Data handling & subprocessors
Effective June 22, 2026
Template - review required. This document is a starting template generated for this deployment. It is not legal advice and must be reviewed and completed by qualified counsel for your jurisdiction and business before you rely on it.
This page is for security and procurement reviewers. It describes exactly what data flows out of Feynman and to whom, in the hosted deployment.
Data flows
- AI tutor (always on): your message is sent to the language model to generate a reply. In a local deployment this model runs on your own machine; in a hosted deployment it runs on the operator's server (or the model host the operator configures).
- Opt-in web search (only when you click “Search the web”): your query is sent to an external search service; results are filtered to academic domains (.edu and arXiv) before being shown.
- Request handling (hosted only): your IP address and standard request metadata are processed to rate-limit and protect the Service.
Subprocessors
The specific third parties depend on how the operator configures this instance. Operators should keep this list current for their deployment.
- Model host - local Ollama by default (no third party). If the operator points the tutor at a remote model host, that host becomes a subprocessor and must be listed here. [Operator: name it.]
- Search provider - used only for opt-in web search. The default scrapes a public search endpoint; production operators should use a contracted search API and list it here. [Operator: name it.]
- Hosting / CDN provider - the platform the operator deploys to (e.g., their cloud host). [Operator: name it and link its DPA.]
What is not collected
- No accounts, names, or contact details are required to use the tutor.
- No advertising, analytics, or cross-site tracking cookies are set by Feynman.
- User messages are not used to train models by default.
Security controls (summary)
- Strict security headers and a content-security policy on every response.
- Per-client rate limiting and request-size caps on the tutor endpoints.
- Server-side input validation and role coercion so client input cannot override the tutor's safety instructions.
- Layered content moderation (deterministic rules plus an optional model classifier).
