Privacy (GDPR) Policy

Team 28, a student team working on a university project, is committed to protecting your privacy. This policy explains how we collect, use, and store the personal data you provide whilst using our app or interacting with our team.

Contents:

What data do we collect?

Team 28 may collect the following data:

  • Personal identification information (e.g., email address)
  • User interactions with our app (e.g., feature usage, preferences)
  • Technical data (e.g., device type, IP address)
  • Personal academic-related information (e.g., university, course details, and learning style)

How do we collect your data?

We collect data when you:

  • Use or register within our app
  • Provide feedback or report issues via in-app forms or email
  • Interact with our app, which may use cookies or similar technologies

How will we use your data?

Team 28 collects your data to:

  • Provide personalised services to users
  • Provide several main services
  • Improve the functionality and user experience of the app
  • Communicate important updates or respond to feedback
  • Analyse app usage to enhance project development

We will not share your data with third parties outside our project unless:

  • Required by the university for evaluation or compliance
  • Required for the functionality of certain app features that rely on third-party services (such as Google Gemini API, as detailed in the Third-Party Services section)
  • Required by law or regulation

Third-Party Services

Cultiv8 integrates with certain third-party services to provide enhanced features and functionality. This section details how your data may be processed when using these services.

CloudFront Cookies

Some features of our platform are secured via CloudFront signed URLs. These features may use cookies like CloudFront-Policy, CloudFront-Signature, and CloudFront-Key-Pair-Id to authenticate and authorize access to resources. These cookies are essential for secure content delivery and session management.

JWT (JSON Web Token)

We use JWT to securely transmit authentication data and maintain user sessions. This token is stored in your browser as a cookie, and it helps us identify you and provide personalized services across sessions. The JWT is only valid for a certain period, after which you'll need to re-authenticate.

Google Gemini API

Some features of our platform are powered by Google's Gemini API, which is an artificial intelligence service. When you use these AI-enhanced features, please be aware of the following:

  • Data Processing: Any content you submit when using Gemini-powered features (such as prompts, queries, or uploads) may be processed by Google.
  • Improvement of Google Services: As stated in Google's Gemini API Terms of Service, when using their unpaid services (which we use), Google may use the content you submit and any generated responses to "provide, improve, and develop Google products and services and machine learning technologies."
  • Human Review: Google may use human reviewers who may read, annotate, and process your inputs and outputs for quality and product improvement purposes.
  • Sensitive Information: Given the above, you should not submit sensitive, confidential, or personal information when using features powered by Google Gemini API.

By using Cultiv8 features that incorporate Google Gemini API, you acknowledge and consent to these data processing practices. For more information, please refer to Google's Gemini API Terms of Service.

Other Third-Party Services

We may use additional third-party services for hosting, analytics, and other functionality. Each of these services processes data according to their own privacy policies and terms of service.

We make efforts to select reputable third-party service providers and review their privacy and security practices. However, we cannot be held responsible for the privacy practices of these third parties beyond our reasonable control.

How do we store your data?

Team 28 securely stores your data using university-approved tools and services, such as:

  • Secured cloud-hosted services
  • Restricted access to project repositories and databases

Data will be retained for the duration of the project module and deleted upon completion.

Your data protection rights

As a user, you are entitled to the following rights:

  • Right to access: Request a copy of your data
  • Right to rectification: Request corrections to inaccurate data
  • Right to erasure: Request deletion of your data under certain conditions
  • Right to restrict processing: Request limitations on how your data is used
  • Right to object: Object to specific uses of your data
  • Right to data portability: Request transfer of your data to another service

To exercise any of these rights, contact us at the details provided below.

Changes to our privacy policy

Team 28 regularly reviews this privacy policy to ensure compliance and accuracy. This policy will always reflect our current practices. This policy was last updated on 3 May 2025.

How to contact us

If you have questions about this privacy policy or your data, contact one of the team members below:

Contact the appropriate authority

If you wish to report a complaint or feel that Team 28 has not addressed your concern satisfactorily, you may contact the Information Commissioner’s Office (ICO):