Privacy Policy

Tenefly Education Technology, Inc. ("Tenefly", "we", "us", or "our") is committed to protecting the privacy of educators, students, and families who use our AI-powered lesson planning platform ("Platform"). This Privacy Policy describes how we collect, use, and safeguard your information in compliance with the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), and applicable state student privacy laws.

1. Information We Collect

Teacher Information

• Account data: Name, email address, and password (hashed)
• Profile data: Grade levels, subjects taught, teaching style, school affiliation, state (for standards alignment)
• Content data: Lesson prompts, generated lessons, reflections, and teaching notes
• Usage data: Pages visited, features used, and session duration (for product improvement)
• Session recordings (teacher-facing pages only): We record screen activity on teacher-audience pages to diagnose user-experience issues and improve the platform. Recordings exclude all student-facing and parent-facing pages. Sensitive inputs (student names, lesson content, email fields, free-text reflections) are automatically masked in recordings and shown as placeholder text. See Section 3 for details.

Student Information

• First name only — provided by the student during class enrollment
• Class enrollment — which class code the student joined
• Lesson responses — answers to practice questions and exit tickets

What we do NOT collect from students: Email addresses, dates of birth, home addresses, phone numbers, photos, social media accounts, device identifiers, or any other personally identifiable information beyond first name.

Anonymous Trial Sessions

• IP address — used solely for rate limiting (max 5 sessions per hour)
• Lesson prompts — the text you enter to generate a trial lesson
• Generated content — the lesson created during your trial

Anonymous trial data is automatically deleted after 72 hours unless you create an account and claim your lessons. No account or personal information is required to try Tenefly.

Parent/Guardian Information (Beta)

• Account data: Name, email address (via teacher invitation link)
• Relationship: Relationship to the student (parent, guardian, etc.)

Parent access is read-only and limited to their child's benchmark progress. Parents cannot view other students' data, teacher notes, or class-wide analytics.

2. How We Use Information

• To provide and operate the lesson planning and classroom tools
• To generate AI-powered lesson content tailored to your teaching profile
• To display student responses and mastery data to their teacher
• To improve the Platform through aggregated, de-identified usage analytics
• To communicate important service updates and security notices

We never use student data for advertising, marketing, or profiling. We never sell, rent, or trade any user data to third parties.

3. Session Recording

To improve the teacher experience, Tenefly records screen activity on teacher-facing pages (account dashboard, lesson creation, lesson review, reporting, messaging, and similar). These recordings help us diagnose bugs, measure time-to-value, and identify usability issues.

What we record:

• Mouse movements, clicks, scrolling, page navigation
• Form interactions (field focus/blur events, submission timing)
• Keyboard events (WITHOUT capturing keystrokes in masked fields)

What we do NOT record:

• Any student-facing page (class join, lesson practice, exit tickets)
• Any parent-facing page (Family Portal)
• Password fields (masked by default)
• Student names in rosters, student-mention displays, differentiation notes
• Free-text input in observations, lesson bodies, or reflection notes
• Email inputs during sign-up or sign-in (teacher email is stored via the account-data path instead, not the session recording)

Recordings are retained for the duration of Tenefly's active analytics subscription; upon termination, they are securely destroyed within 90 days. Teachers may request that their session recordings be excluded by contacting privacy@tenefly.com. Recordings are accessible only to Tenefly's product and engineering teams.

4. Third-Party Services

Tenefly uses the following third-party services to operate the Platform:

• Supabase (database & authentication) — stores account data and lesson content. Data encrypted at rest and in transit.
• Anthropic (AI lesson generation) — receives lesson prompts and teacher preferences to generate content via the Claude API. Tenefly enforces a technical allowlist that prevents student names, IDs, scores, IEP/504 details, or any personally identifiable student information from being sent to Anthropic. Anthropic does not use Tenefly data for model training. If Tenefly changes AI providers, schools will be notified at least 30 days in advance.
• Vercel (hosting) — serves the Platform. No user data is stored on Vercel beyond standard server logs.
• Google OAuth (optional sign-in) — if you choose to sign in with Google, we receive your name and email. We do not access your Google contacts, files, or other data.
• Google Classroom (optional roster sync) — if you connect your Google Classroom account, Tenefly accesses your course list and student rosters (names and enrollment data) using the classroom.courses.readonly and classroom.rosters.readonly scopes. This data is stored in Tenefly and is not shared with any other third party. You may disconnect Google Classroom at any time from the class management page. Tenefly's use of Google API data complies with the Google API Services User Data Policy.
• Sentry (error monitoring) — captures application errors and performance data to help us maintain reliability. May include request metadata (URL, browser type) but never student names or PII.
• Upstash (rate limiting) — processes anonymized request counters to prevent abuse. No user content or personally identifiable information is stored.
• Mixpanel (product analytics & session recording — teacher-facing pages only) — receives teacher usage events (page views, clicks, form submissions), session recordings, and teacher identifiers (email, full name, school affiliation, grade levels, account creation date). Mixpanel data is NEVER collected from student-facing or parent-facing pages. Sensitive content on teacher pages (student names, lesson body text, free-text reflections, email inputs, password inputs) is masked before recording or event capture. Mixpanel processes this data solely to enable Tenefly's product analytics and, per its Data Processing Agreement, does not use customer data to train AI models, and does not "sell" or "share" Personal Information as defined by the CCPA. Event data and session recordings are retained for the duration of Tenefly's active Mixpanel subscription; upon termination of that subscription, Mixpanel securely destroys event data within 30 days and session recordings within 90 days. Teachers may request deletion of their Mixpanel-held data by contacting privacy@tenefly.com. See Mixpanel's privacy policy at mixpanel.com/legal/privacy-policy.

5. FERPA Compliance

Tenefly acts as a "school official" with a legitimate educational interest under FERPA (34 CFR § 99.31(a)(1)). We:

• Use student education records only for the purposes for which the disclosure was made
• Do not re-disclose student data to other parties without authorization
• Maintain strict access controls — only the student's teacher can view their responses
• Provide data deletion upon school or teacher request
• Comply with parent/guardian requests to inspect or amend their child's records
• Execute a Data Processing Agreement (DPA) with schools or districts upon request that defines data use, retention, deletion rights, and audit procedures

If a school revokes authorization or terminates its relationship with Tenefly, all associated student data will be deleted within 30 days.

6. COPPA Compliance

Tenefly does not knowingly collect personal information from children under 13 without the consent of a school acting as the parent's agent under COPPA. Student access is provided solely through teacher-created class codes, and we collect only first names — no email, age, or contact information. Teachers are responsible for confirming they have parental permission before adding students to Tenefly. Parents may request that their child's data be deleted by contacting the child's teacher or Tenefly at privacy@tenefly.com. Teachers can remove students at any time through the class management interface.

7. Data Security

• All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Authentication uses industry-standard bcrypt password hashing
• Database access is protected by Row-Level Security (RLS) policies
• API endpoints use rate limiting to prevent abuse
• AI prompts are sanitized to prevent injection attacks
• Regular security reviews of codebase and infrastructure

8. Data Retention & Deletion

• Teacher data: Retained while your account is active. You may delete your account at any time through Settings. All data is permanently deleted within 30 days of account deletion.
• Student data: Retained for the current academic year. Teachers may delete individual student records at any time. All student data is purged at the end of each school year unless the teacher requests retention.
• AI generation logs: Prompts and generated content are retained only as part of the saved lesson. No separate logs of AI interactions are maintained.

9. Data Breach Notification

In the event of a security breach that compromises student education records or personally identifiable information, Tenefly will:

• Notify affected schools, teachers, and parents within 30 days of discovery
• Notify applicable state education departments as required by law
• Provide details of the breach, the data affected, and steps taken to mitigate harm
• Offer guidance on protective measures for affected individuals
• Conduct a thorough investigation and implement measures to prevent recurrence

10. Parent Portal Access

Tenefly offers a Family Portal (beta) that allows parents and guardians to view their child's learning progress and benchmark data. Access is granted through secure invitation links generated by the child's teacher. Parent access is read-only — parents cannot modify student records, view other students' data, teacher notes, or class-wide analytics.

Parents may opt out of the Family Portal by contacting the child's teacher or Tenefly directly. Removing portal access does not affect the student's use of Tenefly in the classroom.

11. Your Rights

Teachers:

• Access, export, or delete your account and all associated data at any time
• Export lessons in PDF or DOCX format
• Export student response data in CSV format

Parents & Guardians:

• Request to inspect your child's records by contacting the child's teacher
• Request correction or deletion of your child's data
• Contact us directly at the address below for any privacy concerns

12. State-Specific Provisions

We comply with state student privacy laws including but not limited to: California (SOPIPA, CalOPPA), New York (Education Law 2-d), Illinois (ISSPA), and Colorado (Student Data Transparency and Security Act). If your state has additional requirements, please contact us and we will work to ensure compliance.

13. Data Residency

All Tenefly data is stored on servers located in the United States. By using the Platform, you consent to the processing and storage of data in the United States.

14. Changes to This Policy

We will notify you of material changes to this Privacy Policy via email or through the Platform at least 30 days before they take effect. Non-material changes (e.g., formatting) may be made without notice. The "Last Updated" date at the top of this page reflects the most recent revision.

15. Contact Us

For privacy-related questions, data requests, or concerns:

Tenefly Education Technology, Inc.
Privacy Team
Email: privacy@tenefly.com