Privacy Policy

Last updated: March 25, 2026

1. What We Do

teachwithcolin is an AI-powered essay grading platform. Teachers upload student essays, and the app grades them against a rubric, producing individual feedback reports and a class gradebook.

2. Information We Collect

Google account info: Name, email address, and profile picture via Google OAuth sign-in.
Google Drive data: We access only files and folders you explicitly select through our folder picker. We use the drive.file scope, which limits access to files created by or opened with this app.
Student essays: Essay files you upload or select from Google Drive for grading.
Rubric files: Rubric documents you upload for AI parsing.

3. How We Use Your Data

Essay grading: Student essays are sent to Anthropic's Claude AI for grading against your rubric. Anthropic does not use this data for model training. See Anthropic's Privacy Policy.
Report generation: Grading results are used to generate .docx feedback reports and .xlsx gradebook files.
Google Drive delivery: Output files are uploaded to your Google Drive in a folder you designate.

4. Google API Services — Limited Use Disclosure

teachwithcolin's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

We only request the minimum scopes needed (drive.file, openid, email, profile).
We do not sell, rent, or share Google user data with third parties.
We do not use Google user data for advertising.
Google OAuth tokens are encrypted at rest using Fernet encryption.
You can revoke access at any time via your Google Account permissions or the in-app token revocation option.

5. AI Processing Disclosure

Student essays are processed by Anthropic's Claude AI solely for the purpose of grading.
Anthropic does not use API-submitted data for model training (per their Usage Policy).
AI interactions are logged for audit purposes and retained for 90 days.
We track token usage (input/output) per grading result for billing and cost monitoring only.

6. Student Data (FERPA Context)

If you are a teacher at a U.S. educational institution, student essays may contain personally identifiable information (PII) subject to FERPA. We implement the following safeguards:

PII scrubbing is applied before AI processing where possible.
Student identities are tokenized internally (StudentIdentityMap).
A nightly purge process removes expired student data.
Audit logs track all data access and processing events.

7. Data Retention

Uploaded essay files are stored on our servers only during the grading process and are deleted after output delivery.
Grading results and metadata are retained until the teacher deletes the associated assignment.
AI audit logs are retained for 90 days, then permanently deleted.

8. Data Security

All data in transit is encrypted via HTTPS/TLS.
Google OAuth tokens are encrypted at rest using Fernet symmetric encryption.
The database is hosted on Railway with managed security and backups.
Application secrets are managed via environment variables, never committed to code.

9. Your Rights

You can:

Revoke Google access at any time (via the app or Google Account settings).
Delete your assignments and all associated data.
Request a copy of your data by contacting us.
Request account deletion by contacting us.

10. Contact

For privacy questions or data requests, please contact us at privacy@teachwithcolin.com.