Privacy Policy

Last Updated: June 11, 2026

The short version: Lesson Lasso is a toolkit for teachers. Teachers create accounts; students never do. Student responses in live classroom activities exist only in temporary server memory and disappear when the session ends. We don't sell data, we don't run advertising or analytics trackers, and you can delete your account (and everything we hold about you) yourself at any time.

1. Who We Are

Lesson Lasso ("we," "us," or "our") provides a website of classroom tools for teachers at www.lesson-lasso.com (the "Service"). This Privacy Policy describes, in plain language, what information we actually collect, how we use it, and how you can delete it.

2. Information We Collect

2.1 Teacher Account Data

When you create an account we collect your email address, username, full name, and a password. Passwords are stored only as bcrypt hashes — we never store or see your plain-text password. We also store your subscription tier, AI credit balance, and a log of which AI tools you have used (for credit accounting). This data lives in our PostgreSQL database.

2.2 Payment Data

Payments are processed by Stripe. Your card details go directly to Stripe; we never receive or store card numbers. We store Stripe customer and subscription identifiers and a payment history (amount, currency, status) so we can manage your subscription.

2.3 Transactional Email

We send account- and subscription-related emails (for example, payment notifications) through SendGrid, which processes your email address for that purpose. We do not run marketing email campaigns.

2.4 Technical Information

Like virtually all websites, our server and hosting provider may record IP addresses and request details in routine server logs for security and debugging. We do not use analytics or advertising trackers of any kind.

3. Student Data

Students never have accounts on Lesson Lasso. Students only interact with the Service through temporary join pages for live classroom activities (Polls, Discussion Board, Brainstorm Cloud) and through writing a teacher submits for AI feedback.

Live classroom activities: Students join with a short room code and may optionally enter a first name. Their votes, responses, and ideas are held only in the server's temporary memory — they are never written to a database, and they are permanently gone when the session ends or the server restarts.
Student writing (Drafting Feedback): A teacher may submit student writing to receive AI-generated feedback. The text is sent to OpenAI to generate the feedback and is processed transiently; uploaded files are deleted from our server after their text is extracted. We do not keep a copy of the writing or the feedback.
We do not sell student (or any) data, and we do not use student data for advertising.

4. AI Processing

Our AI tools send the content you submit (prompts, source text, student writing for feedback) to third-party AI providers — Google Gemini and OpenAI — to generate the output you requested. Under those providers' API terms, data submitted through their APIs is not used to train their models. We do not train any AI models ourselves.

5. How We Use and Share Information

We use the information above only to operate the Service: maintaining your account, providing the tools, managing subscriptions and credits, and responding to support requests. We do not sell, rent, or trade personal information. We share it only with the service providers named in this policy (Stripe, SendGrid, Google Gemini, OpenAI, and our hosting provider), or if required by law, or as part of a business transfer (in which case we would notify you).

6. Cookies

We use a single session cookie to keep you logged in. That's it — no analytics cookies, no advertising cookies, no third-party trackers. If you block cookies you can still use the free tools, but you won't be able to stay logged in.

7. Data Retention

Account data: retained while your account exists. When you delete your account, your user record, subscription, payment history, and credit usage records are removed from our database immediately.
Live classroom session data: exists only in server memory and disappears when the session ends or the server restarts.
Payment records at Stripe: Stripe retains transaction records under its own policies and legal obligations.

8. Deleting Your Account

You can delete your account and the data we hold about you at any time:

In the product: log in, open the Tools page, and use the "Delete account" link in the header (you'll be asked to confirm your password).
By email: contact us at support@lesson-lasso.com from your account email address and we will delete your account for you.

You can also email us to request access to, or correction of, the information we hold about you.

9. Children's Privacy

Lesson Lasso accounts are for teachers and other adults — we do not knowingly allow children to create accounts. Students interact with the Service only through the ephemeral, account-free join pages described in Section 3; any first name a student chooses to enter exists only in temporary server memory and is never stored. If you believe a child has created an account, contact us at support@lesson-lasso.com and we will delete it.

10. Security

Passwords are hashed with bcrypt, connections to the Service are encrypted in transit (HTTPS), and access to our database is restricted. No internet service can guarantee absolute security, but we work to protect the limited data we hold — and our best protection is that we deliberately collect very little.

11. Changes to This Privacy Policy

If we change our practices, we will update this policy and the "Last Updated" date at the top of this page. For material changes affecting account holders, we will also notify you by email.

12. Contact Us

For any privacy question, concern, or request:

Email: support@lesson-lasso.com
Website: www.lesson-lasso.com

Last Updated: June 11, 2026
This Privacy Policy is effective as of the date listed above.