Privacy Policy

Last Updated: October 16, 2025

Your Privacy Matters: At Lesson Lasso, we are committed to protecting the privacy of educators, students, and all users of our platform. This Privacy Policy explains how we collect, use, protect, and share your information, with special emphasis on student data protection and educational privacy laws.

1. Introduction

Welcome to Lesson Lasso. This Privacy Policy describes how Lesson Lasso ("we," "us," or "our") collects, uses, and shares information about you when you use our website, applications, and services (collectively, the "Service").

We comply with applicable privacy laws and regulations, including:

Family Educational Rights and Privacy Act (FERPA)
Children's Online Privacy Protection Act (COPPA)
General Data Protection Regulation (GDPR) for users in the European Union
California Consumer Privacy Act (CCPA) for California residents
Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs) for Australian users
State-specific student data privacy laws

2. Information We Collect

2.1 Information You Provide to Us

We collect information you provide directly when you:

Activity	Information Collected
Create an account	Name, email address, password, school/institution name, grade level, subject area
Use our tools	Lesson plans, educational content, classroom activities you create or generate
Contact us	Name, email, message content, support requests
Subscribe to services	Billing information, payment details (processed by third-party payment processors)
Participate in surveys	Feedback, opinions, demographic information (voluntary)

2.2 Information We Collect Automatically

When you use our Service, we automatically collect certain information, including:

Usage Information: Pages viewed, features used, time spent on the Service, clickstream data
Device Information: Browser type, operating system, device type, IP address
Location Information: General geographic location based on IP address (not precise location)
Cookies and Similar Technologies: Session data, preferences, authentication tokens

2.3 Student Data

Important: We do NOT require or collect personal information from students. Educators may use our Service to create content for students, but we do not directly collect, store, or process student personal information unless explicitly authorized by the educational institution.

If educators choose to use our Service with students:

We act as a service provider to the educational institution
We only collect student data as directed by the educator or institution
Student data is used solely to provide the requested educational services
We do not use student data for advertising or marketing purposes
We maintain appropriate security measures to protect student data

3. How We Use Your Information

We use the information we collect to:

3.1 Provide and Improve Our Service

Create and maintain user accounts
Process transactions and deliver requested services
Generate educational content using AI tools
Personalize your experience and provide relevant recommendations
Analyse usage patterns to improve features and functionality
Develop new tools and resources for educators

3.2 Communicate with You

Send service-related announcements and updates
Respond to your inquiries and support requests
Send newsletters and educational resources (with your consent)
Notify you about new features and improvements
Request feedback and conduct surveys

3.3 Ensure Security and Legal Compliance

Detect, prevent, and address fraud and security issues
Enforce our Terms of Service
Comply with legal obligations and respond to lawful requests
Protect the rights and safety of our users and the public

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, such as:

Cloud hosting and storage providers
Payment processing services
Email and communication platforms
Analytics and performance monitoring tools
AI and machine learning service providers

These service providers are contractually obligated to protect your information and use it only for specified purposes.

4.2 Legal Requirements

We may disclose information if required to do so by law or in response to:

Valid legal process (subpoenas, court orders)
Government or regulatory requests
Enforcement of our Terms of Service
Protection of our rights, property, or safety, or that of our users

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and provide options regarding your information.

4.4 With Your Consent

We may share information for other purposes with your explicit consent or at your direction.

5. Student Data Privacy

5.1 FERPA Compliance

For K-12 educational institutions subject to FERPA, we act as a "school official" with legitimate educational interests. We:

Use student data only for authorized educational purposes
Do not share student data with third parties without consent (except as required by law)
Maintain appropriate security and confidentiality measures
Allow schools to review and correct student data

5.2 COPPA Compliance

Our Service is designed for use by educators, not directly by children under 13. If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly.

Educational institutions using our Service with students under 13 are responsible for obtaining necessary parental consent and may provide consent on behalf of parents as permitted by COPPA.

5.3 Student Data Rights

Educational institutions and parents have the right to:

Review student data in our possession
Request correction of inaccurate data
Request deletion of student data
Receive information about how student data is used
Opt out of certain data collection or uses (where applicable)

6. Data Security

We implement industry-standard security measures to protect your information, including:

Encryption: Data transmitted over the internet is encrypted using SSL/TLS protocols
Access Controls: Strict access controls and authentication requirements for our systems
Regular Audits: Periodic security assessments and vulnerability testing
Employee Training: Regular privacy and security training for all personnel
Data Minimization: We collect only the information necessary to provide our Service
Secure Storage: Data is stored on secure servers with backup and disaster recovery procedures

Important: While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using industry best practices.

7. Data Retention

We retain your information for as long as necessary to:

Provide our Service to you
Comply with legal obligations
Resolve disputes and enforce agreements
Maintain business records as required by law

7.1 Account Data

Active account data is retained while your account is active
When you delete your account, we delete or anonymize your personal information within 90 days
Some information may be retained in backup systems for up to 180 days

7.2 Student Data

Student data is deleted within 30 days of a deletion request from the school or parent
Schools may request bulk deletion of student data at the end of each school year
We do not retain student data longer than necessary for educational purposes

8. Your Rights and Choices

8.1 Access and Correction

You have the right to:

Access your personal information
Update or correct inaccurate information
Request a copy of your data in a portable format

You can access and update most information through your account settings.

8.2 Deletion

You may request deletion of your account and personal information by:

Using the account deletion feature in account settings
Contacting us at privacy@lesson-lasso.com

We will process deletion requests within 30 days, subject to legal retention requirements.

8.3 Marketing Communications

You can opt out of marketing emails by:

Clicking "unsubscribe" in any marketing email
Updating email preferences in account settings
Contacting us directly

Note: You will still receive essential service-related communications even if you opt out of marketing.

8.4 Cookies and Tracking

You can control cookies through your browser settings. Options include:

Blocking all cookies
Accepting only first-party cookies
Receiving notifications before cookies are set
Deleting existing cookies

Note: Blocking cookies may limit functionality of our Service.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your country.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

Standard contractual clauses approved by relevant authorities
Adequacy decisions by data protection authorities
Certification under recognized privacy frameworks

10. Children's Privacy

Our Service is intended for use by educators and adults. We do not knowingly collect personal information from children under 13 except:

When authorized by a school acting as the parent's agent under COPPA
When an educator uses our Service to create content for students (without collecting student personal information)

If we learn that we have collected personal information from a child under 13 without proper authorization, we will delete that information immediately.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

11.1 Right to Know

You have the right to request information about:

Categories of personal information we collect
Sources of personal information
Purposes for collecting or selling personal information
Categories of third parties with whom we share information
Specific pieces of personal information we have about you

11.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

11.3 Right to Opt-Out

We do not sell personal information. If our practices change, we will update this policy and provide opt-out mechanisms.

11.4 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

11.5 Exercising Your Rights

To exercise your California privacy rights, contact us at privacy@lesson-lasso.com or use the contact information below.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

12.1 Legal Basis for Processing

We process your data based on:

Contract: To provide services you have requested
Legitimate Interests: To improve our Service and ensure security
Consent: For marketing communications and optional features
Legal Obligation: To comply with applicable laws

12.2 Your GDPR Rights

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

13. Australian Privacy Rights

If you are in Australia, you have rights under the Privacy Act 1988 and the Australian Privacy Principles (APPs):

13.1 Your Australian Privacy Rights

Right to Access: You can request access to your personal information we hold
Right to Correction: You can request correction of inaccurate or out-of-date personal information
Right to Know: You can request information about how we collect, use, and disclose your personal information
Right to Complain: You can lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC)

13.2 Cross-Border Data Disclosure

We may disclose personal information to overseas recipients, including service providers located in the United States and other countries. When we do so, we take reasonable steps to ensure that overseas recipients comply with the APPs or are subject to a law or binding scheme substantially similar to the APPs.

13.3 Direct Marketing

We may use your personal information for direct marketing purposes. You have the right to opt out of receiving marketing communications at any time by:

Using the unsubscribe link in our emails
Updating your preferences in account settings
Contacting us at privacy@lesson-lasso.com

13.4 Making a Complaint

If you have concerns about how we handle your personal information, please contact us first at privacy@lesson-lasso.com. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

14. Third-Party Services and Links

Our Service may contain links to third-party websites, applications, or services not operated by us. We are not responsible for the privacy practices of third parties.

We encourage you to review the privacy policies of any third-party services before providing them with information.

14.1 Third-Party Services We Use

Analytics: Google Analytics (with IP anonymization)
Hosting: Cloud hosting providers with data processing agreements
Payment Processing: Stripe, PayPal (they have their own privacy policies)
AI Services: OpenAI, Google Gemini (for content generation with data processing agreements)

14. AI and Automated Processing

We use artificial intelligence and machine learning to:

Generate educational content and lesson plans
Provide personalized recommendations
Improve our Service and user experience

14.1 How AI Processes Your Data

AI tools process prompts and inputs you provide to generate content
We do not train AI models on student data
Personal information is not used to train third-party AI models without your consent
You can request human review of AI-generated decisions that significantly affect you

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Posting the updated policy on our website
Updating the "Last Updated" date
Sending email notification to registered users (for material changes)
Obtaining new consent where required by law

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

16. Contact Us

For privacy-related questions, concerns, or requests, please contact us:

Privacy Contact: privacy@lesson-lasso.com
Data Protection Officer: dpo@lesson-lasso.com
General Inquiries: support@lesson-lasso.com
Website: www.lesson-lasso.com
Response Time: We aim to respond to all privacy inquiries within 48 hours

For Student Data or FERPA/COPPA Inquiries:
Email: studentprivacy@lesson-lasso.com
Educational institutions should contact us directly for data processing agreements and student data handling procedures.

17. Acknowledgment and Consent

BY USING OUR SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND SHARING OF YOUR INFORMATION AS DESCRIBED HEREIN.

Last Updated: October 16, 2025
This Privacy Policy is effective as of the date listed above.