individuals who interact with LightleapAI directly — including students, staff, faculty, and administrators at our institutional clients ("Users"). It also applies to visitors to the LightleapAI website and to our mobile application.
Institutional deployment. LightleapAI is typically deployed by a higher education institution (your college or university). When the institution provisions your access, the institution is the data controller for your educational records and institutional data, and N2N acts as a data processor under that institution's direction. Please also review your institution's own privacy notice for information about how it handles your data.
No payment collection. LightleapAI does not collect payment card information or process financial transactions directly from users. Billing between N2N and institutions is handled separately under institutional agreements.
3. Data We Collect
The data we collect depends on how you use LightleapAI. We describe the categories below.
3.1 Information You Provide Directly
- Account information: your name, email address, and any profile information you provide when your account is created.
- Identity verification data (when applicable): full name, date of birth, government-issued identification number or image, and residential address. This data is collected only when identity verification is required by your institution or applicable law.
- Conversation content: prompts, questions, instructions, and any text or files you submit to the AI assistant during a session.
- Uploaded files: documents, images, spreadsheets, or other content you voluntarily upload during a session to complete a requested task.
- Support communications: messages you send to our support or privacy team.
3.2 Information Collected Automatically
- Device and connection data: device type, operating system, browser type, IP address, and mobile network information.
- Usage data: pages viewed, features used, session timestamps, and interaction logs.
- Cookies and similar technologies: session identifiers and preference cookies. You may manage cookies through your browser settings. Disabling cookies may limit some features.
- Log and error data: technical logs generated when errors occur, to support debugging and service reliability.
3.3 Information Received from Third Parties
- Identity verification providers (Socure and IDology/GBG). When identity verification is performed, our verification partners process your identification data and return a verification result to LightleapAI. See Section 5 for details.
- Your institution. Your institution may provide enrollment data, role assignments, or other information to LightleapAI through our integration with Student Information Systems (SIS) such as Ellucian Banner, Workday, Anthology, and others.
- App store age signals (mobile). If you access LightleapAI through the mobile app, Google Play may provide an age category signal (adult, older teen, younger teen, or child) to confirm eligibility. LightleapAI uses this signal solely to enforce the 18+ access requirement and deletes it after verification is complete, consistent with Texas SB 2420 and similar laws.
4. How We Use Your Data
We use personal data only for the purposes described below. We do not use your data to train AI models without explicit institutional agreement, and we do not use it for targeted advertising.
| Purpose | Data Used |
|---|---|
| Provide and operate the LightleapAI Services | Account info, conversation content, usage data |
| Identity verification and fraud prevention | Identity data, verification provider results, device metadata |
| Fulfill tasks requested through the AI assistant | Conversation content, uploaded files |
| Maintain security and prevent misuse | Usage data, log data, device data |
| Comply with legal obligations (FERPA, SB 2420, etc.) | As required by applicable law |
| Respond to support and privacy requests | Communications, account info |
| Improve service reliability and fix errors | Log and error data (non-personally identifying where possible) |
| App store age verification compliance | Age category signal (deleted after use) |
No model training on your content. Content you submit to the AI assistant (conversations and uploaded files) is not used to train or fine-tune AI models unless N2N has entered into a separate written data-use agreement with your institution that explicitly permits this.
5. Identity Verification Providers
LightleapAI uses third-party identity verification services to validate user identity for institutions that require it. Our current providers are:
- Socure, Inc. — primary verification provider. Socure's privacy practices are described in the Socure Global Privacy Policy.
- IDology (GBG) — supplemental verification provider. IDology's privacy practices are described in the GBG / IDology Privacy Policy.
These providers are contractually obligated to use your identification data solely to perform verification services on N2N's behalf and may not use it for any other purpose. Verification data is not used to build commercial profiles, is not sold, and is not shared with advertisers.
Although we do not identify verification providers during the in-app verification flow, we disclose them in this policy and will confirm them upon request at privacy@n2nservices.com.
6. How We Share Your Data
N2N does not sell your personal information. We do not share it for cross-context behavioral advertising. We share personal data only in the following circumstances:
- With your institution. Verification results, access logs, and fraud signals are shared with the institution that deployed LightleapAI, consistent with the institution's data processing agreement with N2N.
- With verification providers. Identity data is transmitted to Socure and/or IDology solely to perform the verification request. See Section 5.
- With infrastructure and service providers. We use cloud infrastructure, security monitoring, and support-ticketing services. These vendors process data only under written agreements that restrict use to performing services on our behalf.
- As required by law. We may disclose personal data to comply with a legal obligation, respond to lawful process, enforce our terms, or protect the safety of any person.
- In a corporate transaction. If N2N is involved in a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction, subject to customary confidentiality protections.
- With your consent. We may share data for other purposes if you explicitly authorize us to do so.
7. AI Context Governance and ICCP
LightleapAI governs how personal and institutional data flows to AI systems through the Integrated Context Control Protocol (ICCP). ICCP is N2N's open specification for institutional-grade AI context authorization.
Under ICCP, AI systems receive only the context necessary for a specific request, scoped to the authenticated user's role and applicable institutional policies. Key principles include:
- Institutional control: the institution — not the AI vendor — determines what data the AI system may access.
- Least privilege: AI context is limited by time-to-live (TTL) and resource scope.
- Auditability: invocations are logged with identity, model, resources accessed, and policy decisions.
For the full technical specification, visit lightleapai.com/iccp.
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law or institutional agreement.
| Data Type | Retention Period |
|---|---|
| Conversation content and uploaded files | 90 days from session, unless institution agreement specifies otherwise |
| Identity verification records | Per institutional data processing agreement; minimum required for fraud monitoring and audit |
| App store age category signal | Deleted immediately after eligibility check |
| Account information | Duration of active account, plus 30 days after account closure |
| Log and error data | Rolling 12 months |
| Support communications | 3 years from last contact |
You may request deletion of your LightleapAI data at any time by contacting privacy@lightleap.ai. Requests involving data held under an institutional agreement will be coordinated with your institution.
9. Security
N2N implements technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. Our controls include:
- Encryption in transit (TLS) and at rest for all personal data.
- Role-based access controls limiting data access to personnel who require it.
- NIST IAL2 / NIST 800-63 alignment for identity verification workflows.
- Independent audits conducted under SOC 2 security assessment frameworks.
- Incident response procedures with notification timelines consistent with applicable law.
No system is completely secure. If you believe your account has been compromised, contact us immediately at privacy@n2nservices.com.
10. Your Privacy Rights
Depending on where you live, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@n2nservices.com. We will respond within the timeframe required by the applicable law (generally 30–45 days) and will not discriminate against you for exercising your rights.
10.1 Rights Available to All Users
- Access. Request a copy of the personal data N2N holds about you.
- Correction. Request that we correct inaccurate personal data.
- Deletion. Request deletion of your personal data, subject to legal or institutional retention obligations.
- Opt-out of non-essential uses. You may opt out of non-essential processing at any time.
10.2 California Residents (CCPA / CPRA)
If you are a California resident whose personal data is collected by N2N in the course of commercial activity, you have additional rights under the California Consumer Privacy Act (Cal. Civ. Code §1798.100 et seq.) and CPRA amendments:
- Right to Know. Request disclosure of the categories and specific pieces of personal information collected about you, including sources, purposes, and third parties with whom it is shared.
- Right to Delete. Request deletion of personal information N2N has collected from you, subject to legal exceptions.
- Right to Correct. Request correction of inaccurate personal information.
- Right to Opt-Out of Sale or Sharing. N2N does not sell personal information and does not share it for cross-context behavioral advertising. No opt-out action is required; you may contact us to confirm our practices.
- Right to Limit Use of Sensitive Personal Information. N2N uses sensitive personal information (government-issued ID) only for identity verification. You may direct us to limit use to this purpose only.
- Right to Non-Discrimination. N2N will not deny services or treat you differently for exercising your CCPA/CPRA rights.
Requests may be submitted to privacy@n2nservices.com. We will respond within 45 days, with a 45-day extension available upon notice.
10.3 Canadian Residents
If you are located in Canada, N2N processes your personal data in accordance with PIPEDA and, where applicable, Quebec Law 25, Ontario FIPPA, and provincial PIPA laws. You have rights of access, correction, and withdrawal of consent. Quebec residents additionally have rights of data portability and de-indexing. Requests are processed within 30 days. Unresolved complaints may be referred to the Office of the Privacy Commissioner of Canada or, for Quebec residents, the Commission d'accès à l'information (CAI).
10.4 EU / EEA and UK Residents
N2N acts as a data processor for institutional clients under GDPR. The institution is the data controller for personal data processed on its behalf. For GDPR purposes, N2N's CISO serves as Data Protection Officer. Data transfers outside the EEA are conducted under Standard Contractual Clauses or applicable adequacy decisions. Contact privacy@n2nservices.com to exercise GDPR rights or contact your institution's DPA.
11. Age Verification and Minors
LightleapAI is for users 18 and older. Persons under 18 may not create an account or use the Services. By using LightleapAI, you affirm that you are at least 18 years of age. Minors lack legal capacity to enter into a binding contract with N2N Services under applicable law.
Mobile app age verification (Texas SB 2420 and similar laws). For users accessing LightleapAI through the mobile app in jurisdictions subject to app store age verification requirements (including Texas SB 2420, Utah's App Store Accountability Act, and Louisiana's similar law), the applicable app store (Google Play or Apple App Store) may provide an age category signal to LightleapAI. N2N uses this signal solely to confirm you are 18 or older and to deny access to users confirmed as minors. The age signal is deleted after this check is complete and is not used for any other purpose.
If you believe a minor has gained access to LightleapAI, please contact us immediately at privacy@n2nservices.com.
12. Student Records and FERPA
When LightleapAI processes student education records on behalf of an institution, it does so as a "school official" with a legitimate educational interest under the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. §1232g. N2N does not disclose student education records to third parties except as permitted by FERPA or as directed by the institution. Students seeking access to their education records should contact their institution directly.
13. Cross-Border Data Transfers
LightleapAI is operated by N2N Services, Inc. in the United States. If you are located outside the United States, your personal data will be transferred to and processed in the U.S., which may have different privacy protections than your home country.
For transfers from Canada, N2N implements written data processing agreements and, for Quebec, conducts Privacy Impact Assessments before transferring personal data outside Quebec. For transfers from the EEA or UK, N2N relies on Standard Contractual Clauses or applicable adequacy decisions.
14. Changes to This Policy
N2N may update this Privacy Policy from time to time. Material changes will be communicated by updating the Effective Date at the top of this policy and, where required by law, by direct notification to affected users or institutions. We encourage you to review this policy periodically. Continued use of LightleapAI after an update constitutes acceptance of the revised policy.
15. Related Documents and Links
- ICCP Specification — Integrated Context Control Protocol for institutional AI context governance
- Socure Global Privacy Policy — Primary identity verification provider
- GBG / IDology Privacy Policy — Supplemental identity verification provider
- LightleapAI Terms of Service — Terms governing use of LightleapAI
Revision History
| Version | Effective Date | Summary of Changes |
|---|---|---|
| 2.2-LLAI | June 1, 2026 | New public consumer-facing policy for LightleapAI. Explicit 18+ age requirement; SB 2420 / app store age verification; Socure and IDology disclosed by name; AI context / ICCP section; FERPA section; no-payment-collection statement; consumer rights expanded for CCPA, Canadian, and GDPR users; plain-language rewrite. |
LightleapAI™ is a product of N2N Services, Inc. | privacy@n2nservices.com | lightleapai.com
Take the First Step, Get Started Today.
Take Control. Create Opportunities. Reimagine Tomorrow...Today!