Privacy and Data
What the Hub accesses, what it never touches, and how we comply with FERPA and COPPA.
The Hub is built to give teachers curriculum without asking for student data. We deliberately avoid integrations that would put student information in our hands.
Who uses the Hub
Teachers and curriculum staff. Students don't sign in and never interact with the Hub directly.
What we collect about teachers
| Data | Purpose |
|---|---|
| Email address | Identify the user; send sign-in emails |
| Name (from SSO) | Display name in the UI |
| District association | Show the right curriculum and branding |
| Starred resources, recent views | Personalize the teacher's Hub |
| Usage analytics | Aggregated; improve the product |
Email addresses are encrypted at rest. Sessions are stored as encrypted cookies and last 30 days.
What we never access
- Student names, IDs, demographics, enrollment data, or rosters
- Student work, grades, assessment data, or behavioral data
- Anything in Google Classroom, Canvas, or Schoology that the teacher did not choose to import
When a teacher signs in via Google or Canvas, we request only the OAuth scopes we actually use (read teacher profile, read teacher's course list, write course content). We do not request student-roster, submission, or grade scopes.
FERPA and COPPA
- FERPA — Because the Hub doesn't collect or store education records of identified students, the Hub doesn't trigger FERPA's school-official obligations. We're happy to sign a Data Processing Agreement (DPA) if your district requires one.
- COPPA — Students under 13 do not use the Hub. There is no path for a student to create an account or interact with the product directly.
If your district has a stricter local policy you'd like us to attest to, contact [email protected].
Security
- All data encrypted in transit (TLS 1.2+) and at rest.
- OAuth tokens (Google, Canvas) encrypted in our database.
- Production access limited to the engineering team and audited.
- Standard practices: least-privilege, parameterized queries, dependency scanning, regular vulnerability review.
Subprocessors
We use a small set of vetted vendors to run the Hub. None of them receive student data, because we don't collect it.
| Vendor | Role |
|---|---|
| Vercel | Application hosting (US regions) |
| Neon (Postgres) | Primary database |
| Postmark | Transactional email (sign-in links) |
| Google / Canvas | OAuth providers (only when a teacher signs in or imports) |
| PostHog | Aggregated product analytics |
We update this list when subprocessors change. Districts can request notification of material changes.
Incident response
If we confirm a security incident affecting teacher data, we notify each affected district's primary contact within 72 hours with a description of the incident, the data involved, and the steps we're taking.
Data export and deletion
- Teachers can revoke the Hub's OAuth access from their Google or Canvas account at any time.
- District administrators can request deletion of all user records by emailing [email protected]. We complete deletion requests within 30 days and confirm in writing when finished.