EduNotebook

Privacy Policy

Last updated: February 21, 2026

1. Introduction

EduNotebook ("we," "our," or "us") is an AI-powered educational platform designed for K–12 teachers and students. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. We are committed to protecting the privacy of all users, with particular attention to the privacy of children under 13.

By using EduNotebook, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the platform.

2. Information We Collect

Account Information

  • Email address (used for authentication and account recovery)
  • Name (display name for the platform)
  • Role selection (teacher or student)
  • Avatar URL (optional profile image)

Educational Content

  • Curriculum documents, unit plans, and assessments created by teachers
  • Uploaded source materials (PDFs, documents, URLs, YouTube links)
  • AI-generated content (lesson plans, rubrics, learning tasks, presentations)
  • Research queries and saved research reports
  • Chat messages within curriculum building sessions

Usage Data

  • Pages visited and features used within the platform
  • Session duration and interaction patterns
  • Device type, browser type, and general location (country/region level only)

What We Do NOT Collect

  • Social Security numbers or government-issued identification
  • Financial information or payment card data
  • Precise geolocation or GPS coordinates
  • Biometric data
  • Phone numbers or physical addresses
  • Student grades, disciplinary records, or other education records not explicitly entered by teachers

3. How We Use Information

Educational Services

  • Providing AI-powered curriculum generation and educational content creation tools
  • Enabling teachers to build, organize, and share unit plans and assessments
  • Powering the Socratic tutoring system for student learning
  • Aligning generated content with provincial/state curriculum standards (BC, AB, ON)
  • Processing uploaded source materials for context-aware content generation

No Behavioral Advertising

We do not use student data or educational content for behavioral advertising, targeted marketing, or building advertising profiles. We do not sell, rent, or trade any user data to third parties for marketing purposes.

4. Children's Privacy (COPPA Compliance)

EduNotebook complies with the Children's Online Privacy Protection Act (COPPA). We take additional precautions to protect the privacy of children under 13.

School Consent Exception

Student accounts are created and managed through school-authorized teacher accounts. Teachers act as authorized agents of the school, providing consent on behalf of parents for the use of the platform in an educational context, in accordance with the COPPA school consent exception.

Data Collection Limits for Students

  • We collect only the minimum information necessary for educational functionality
  • Student accounts require only an email and name
  • Content screening automatically blocks requests for personal information (phone numbers, addresses, SSN patterns) in student mode
  • Student interactions are subject to stricter content filtering than teacher accounts

No AI Training on Student Data

Student-generated content, chat messages, and interaction data are never used to train, fine-tune, or improve AI models. All AI processing uses pre-trained models via API calls only.

Parental Rights

Parents and legal guardians have the right to:

  • Review their child's personal information collected by the platform
  • Request deletion of their child's account and associated data
  • Refuse further collection of their child's information
  • Contact us at any time regarding their child's data

Data Retention

Student data is retained only for as long as the student account is active. Upon request from a parent, guardian, or school administrator, student data will be deleted within 30 days. Teachers may delete student accounts and associated data at any time through the platform.

Content Screening

All student interactions are processed through role-aware content screening that blocks age-inappropriate material, including violence, weapons, drugs, alcohol, tobacco, explicit content, and self-harm content. Teacher accounts have more permissive screening to allow creation of legitimate educational content on sensitive topics (e.g., history, health education).

5. FERPA Compliance

EduNotebook complies with the Family Educational Rights and Privacy Act (FERPA) and operates under the "school official" exception.

School Official Exception

EduNotebook functions as a school official with a legitimate educational interest, providing AI-powered curriculum and assessment tools directly used in the educational process. We maintain direct control by the school over the use of education records.

Data Use Restrictions

  • Education records are used solely for the educational purposes for which they were shared
  • We do not disclose education records to third parties without proper authorization
  • We do not use education records for any commercial purpose unrelated to the educational service

School Control

Schools and districts retain full control over student education records. School administrators and authorized teachers may access, modify, or delete student data at any time. Upon termination of service, all education records are returned to the school or securely deleted upon request.

6. Third-Party Services

We use the following third-party services to operate EduNotebook. Each service processes data only as necessary to provide its specific function:

Supabase (Database & Authentication)

Stores user accounts, educational content, and application data. Supabase provides PostgreSQL with Row-Level Security (RLS) ensuring users can only access their own data. Supabase is SOC 2 Type II compliant.

Google Gemini AI (Content Generation)

Powers curriculum generation, lesson planning, assessment creation, and the Socratic tutoring system. Content is sent to Google's API for processing and is not used by Google to train their models when accessed via the API. We use Gemini's context caching to minimize data transmission.

Perplexity AI (Research)

Provides web search and research capabilities for the Research Workspace. Research queries are sent to Perplexity's API for processing. If the Perplexity API key is not configured, the system falls back to Google Gemini for research functionality.

Vercel (Hosting)

Hosts the frontend and backend applications. Vercel processes web requests and may collect standard server logs (IP addresses, request timestamps). Vercel is SOC 2 Type II compliant.

7. AI Transparency

AI-Generated Content is Clearly Identified

All content generated by AI within EduNotebook is clearly presented as AI-generated. Streaming indicators, AI labels, and distinct visual styling help users distinguish between human-created and AI-generated content.

No Training on User Data

We do not use any user-created content, uploaded documents, chat messages, or generated artifacts to train, fine-tune, or improve AI models. All AI services are accessed via API calls to pre-trained models.

Teacher Responsibility

Teachers are responsible for reviewing all AI-generated content before using it in educational settings. AI-generated curriculum materials, assessments, and lesson plans should be treated as drafts that require professional review and adaptation.

8. Data Security

We implement multiple layers of security to protect your data:

  • Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest
  • Row-Level Security (RLS): Database policies ensure users can only access their own data
  • Role-Based Access Control (RBAC): Different permissions for teachers, students, and administrators
  • JWT Authentication: Secure token-based authentication with automatic expiration
  • Rate Limiting: API rate limiting to prevent abuse and protect service availability
  • Security Headers: Standard security headers including CORS, CSP, and X-Frame-Options
  • Content Screening: Role-aware AI safety filters on all AI interactions to prevent generation of harmful content

9. Your Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Deletion: Request deletion of your account and associated personal data. Account deletion can be initiated through the platform settings or by contacting us directly.
  • Data Export: Request an export of your educational content and personal data in a portable format

To exercise any of these rights, please contact us at the email address listed below. We will respond to all requests within 30 days.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify users through a prominent notice on the platform and update the "Last updated" date at the top of this page. Continued use of EduNotebook after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, your personal data, or our privacy practices, please contact us:

For COPPA-related inquiries or to exercise parental rights regarding a child's account, please include "COPPA Request" in your email subject line.