LessonForge
← Back to Login

Privacy Policy

How LessonForge collects, uses, and protects your data. Last updated March 2025.

Privacy Policy for LessonForge

1. Introduction and Scope

This Privacy Policy outlines how our AI educational tool collects, uses, and protects the personal information of students, teachers, and parents. We are committed to safeguarding user privacy and complying with key educational privacy laws, including the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA).

2. Information Collection and Consent

We adhere to the principle of data minimization, meaning we only collect the minimum amount of personal information necessary to provide our educational services.

Students Under 13: In compliance with COPPA, we do not collect personal information from children under 13 without verifiable parental consent. In the educational context, we rely on schools and school districts to act as the parent's agent and provide this consent on their behalf.

Information Collected: We collect essential account and educational records, which may include names, contact details, and contextual metadata (such as learning progress and engagement metrics) needed for the platform to function.

3. Use of Information

We use the personal information collected strictly for school-authorized educational purposes.

  • We act as a “school official” with a legitimate educational interest under FERPA.
  • We strictly prohibit the use of student data for commercial purposes, behavioral profiling, or targeted advertising.
  • De-identified or anonymized data (where all direct and indirect identifiers are removed) may be used to improve our AI tool and services.

4. Data Sharing and Third Parties

We do not sell student personal information. We may share data with trusted third-party service providers (sub-processors) solely to help us deliver our educational services. All third parties are contractually bound by Data Processing Agreements (DPAs) to adhere to the same strict privacy, security, and purpose-limitation rules, and they are prohibited from using the data for their own secondary purposes.

5. Data Security (Privacy by Design)

We embed Privacy by Design and by Default into our platform's architecture to ensure end-to-end security across the entire data lifecycle.

  • Industry-standard encryption for data in transit and at rest.
  • Role-based access controls.
  • Regular privacy impact assessments.
  • Our platform defaults to the most protective privacy settings automatically.

6. Data Retention and Deletion

We retain student data only for as long as it is reasonably necessary to fulfill the authorized educational purpose or as required by our contract with the school.

  • Upon termination of the school contract or at the request of the school/parent, we will securely destroy or permanently de-identify the data.
  • We provide schools with the ability to review student data and confirm its deletion upon request.

7. Parental and Student Rights

Parents and eligible students have the right to access, review, correct, or request the deletion of their personal information. To ensure proper authentication, we work directly with the school or district to fulfill these requests within the legally required timeframes (such as FERPA's 45-day window).

Legal Viability and Certifications — India Operations

India's Digital Personal Data Protection Act (DPDPA)

Our compliance program is built to align with India's Digital Personal Data Protection Act (DPDPA), the country's comprehensive data protection law regulating how personal data is collected, used, shared, and protected.

Recommended International Certifications

  • ISO/IEC 27001: Globally recognized standard for Information Security Management Systems (ISMS). Demonstrates a systematic framework for protecting information assets against unauthorized access and data breaches.
  • ISO/IEC 27701: Privacy extension to ISO 27001 establishing a Privacy Information Management System (PIMS). Provides auditable proof of privacy accountability and helps demonstrate compliance with global privacy regulations including the DPDPA.

Agreement

By clicking “I Accept”, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and End User License Agreement. Your acceptance is recorded with a timestamp for compliance and audit purposes.

Last updated: March 2025. LessonForge AI Ecosystem.

End User License Agreement (EULA)

Review the full EULA you accept when using LessonForge.