Privacy Policy

 

Effective Date: 25 February 2026 · Last Updated: 6 May 2026

AttainXR LLC ("AttainXR," "we," "our," or "us") is a Connecticut limited liability company that provides immersive workforce and educational training solutions, including virtual reality (VR) applications, software platforms, and related services (collectively, the "Services")

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you access or use our Services, including our public website and our XR training platform.

By using our Services, you agree to this Privacy Policy.

 

1. Scope and Roles

 

AttainXR operates in two primary capacities:

A. As a Data Controller

We act as a data controller when we collect and process personal information for our own purposes, including:

  • Website visitors

  • Marketing communications

  • Business contacts

  • Billing contacts

    B. As a Data Processor

    When our Services are provided to schools, districts, workforce institutions, or enterprise customers, AttainXR acts as a data processor and processes personal information (including Student Data) solely on behalf of and under the direction of the contracting institution.

    The contracting institution is the data controller for Student Data.

     

     

    2. Information We Collect

     

    Depending on how the Services are used, we may collect:

A. Account & Contact Information

  • Name

  • Email address

  • Organization

  • Role/title

  • Billing contact details

    B. Platform & Training Data


  • User account identifiers

  • Training progress

  • Completion status

  • Assessment results

  • Analytics linked to named users

  • Headset serial numbers

  • Platform usage logs

C. Device & Technical Data

  • IP address

  • Browser type

  • Operating system

  • VR headset type and configuration

  • Crash reports

  • Log files

D. Integrations (If Enabled by Customer)

Where enabled by the contracting institution, we may integrate with:

  • Learning management systems (e.g., Canvas)

  • Identity providers (OAuth, SAML)

  • Educational rostering systems (e.g., Google Classroom, Clever, ClassLink)

    Data collected through integrations is limited to what the institution authorizes.

 

What We Do Not Collect

AttainXR does not collect:

  • Biometric identifiers (including eye tracking data)

  • Hand tracking biometric templates

  • Voice recordings

  • Session recordings

  • Spatial mapping data from headsets

  • Sensitive personal data unless explicitly required by contract

  • We do not market to students or learners.

     

    3. How We Use Information

     

    We use personal information to:

     

  • Provide and operate the Services

  • Deliver VR training experiences

  • Track progress and performance

  • Provide analytics to institutions

  • Authenticate users

  • Process payments

  • Communicate with customers

  • Improve system performance and reliability

  • Ensure security and prevent misuse

  • Comply with legal obligations

We do not sell personal information.

 

4. Educational Use & Student Data

 

When our Services are used by schools, districts, or educational institutions:

A. Role

AttainXR acts as a data processor for Student Data.

B. Educational Purpose Limitation

Student Data is:

  • Used solely for providing educational functionality

  • Not sold

  • Not used for targeted advertising

C. Compliance

We design our Services to support compliance with:

  • Family Educational Rights and Privacy Act (FERPA)

  • Student Online Personal Information Protection Act (SOPIPA)

    The contracting institution is responsible for obtaining parental consent where required.

    D. Data Retention

Upon contract termination:

  • Student Data may be exported upon request.

  • Student Data is deleted within 30 days of contract termination, unless otherwise required by law.

  • Encrypted backups may persist temporarily in accordance with secure backup retention schedules.

E. Access & Correction

Parents, guardians, or eligible students should contact their institution directly. We assist institutions in fulfilling lawful requests.

 

5. Subprocessors and Service Providers

 

We use trusted third-party service providers to operate our Services.

QR Studio LLC (Wyoming, USA)

We engage QR Studio LLC as a subcontractor for:

  • XR platform development

  • Backend engineering

  • Database management

  • Hosting management via Microsoft Azure (U.S. region)

  • VR application development and maintenance

QR Studio processes personal information solely under our instructions and pursuant to a written data processing agreement.

Cloud Hosting

Our Services are hosted on Microsoft Azure (United States region).

Other Providers

We may use providers for:

  • Payment processing (e.g., Stripe or similar)

  • Email communications

  • Analytics (e.g., Google Analytics)

  • Customer relationship management

All providers are contractually required to implement appropriate safeguards.

 

6. Marketing & Website Data

 

Our public website is separate from the XR platform. It however does offer our knowledgebase and support tickets system.

When you visit our website, we may collect:

Cookies

Usage analytics (e.g., Google Analytics)

Marketing sign-up information

You may:

  • Disable cookies via browser settings

  • Unsubscribe from marketing communications at any time

We do not use behavioral advertising directed at students.

 

7. Security

 

We implement administrative, technical, and physical safeguards including:

  • Encryption in transit (TLS)

  • Encryption at rest

  • Role-based access controls

  • Multi-factor authentication for administrative accounts

  • Secure cloud hosting (Azure US)

  • Limited production data access

  • Secure development practices

In the event of a confirmed data security incident affecting personal information, we will notify the contracting institution without unreasonable delay and cooperate in any legally required notifications.

Security inquiries may be directed to: security@attainxr.com

 

8. International Users & GDPR

 

If you access our Services from outside the United States:

  • Your information may be transferred to and processed in the United States.

  • We rely on appropriate safeguards for international transfers.

  • Enterprise customers may request a Data Processing Addendum (DPA).

 

Where applicable, individuals may have rights to:

  • Access their data

  • Correct inaccuracies

  • Request deletion

  • Restrict processing

Requests should be directed to the contracting institution where AttainXR acts as processor.

 

9. Payments & Billing

 

We process billing information separately from learner accounts.

Payment information is processed through secure third-party payment processors.

Invoices may reference our Terms of Service and Privacy Policy.

10. Data Retention

 

We retain personal information:

  • As long as necessary to provide Services

  • For the duration of an active contract

  • As required for legal, tax, or accounting obligations

Marketing data is retained until you unsubscribe.

 

11. Changes to This Policy

 

We may update this Privacy Policy periodically. Material changes will be posted on our website and reflected in the "Last Updated" date.

 

12. Contact Information

 

AttainXR LLC

426 Westport Avenue, #1089

Norwalk, CT 06851

United States

Email: privacy@attainxr.com

Security Contact: security@attainxr.com