Introduction
We at NOLEJ care about the privacy and protection of personal data. We strive to be transparent in our data collection practices while providing you with a service that you love and trust.
This Privacy Policy explains how we collect, use, protect and share personal data about you, and also when and how you can control what we collect and do with it.
Our Privacy Policy applies to the data collected through products and services provided by NEURONYS SAS, which is the entity responsible for processing the Personal Data, with its headquarter located at 99 A Boulevard Constantin Descat, 59200 Tourcoing, France, SIREN 840299580 and its affiliates, (together, “NOLEJ” or “We”), which includes our websites, apps, and all other NOLEJ’s-branded software and services (collectively, our “Services”). For any question in relation to our Privacy Policy you can send an email to info@nolej.io.
1. What Personal Data can NOLEJ collect?
“Personal Data” is information that NOLEJ collect that: may identify you as an individual or is defined as such under applicable laws or regulations. If you create an account with NOLEJ, and/or use our Services or communicate with us, we may collect the following Personal Data:
• Name
• Email address
• Username
• Password
• Personal Data included in the files you upload on the Services
• Any other personal data that you authorize us to collect or provide to us
We also collect, most of the time automatically, other information that is not Personal Data but we may link to Personal Data about you:
• Logs sent by your browser when you visit our Services
• Usage Statistics (what, where, when, how you are using our Services)
• Debugging Information (logs, metadata, or other information about your devices, media, and experiences for the purpose of resolving an issue you may have with the software or suggesting desired features)
• Device Information (operating system, version of the device/browser used to access the services, versions of NOLEJ being used)
• Cookies used to operate and administer our Services and improve your experience.
2. How NOLEJ use Personal Data
We May store, process and use your Personal Information for the following purposes:
• To provide, administer, maintain, improve and/or analyze the Services;
• To conduct research and develop new programs and services;
• To communicate with you and respond to your requests to customer support;
• To facilitate your payment for any product or services that we sell
• To personalize our marketing or recommendations and other content and/or experiences delivered to you through the Services
• To prevent fraud, criminal activity, or misuses of our Services, and to ensure the security of our IT systems, architecture, and networks; and
• To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
NOLEJ may obtain Personal Data called restricted scope data from Google APIs These restricted scope data will never be used for to serve you advertisements, nor they will be read by NOLEJ employees, except if: a) NOLEJ employee has obtain you consent to that effect, or b) it’s necessary for security purposes, or c) to comply with applicable laws, or d) such data are aggregated and anonymized. NOLEJ Services complies with the Google API Services User Data Policy, including the Limited Use requirements. NOLEJ use and transfer to any other application of Persona Data received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use Requirements.
2.1. Google Classroom & Google Sign‑In (OAuth)
Nolej integrates with Google to let teachers and students access Nolej learning activities directly from Google Classroom, to sign in with their existing Google account, and to pass grades back to assignments automatically. This section explains exactly what Google data Nolej accesses, why, how long we keep it, and how you can revoke it.
1. Information we access
When a teacher or student authenticates with Google, Nolej requests only the following OAuth scopes:
| Scope |
Why we need it |
openid, .../auth/userinfo.email, .../auth/userinfo.profile |
Identify the user (Google account ID, email address, name, profile picture) so we can match them to their school/organization and create or sign in to their Nolej account. |
.../auth/classroom.addons.teacher (teachers) |
Create and manage the Nolej activity attachment on a Classroom assignment, read the student submission, and write the grade earned back to that assignment. |
.../auth/classroom.addons.student (students) |
Open the Nolej activity attached to the assignment and report the score earned on that single attachment. |
We do not request access to your full Classroom roster, course lists, emails, Google Drive files, or any data beyond the specific add-on attachment the user is interacting with.
From Google we store, per teacher:
- the Google user identifier, email, name and profile picture URL;
- OAuth tokens (an access token and a refresh token) needed to perform automatic grade pass-back;
- a mapping between the Classroom assignment/attachment and the teacher who created it.
For students, no Google data is stored on our servers — the session exists only for the duration of the activity.
2. How we use it
This data is used solely to:
- authenticate the user and provision or sign in to their Nolej account;
- attach a Nolej activity to a Google Classroom assignment;
- read a student's submission and write the points earned back to that assignment (automatic grade pass-back).
3. Limited Use disclosure (Google API Services User Data Policy)
Nolej's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we:
- use Google user data only to provide and improve the features described above;
- do not sell Google user data;
- do not use or transfer it for advertising, ad personalization, or any unrelated purpose;
- do not allow humans to read this data unless we have your explicit consent, it is necessary for security purposes (e.g. investigating abuse), to comply with applicable law, or the data is aggregated and anonymized.
4. Storage and security
OAuth tokens are encrypted at rest using AES-256-GCM with a key dedicated to the Google integration, and are stored on infrastructure located in France (European Union). Tokens are only ever transmitted over encrypted (HTTPS/TLS) connections.
5. Revocation and deletion
You can disconnect Nolej at any time:
- from within Nolej, using the Disconnect action, which immediately revokes the token at Google and deletes the stored Google credentials and the associated Classroom attachment records; or
- from your Google Account at https://myaccount.google.com/permissions.
When you disconnect or revoke access, we delete the corresponding stored tokens and attachment mappings.
6. Data sharing and contact
We do not sell Google user data and we do not share data obtained through this integration with third parties except as needed to provide the service (e.g. our cloud hosting and database providers acting as processors under contract) or where required by law. Tokens and integration records are retained only while your account is active or until you disconnect the integration, after which they are deleted.
3. How long does NOLEJ store your Personal Data ?
NOLEJ commits to store your Personal Data for a duration which will not exceed the purpose(s) for which they are specifically stored, and always in compliance with the applicable laws and regulations and always in strict compliance with NOLEJ’s legitimate interest. Such duration varies according to the purpose of the treatment, but also according to tax, accounting or legal requirements.
Once the purpose are achieved, your Personal Data will be archived for the duration imposed by applicable laws and regulations, until expiration of such delay, where your personal data will be deleted or anonymized.
Please find below the Personal Data storage duration for each type of purpose :
Account data, usage data, technical data
During the use of the Services + 3 years following account termination
Improve, research, develop and protect the Services
Account data, usage data, technical data
5 years from account creation
Account data, usage data, technical data
Up until user’s opt out, or 3 years from collection of Personal Data
Customer request, Account data, usage data, technical data
For the duration of the treatment of customer request + 3 years from its resolution.
Managing customer payments
Account data, payment data
During the subscription + 15 months following customer payment
Administrative and accounting management
Account data, payment data
During subscription + 10 years
We may also anonymize or de-identify your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, as described above, in which case we may use this information indefinitely without further notice to you.
4. With whom NOLEJ shares your Personal Data
NOLEJ may share Personal Data as follows:
1. With third-party service providers that assist us in providing the Services. These include payment processors, business and analytics providers, content providers, CRM solution providers, marketers, and cloud service providers. All of these third parties are contractually required to only use your Personal Data for the specific purposes of providing the services requested of them.
2. If disclosure is reasonably necessary to (a) satisfy an applicable law, regulation, legal process, or valid governmental request; or (b) protect or defend the safety, rights, or property of NOLEJ, the public, or any person
3. In connection with a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or other proceeding involving NOLEJ that includes or requires the transfer of the Personal Data.
4. To enforce our Terms of Services, and/or to prevent or detect fraud or security threats
5. Except for restricted scope data, with third parties to improve and deliver promotional messages to you on our behalf and on behalf of others, as permitted by applicable law.
5. Your Rights
As part of our relation, you have the following right in relation to your Personal Data which NOLEJ may hold:
1. Access your Personal Data. You can ask us which Personal Data we hold for you, and if they are processed, you can ask us a copy of such Personal Data
2. Delete your Personal Data. Please be aware that we may have to keep those Personal Data as archived copies, although you asked their deletion, as required by laws and regulations. Should we have transmitted your Personal Data to third Parties we will do our best endeavors to request them to delete such Personal Data.
3. Correct or update your Personal Data.
4. Transfer your Personal Data elsewhere.
5. Withdraw your consent to the processing of your Personal Data where we rely on consent as the legal basis for processing. You can withdraw you consent at any time. You can withdraw your consent either through your account profile or through the hyperlink included in all our communication. It is our legitimate interest to send you email on similar products and services than the one you selected. Should you withdraw your consent, it won’t affect administrative message, service announcements and messages on terms and conditions.
6. Object to the processing of your Personal Information where we rely on legitimate interests as the legal basis for processing, and for any direct marketing
7. Restrict the processing of your Personal Information where we rely on legitimate interests as the legal basis for processing.
You can exercise some of these rights through your account settings. Otherwise, you can send an email to info@nolej.io.
6. How we protect your Personal Data
We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or email. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third-party websites.
7. Children
Our Services are not directed to children who are under the age of 13. NOLEJ does not knowingly collect Personal Data from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Information to NOLEJ through the Service, please email us at info@nolej.io. We will investigate any notification and if appropriate, delete the Personal Data.
8. Changes to our Privacy Policy
NOLEJ may amend his Privacy Policy from time to time by posting a revised version on the website, or if an update materially adversely affects your rights or obligations under the Privacy Policy, we will provide notice to you either by emailing the email associated with your account or providing an in-product notification. Changes will become effective no sooner than 14 days after we notify you. All other changes will be effective immediately. Your continued use of the Services after any change means you agree to such change.
