Privacy Policy

Last updated: March 8, 2026

1. Information We Collect

When you create an account, we collect your name, email address, school name (optional), and role. When you use our grading service, we process student submission text to generate feedback. We do not permanently store student submission content after grading is complete.

When you use classroom tools (gradebook, lesson planner, student records, calendar, notes, inventory, conferences), your data is securely stored on our servers (PostgreSQL on Railway, US-based, SOC 2 compliant). This data is automatically synced from your browser to our servers so you can access it from any device. Your classroom data is retained for as long as your account is active. If you delete your account, all data is permanently removed within 30 days.

2. How We Use Your Information

• To provide AI grading, lesson planning, and classroom tools
• To manage your account and subscription
• To improve our AI models (anonymized, aggregated data only)
• To send transactional emails (receipts, password resets)

3. Student Data (FERPA Compliance)

We are committed to protecting student privacy. Student names entered during grading are optional and used only for feedback formatting. We do not sell, share, or use student data for advertising. Submission text is processed in memory and not retained after the grading response is returned. Classroom data (gradebook entries, student records) is stored securely on our servers and is accessible only to the authenticated teacher who created it. Teachers can export and delete all their data at any time from Settings or via the /api/data/export endpoint.

4. Data Security

All data is encrypted in transit (TLS 1.3) and at rest. Passwords are hashed with bcrypt. We use Railway (SOC 2 compliant) for hosting and Stripe (PCI DSS Level 1) for payments.

5. Third-Party Services

• DeepSeek AI - processes grading requests (no data retention)
• Stripe - payment processing
• Resend - transactional email
• Vercel - frontend hosting
• Railway - backend hosting

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing support@teachshield.app or using the data export feature in Settings.

7. Cookie Policy

TeachShield uses essential cookies only for session management and authentication. We do not use tracking cookies, third-party advertising cookies, or any form of cross-site tracking. If we introduce analytics cookies in the future, we will update this policy and provide appropriate notice and consent mechanisms.

8. GDPR Compliance (EU Users)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right to Access - You may request a copy of all personal data we hold about you
• Right to Rectification - You may request correction of inaccurate or incomplete data
• Right to Erasure - You may request deletion of your personal data ("right to be forgotten")
• Right to Data Portability - You may request your data in a structured, machine-readable format
• Right to Object - You may object to processing of your personal data for certain purposes

To exercise any of these rights, contact us at support@teachshield.app. We will respond to all requests within 30 days.

9. CCPA Compliance (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know - You may request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete - You may request deletion of your personal information
• Right to Opt-Out of Sale - We do not sell your personal information to third parties. We never have and never will
• Right to Non-Discrimination - We will not discriminate against you for exercising any of your CCPA rights

10. COPPA Compliance

TeachShield does not knowingly collect personal information from children under 13. Teachers and school administrators are responsible for obtaining necessary parental consent before using TeachShield with student data. If we learn that we have collected personal information from a child under 13, we will promptly delete it.

11. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify all affected users within 72 hours of discovering the breach. Notifications will be sent via email to your registered address and through an in-app notification. The notice will include the nature of the breach, the data affected, steps we are taking to address it, and recommended actions you can take to protect yourself.

12. Policy Changes

We may update this Privacy Policy from time to time. For material changes, we will notify users via email at least 30 days before the changes take effect. The "Last updated" date at the top of this page will be revised accordingly. Continued use of TeachShield after the effective date constitutes acceptance of the updated policy.

13. Contact

Obsidian Clad Labs LLC
Email: support@teachshield.app