Privacy Policy

Last updated: December 2024

This policy explains how we collect, use, and protect your personal data in compliance with GDPR, CCPA, and other global privacy regulations.

1. Data Controller

The data controller responsible for your personal data is:

Lesson Loom

Email: support@lessonloom.org

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Account Information

Data Type Purpose Legal Basis
Email address Account authentication, communication Contract performance
Password (hashed) Account security Contract performance
Full name Account personalization, billing Contract performance
Display name User interface personalization Legitimate interest

2.2 Professional Information

Data Type Purpose Legal Basis
Country/Region Content localization, timezone settings Legitimate interest
School/Institution Content customization Consent
Timezone Display times correctly Contract performance

2.3 Usage Data

Data Type Purpose Legal Basis
Last login timestamp Security, account management Legitimate interest
Feature usage statistics Service improvement, billing Contract performance
Token/credit usage Billing, usage limits Contract performance

2.4 Content You Create

Data Type Purpose Legal Basis
Lesson plans Core service delivery Contract performance
Generated songs Core service delivery Contract performance
Whiteboard sessions Core service delivery Contract performance
Uploaded files (images, documents) Content generation Contract performance

2.5 Payment Information

Data Type Purpose Legal Basis
Stripe customer ID Payment processing Contract performance
Payment history Billing records, support Legal obligation
Subscription status Service access control Contract performance

Note: We do not store credit card numbers. All payment processing is handled by Stripe.

2.6 Analytics Data

With your consent (via our cookie preferences), we collect analytics data to understand how our service is used and to improve user experience:

Data Purpose Legal Basis
Pages visited and time spent Understand user engagement Consent
Clicks on buttons and links Improve navigation and UX Consent
Device type, browser, screen size Optimize for different devices Consent
Approximate location (country/city) Understand geographic usage Consent
Referral source Understand how users find us Consent
Privacy First: Analytics data is retained for 90 days and then automatically deleted. This data is processed internally and never shared with third parties. You can opt out at any time via the cookie preferences in your browser.

3. Third-Party Data Sharing

To provide our AI-powered services, we share data with the following third-party processors:

Service Provider Data Shared Purpose Privacy Policy
OpenAI Lesson prompts, topics, vocabulary AI content generation View
DeepInfra Image generation prompts Flashcard image generation View
DeepSeek Text content, OCR text Content processing, OCR View
Suno API Song lyrics, style parameters Educational song generation View
Stripe Email, name, payment info Payment processing View
Deepgram Audio files, script text Audio transcription View
International Transfers: Some of these services are based in the United States. By using our service, you consent to the transfer of your data to countries outside the EEA that may not have equivalent data protection laws. We ensure appropriate safeguards are in place (Standard Contractual Clauses where applicable).

4. Your Rights

Under GDPR, CCPA, and other privacy regulations, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of inaccurate personal data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests.

Right to Withdraw Consent

Withdraw consent at any time for consent-based processing.

To exercise any of these rights, please visit your Privacy Settings or contact us at support@lessonloom.org.

5. Data Retention

We retain your personal data according to the following schedule:

Data Type Retention Period Reason
Account data Until account deletion + 30 days Account recovery period
Lesson plans & content Until account deletion Service provision
Payment records 7 years after transaction Legal/tax obligations
Activity logs 90 days Security and debugging
Inactive accounts Deleted after 24 months of inactivity Data minimization

6. Cookies

We use cookies and similar technologies to:

  • Essential cookies: Required for the website to function (session management, authentication)
  • Preference cookies: Remember your settings and preferences

We do not currently use analytics or advertising cookies. For more details, see our Cookie Policy.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in transit (HTTPS/TLS)
  • Password hashing using industry-standard algorithms
  • Regular security assessments
  • Access controls and authentication
  • Secure session management

8. Children's Privacy

Our service is intended for adult educators and teachers. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us immediately.

Note: While teachers may create lesson plans for children, we do not collect or process personal data about the students themselves.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know: What personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

We do not sell your personal information. To exercise your CCPA rights, visit our Do Not Sell My Personal Information page.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy on this page
  • Sending an email notification for material changes
  • Displaying a notice in your account dashboard

11. Contact Us

For privacy-related inquiries, complaints, or to exercise your rights:

Data Protection Contact
Email: support@lessonloom.org
Response time: Within 30 days (as required by UK GDPR)

Supervisory Authority

If you are in the UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Terms of Service Cookie Policy CCPA Opt-Out Privacy Settings

You've Reached Your Limit

You've used all your available allowance for this feature.

Used: 0 / 0
Upgrade Your Plan

Cookie Preferences

Manage your cookie preferences. Essential cookies cannot be disabled as they are required for the website to function.

Essential Cookies

Required for authentication, session management, and basic functionality.

Preference Cookies

Remember your settings like theme preference and sidebar state.

Analytics Cookies

Help us understand how visitors use our site to improve the experience.