Privacy Policy

At LessonLoop AI ("we," "our," or "us"), we are deeply committed to protecting the privacy of educators, schools, and students. LessonLoop is an AI-powered curriculum and assessment assistant designed specifically for English language instructors in South Korea to streamline class preparation, student logs, and homework worksheets.

This Privacy Policy explains how we collect, use, store, and disclose information when you access our website, applications, and services (collectively, the "Platform"). Because our Platform processes information related to educational activities, we place the highest priority on maintaining compliance with global standards, including the United States FERPA (Family Educational Rights and Privacy Act), COPPA (Children's Online Privacy Protection Act), and South Korea's PIPA (Personal Information Protection Act).

By creating an account or using LessonLoop, you agree to the practices outlined in this Privacy Policy.

We collect several categories of information depending on your interaction with the Platform. We minimize data collection to only what is necessary to generate high-quality educational materials.

A. Educator Account Information

When you register for a LessonLoop account, we collect personal information required for identity verification and billing, including:

• Your name, email address, password hash, and professional role (e.g., academy teacher, public school instructor).
• Optional school or hagwon name and city location to help localize curriculum templates.
• Payment details processed securely via our third-party merchant processor (e.g., Stripe); we do not directly store credit card numbers on our servers.

B. Classroom & Student Metadata

To facilitate classroom management and grading tools, educators may upload or input student records. To maximize privacy, students do not create accounts or interact with the platform directly. All student information is teacher-entered and includes:

• Student names or randomized pseudonyms (e.g., "Student A" to maintain complete anonymity).
• Class logs, vocabulary assessment scores, assignment completion records, and class levels.
• Handwritten or digital student essays uploaded solely for OCR transcription and AI-generated grading evaluations.

C. Automatically Collected Platform Data

We collect basic analytics data, including your IP address, browser type, operating system, and system performance metrics, to help debug application bugs and protect against unauthorized access.

We use the information we collect solely to provide, secure, and optimize our educational services. Specifically, data is used to:

• Generate Custom Curriculums: Run AI scripts to synthesize vocabulary banks, worksheets, and full lesson plans based on your prompt selections.
• Perform Essay Evaluations: Execute Optical Character Recognition (OCR) to transcribe paper homework pages and deliver diagnostic grading feedback.
• Maintain Diagnostic History: Log past worksheet files and student scorecards so you can review progress over terms or export formatted PDF/Word summaries.
• Manage Billing & Premium Tiers: Securely process subscription renewals and tier entitlements.
• Application Security: Audit active sessions and enforce our Row-Level Security parameters to prevent cross-tenant data leaks.

NO ADVERTISING GUARANTEE: We do not sell, rent, or lease your account information or student data to any third party. We absolutely do not use student metadata or uploaded assignments to serve targeted advertisements.

LessonLoop AI employs advanced large language models (such as Google Gemini and OpenAI GPT-4) to generate high-quality worksheets and evaluate essays. We recognize that school-related inputs require strict privacy guarantees.

We enforce the following security protocols with our AI subprocessors:

• Zero-Training Policy: All API requests sent to our AI providers are governed by commercial, non-training terms. None of the text prompts, uploaded student essays, or lesson outputs are used to train or refine the base models of Google, OpenAI, or other AI corporations.
• Zero-Retention Rules: AI providers are bound by strict API agreements to delete request payloads immediately or within short temporary windows required solely for fraud mitigation and safety filters.
• Anonymized Requests: We do not forward teacher names, emails, billing details, or school metadata to third-party AI APIs. Only the plain curriculum prompts or the anonymized text of student essays are transmitted.

We are dedicated to safeguarding child privacy and helping schools maintain total compliance with educational records rules.

FERPA Compliance (School Official Standard)

LessonLoop operates as a "School Official" under the FERPA framework. We acknowledge that the student metadata and assignments provided by educators are part of education records under the direct control of the respective teacher, school, or Hagwon. We limit our access to, and use of, such education records strictly to performing our platform functions and never disclose them except as directed by the authorizing educator.

COPPA Compliance (Child Privacy protection)

COPPA regulates the collection of personal information from children under the age of 13.

• No Direct Child Registration: Students cannot create accounts, register, or access the Platform directly.
• Educator Mediation: All student information is inputted solely by professional educators. We advise educators to use first names or anonymous codes (e.g. "Student 1") when populating assessment tables.
• Consent Guarantee: By importing student details or uploading essay images, the educator represents that they have obtained any necessary consent required by their institution, local government, or school board to process such work.

Because LessonLoop is primary tailored to English instructors and Hagwon operators in South Korea, we operate under South Korea's Personal Information Protection Act (PIPA) framework.

We maintain robust technical, administrative, and physical safeguards designed to prevent the loss, theft, alteration, or leakage of personal data:

• Database Separation: All customer data is hosted on Supabase secure cloud nodes utilizing Row-Level Security (RLS) policies. Every query is filtered automatically at the database level by the user's secure Supabase authorization token, preventing any cross-account leakages.
• Encryption in Transit & at Rest: All data transmitted is protected under high-grade HTTPS (TLS 1.3) protocols. Critical account data and database files are encrypted at rest.
• Cross-Border Data Flows: Database processing and cloud server logic run securely on cloud server instances. When you submit prompts to AI nodes, cross-border transmission is strictly restricted to secure enterprise connections under non-training terms.

We believe that educators should have full ownership and sovereignty over their digital workspace:

• Easy Export: You can download student logs, exported PDF evaluations, and custom worksheet files directly from the dashboard interface in standard `.docx`, `.pdf`, or JSON formats.
• Instant Deletion: Deleting a student profile or deleting an uploaded class instantly purges that structural record from our active databases.
• Account Termination: You can request complete termination of your account at any time. Upon receiving an account closure request, we permanently delete all account settings, classroom profiles, log histories, and associated materials within 30 days.

If you have any questions about this Privacy Policy, our FERPA/COPPA frameworks, or PIPA compliance for South Korean Hagwons, please do not hesitate to contact our data protection team: