Privacy Policy

Last updated: May 6, 2026

1. What We Do

teachwithcolin is an AI-powered essay grading platform. Teachers upload student essays, and the app grades them against a rubric, producing individual feedback reports and a class gradebook.

2. Information We Collect

• Account information: The name, email address, school, and password you provide when registering. Passwords are stored only as bcrypt hashes — we never store your password in plain text.
• Student essays: Essay files (.docx, .pdf, .txt) you upload as a ZIP archive for grading.
• Rubric files: Rubric documents you upload for AI parsing.
• Usage metadata: Counts of graded essays, batch timestamps, and credit transactions, used for billing and account history.

3. How We Use Your Data

• Essay grading: Student essays are sent to Anthropic's Claude AI for grading against your rubric. See section 4 for the safeguards we apply before any data leaves our servers.
• Report generation: Grading results are used to generate per-student .docx feedback reports and an .xlsx gradebook, which you download directly from the app.
• Notifications: Your email address is used for account verification, password resets, and — if you opt in — notifications when grading batches complete or fail.

4. AI Processing Disclosure

We use Anthropic's Claude API (Commercial tier) for grading. Under Anthropic's Commercial Terms, inputs and outputs from API calls are not used to train Anthropic's models. See Anthropic's Commercial Terms and Anthropic's Privacy Policy.

• Student essays are processed by Claude solely for the purpose of grading.
• We track input/output token usage per grading result for billing and cost monitoring only — no essay text is stored in usage records.
• A PII-free audit log of grading runs is retained for 90 days for accountability and debugging (see section 6).

5. Student Data Privacy & FERPA Context

If you are a teacher at a U.S. educational institution, student essays may contain personally identifiable information (PII) subject to FERPA, COPPA, and state-level laws such as Utah SB 207. We have not pursued formal FERPA certification, but the system is architected around data minimization and the following safeguards apply automatically to every grading run:

• Identity tokenization: Each student is assigned an opaque UUID token at ingestion. Student names are never sent to the AI provider — only the token is.
• Filename sanitization: Original filenames (which often contain student names) are stored backend-only. Files are renamed to their UUID tokens before any external call.
• PII scrubbing: Before grading, the student's known name is matched within their essay text and replaced with the placeholder [STUDENT] in the copy sent to Claude. The original text is preserved on our servers for your records.
• Prompt audit log: Each grading run produces a record of the model used, token counts, and whether scrubbing was applied — but no essay text and no student names. These records are retained for 90 days, then auto-purged.
• Re-hydration: Student names are re-attached to outputs only at the final document-generation step, on our servers, after the AI has returned its response.

6. Data Retention

A nightly automated purge job enforces the following retention windows:

• Essay files on disk: Hard-deleted 30 days after the batch completes.
• Prompt audit logs: 90 days, then permanently deleted.
• Student identity map (token ↔ name): Soft-deleted on a configured schedule and then hard-deleted; designed to clear at the end of the academic year.
• Grading results & reports: Retained until you delete the assignment. You may delete an assignment and all associated data at any time.
• Account & billing records: Retained while your account is active. Account deletion is available on request.

7. Data Security

• All data in transit is encrypted via HTTPS/TLS.
• The application enforces security headers (Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy) in production.
• State-changing requests are protected by CSRF origin-checking middleware.
• Authentication and batch-creation endpoints are rate-limited to deter abuse.
• Sensitive secrets are encrypted at rest using Fernet symmetric encryption.
• The database and persistent storage are hosted on Railway with managed security and backups.
• Application secrets are managed via environment variables and never committed to source control.

8. Third-Party Services

We rely on the following processors. Each receives only the minimum data needed for its function:

• Anthropic — receives tokenized, PII-scrubbed essay text and rubric content for grading. Does not train on API inputs.
• Resend — sends transactional email (verification, password reset, optional batch notifications). Receives your email address and the message content we generate.
• Stripe — processes credit-pack purchases. Payment details are entered directly into Stripe and never touch our servers; we receive only a customer reference and purchase metadata.
• Sentry (when enabled) — receives exception traces for error monitoring. Configured to exclude student data from event payloads.
• Railway — hosts our application, database, queue, and persistent volume.

We do not sell, rent, or share your data — or your students' data — with advertisers or other third parties.

9. Your Rights

You can:

• Delete any assignment and all its associated student data at any time from within the app.
• Update your profile and email-notification preferences at /account.
• Request a copy of the data we hold about you by contacting us.
• Request account deletion by contacting us.

10. Contact

For privacy questions or data requests, please contact us at privacy@teachwithcolin.com.