Privacy & Data Practices
How Ramenta handles your information — built for trust, designed for medical students.
What is Ramenta?
Ramenta is an AI-powered academic counselor built specifically for Brown Medical School students. It connects to your Google account (Calendar, Gmail, Drive) to give you personalized answers about your schedule, academic policies, deadlines, and resources — all in one place.
Authentication
Ramenta uses Google OAuth 2.0 for sign-in. We never see or store your Google password. Access is restricted to @brown.edu email addresses, plus individually approved accounts.
What Data We Access
| Integration | What We Read | Storage |
|---|
| Calendar |
Event titles, times, locations, meeting links |
In-memory only, per session |
| Gmail |
Subject lines, sender, date, snippet (first ~200 chars) |
In-memory only, per session |
| Drive |
Journal document (append-only writes for journal entries) |
Written to your own Google Drive |
Key principle: Ramenta reads your data at query time and does not bulk-download or permanently store your personal email, calendar, or drive content on our servers.
What We Store
- Account info: Name, email, OAuth tokens (encrypted in transit, stored in a secured database)
- Conversation history: Your questions and AI responses, so you can return to past conversations
- Feedback reports: When you flag an answer, we save the question and response for quality review
- Anonymized usage metrics: Query count, intent classification, response time — no personally identifiable content
What We Do NOT Do
- We do not train AI models on your data
- We do not sell, share, or transfer your data to third parties
- We do not send emails on your behalf
- We do not modify your calendar events (unless you explicitly use "Add to Calendar")
- We do not store full email bodies or attachments
FERPA Compliance
Ramenta is designed with FERPA (Family Educational Rights and Privacy Act) considerations in mind:
- No education records stored: We do not access or store grades, transcripts, or disciplinary records from Brown's systems
- Student-initiated: All data access is initiated by the student themselves through their own Google account
- Minimal data retention: Personal data from Google integrations is used at query time and not persisted
- Access control: Only authenticated students can access their own data; admin access is restricted to authorized Brown personnel
- No directory information disclosure: Student information is not shared between users or exposed publicly
FERPA note: Because Ramenta reads data directly from the student's own Google Workspace account (provided by Brown University) at the student's request, it operates under the student's own consent. The application does not access institutional education records systems.
Third-Party Services
- OpenAI API: Your questions are sent to OpenAI's GPT models for response generation. OpenAI's enterprise API does not use inputs for training.
- Supabase: Managed PostgreSQL database for knowledge base content (policies, contacts, resources — not personal data)
- AWS (ECS/Fargate): Application hosting in US-East-1 region
- Google OAuth: Authentication only; tokens are stored securely and refreshed automatically
Data Deletion
You can request complete deletion of your account and all associated data by contacting us. Upon deletion, all conversation history, feedback, and stored tokens are permanently removed.
Security Measures
- All traffic encrypted via HTTPS/TLS
- OAuth tokens stored in encrypted database columns
- Role-based access control (user, admin, host)
- Rate limiting on all API endpoints
- No credentials or secrets in client-side code
Contact
Questions about privacy or data practices? Reach out to the Ramenta team at Brown University.