Privacy Policy | The Learning Mate

Last Updated: December 10, 2025 | Version: 1.1

Important: Student Data Protection

The Learning Mate is designed for teachers to enhance their grading workflow. Teachers sign up individually and access student data through Google Classroom integration.

How We Handle Student Data:

Student data is treated as confidential
Data is used only for grading and educational features
Teachers control what data they sync and when
Student data is not used for advertising
Students can view their own grades and work

Note: Teachers use The Learning Mate independently. We encourage teachers to inform their schools about tools they use with student data.

For complete details, see Section 5: Student Records below.

Quick Summary

Who uses The Learning Mate: Teachers (primary users) and students (to view their grades)What we access: Google Classroom courses, rosters, assignments, submissions, and gradesWhy: To sync courses, manage students, and enable one-click grade passbackHow: Through Google OAuth 2.0 (you control what we access)Your control: Revoke access anytime through Google or The Learning MateSecurity: Regular security audits

1. Who Uses The Learning Mate

Teachers (Primary Users)

Sign up individually using their Google account
Free tier with usage limits, paid subscription for higher limits and further features
Connect their Google Classroom to import courses and sync data

Students

Can log in to view their own grades and graded work
Authenticate using Google account (email must match teacher's roster)
Can only access their own data, not other students' information

Parents

Do not have direct access to The Learning Mate
Can view student information through Google Classroom or school systems

2. What We Access Through Google OAuth

When you connect Google Classroom, we request access to:

2.1 Google Account

Data: Name, email
Purpose: Account identification and authentication

2.2 Google Classroom

Courses: Names, sections, descriptions, states
Rosters: Student names, emails, enrollment status
Coursework: Assignment titles, due dates, point values
Submissions: Student work, grades, submission states
Push Notifications: Real-time notifications when students submit work or roster changes occur (teachers receive these notifications, not students)

2.3 Google Drive (Limited Access)

Read: Download student submissions for grading (coursework files only)
Write: Upload graded PDFs to your Drive (we create files, you own them)
Scope: Only files attached to coursework - no access to your personal files

2.4 What We Cannot Access

Gmail, Calendar, Photos, or YouTube
Your Google Drive files unrelated to coursework
Other users' Google Classroom data
Your Google password or 2FA codes

2.5 Information We Collect About Teachers

Beyond Google Classroom data, we also collect:

Account Information:

Name, email (from Google)
Subject(s) taught

Usage Analytics:

Feature usage patterns
Time spent in application
Error logs and performance data

Payment Information (Paid Users Only):

Billing name and email
Payment method (processed securely through Stripe)
Transaction history and subscription status
We do NOT store credit card numbers (Stripe handles this)

Purpose: Analytics help us improve the product, understand which features are valuable, and provide better customer support. Usage data may be anonymized and aggregated for product improvement.

3. OAuth 2.0 Authorization

How It Works

You click "Connect Google Classroom" in The Learning Mate
Google's authorization page opens (not The Learning Mate's)
Google shows exactly what permissions we request
You click "Allow" to grant access
Google issues us an authorization token
We never see your password

Token Management

Access tokens: 1-hour lifespan, stored in memory only
Refresh tokens: Encrypted (AES-256), stored in database
Security: Tokens never exposed in URLs or logs
Deletion: Tokens deleted immediately when you disconnect

When We Access Your Data

You click "Import", "Sync", or "Return Grades"
You enable auto-sync features
Google sends us push notifications about changes
We do not continuously read Classroom data. We access it only when you trigger actions or when you enable auto-sync/push notifications for syncing updates.

4. How We Use Your Data

Core Features

Course Sync: Import courses from Google Classroom
Roster Management: Keep student lists up-to-date
Assignment Publishing: Publish exams to Google Classroom
Grade Passback: Return grades automatically (saves 85-90% time)
PDF Attachments: Attach graded assessments to submissions

How We Use Your Data

Grading Features: AI-assisted grading, automated feedback, rubric scoring
Course Management: Sync courses, rosters, and assignments
Grade Passback: Return grades directly to Google Classroom
Student Access: Allow students to view their own grades and work
Analytics: Improve our product based on usage patterns (anonymized)
Support: Troubleshoot issues and provide customer assistance

Data Usage Policy

We use Google Classroom data only for the educational features described above. We comply with Google API Services User Data Policy.

5. Student Records

What Are Student Records

Student Records include personal information about students collected through Google Classroom: names, emails, grades, coursework, and submissions.

How We Handle Student Records

Student data is treated as confidential
Used only for grading, feedback, and educational features
Not used for advertising or marketing
Not sold to third parties
Teachers control what data is synced and when

Who Can Access Student Records

The teacher who connected their Google Classroom (full access to their courses)
Students can view their own grades and graded work only
Service providers who help us operate (AWS for hosting, OpenAI for AI grading)
As required by law (court orders, legal obligations)

Data Isolation: Teachers cannot see each other's courses or students. Each teacher's data is separate.

How Long We Keep Student Records

While active: Data retained while you use The Learning Mate
After disconnection: We stop syncing new data; Retention is only for teacher-requested exports, academic records. No further processing occurs
To delete: Email support@thelearningmate.com with a deletion request

We retain previously synced data after disconnection solely to:

Preserve grading history
Allow teachers to export records
Meet academic record-keeping requirements

No new data is collected after disconnection. Request deletion separately if needed.

6. Data Security

Encryption

In transit: TLS 1.3 for all connections
At rest: AES-256 for sensitive data
Tokens: Encrypted separately with secure key management
Files: Server-side encryption in cloud storage

Access Controls

OAuth 2.0 token-based authentication
Role-based access control (RBAC)
Multi-factor authentication for staff
Principle of least privilege

Infrastructure Security

AWS security best practices (VPC, security groups)
Regular security updates
Intrusion detection systems
DDoS protection
Automated encrypted backups

Monitoring

Security monitoring and alerts
Comprehensive audit logs
Failed login tracking
Regular security audits and penetration testing

7. Data Retention


*Data Type*	*Active Use*	*After Disconnect*	*After Deletion Request*
OAuth tokens	Encrypted in database	Deleted immediately	Deleted immediately
Course data	Retained	Retained (sync stopped)	Deleted upon request
Student rosters	Retained	Retained (sync stopped)	Deleted upon request
Submissions	Retained	Retained (sync stopped)	Deleted upon request
Graded PDFs	Retained	Retained (sync stopped)	Deleted upon request
Usage analytics	Retained	Retained (anonymized)	Anonymized
De-identified data	Retained only as long as necessary for educational analytics, and periodically reviewed for continued necessity.	Retained only as long as necessary for educational analytics, and periodically reviewed for continued necessity.	Deletion requests apply to personal data; de-identified data cannot be linked back to an individual.

Key Points:

OAuth tokens: Deleted immediately when you disconnect (we can no longer access your Google Classroom)
Synced data: Remains in our database after disconnection; we stop fetching new data but retain what was already synced
Inactive connections: OAuth tokens automatically expire after 180 days of inactivity
Full deletion: To delete all your data from The Learning Mate, email support@thelearningmate.com with a deletion request

8. Third-Party Service Providers

We share limited data with trusted service providers:


*Provider*	*Purpose*	*Data Shared*	*Safeguards*
AWS	Hosting, storage, computing	Course data, submissions, all application data	SOC 2 certified, encryption at rest/transit, DPA
OpenAI	AI grading assistance	Question text and student answers	_OpenAI processes data only to provide AI grading functionality.__Student data is never used to train AI models._Data retention is minimized according to OpenAI’s enterprise and API data handling policies.
Google OAuth	Authentication	Email, name, OAuth tokens	Industry standard OAuth 2.0 protocol
Stripe	Payment processing (paid users)	Billing name, email, payment method	PCI DSS compliant, tokenized payments

All providers:

Sign Data Processing Agreements (DPAs)
Use data only for specified purposes
Cannot use data for their own purposes
Maintain security standards
Undergo regular audits

9. Your Rights and Controls

Disconnect Google Classroom

Option 1: Through The Learning Mate

Dashboard → Integrations → Disconnect Google Classroom

Option 2: Through Google

Visit https://myaccount.google.com/permissions
Remove "The Learning Mate"

What happens when you disconnect:

OAuth tokens deleted immediately (we can no longer access your Google Classroom)
We stop syncing new data from Google Classroom
Existing data in The Learning Mate remains (courses, rosters, grades, submissions)
To delete existing data, use "Delete Your Data" option below

Access Your Data

Email support@thelearningmate.com with "Data Access Request"
Response within 30 days with portable copy (JSON/CSV/PDF)

Modify Your Data

Dashboard → Account Settings (self-service)
Or email support@thelearningmate.com for assistance

Delete Your Data

To request full data deletion:

Email support@thelearningmate.com with subject "Data Deletion Request"
Include your account email and specify what you want deleted
We will process deletion requests and confirm completion

What gets deleted:

Your account information
All course and roster data synced from Google Classroom
Student submissions and graded work
OAuth tokens (if still connected)

What may be retained:

De-identified analytics data (contains no personal information)
Anonymized usage statistics
Data required by law or for accounting purposes

Communication Preferences

Unsubscribe link in promotional emails
Dashboard → Settings → Email Preferences
Cannot opt-out of critical security/service notifications

10. OAuth Scopes Explained

Why We Need Each Permission

Identity Scopes (openid, email, profile)

Authenticate you and link Google data to your The Learning Mate account

Courses (classroom.courses, classroom.courses.readonly)

Import courses and publish assignments to Google Classroom

Coursework (classroom.coursework.students, classroom.coursework.students.readonly)

Create exam assignments and sync metadata

Submissions (classroom.student-submissions.students.readonly)

Download student work for grading and return grades

Rosters (classroom.rosters, classroom.rosters.readonly)

Sync student lists automatically

Emails (classroom.profile.emails) Sensitive

Match students to their work (names alone insufficient due to duplicates)

Push Notifications (classroom.push-notifications)

Real-time sync when students join/leave or assignments change

Google Drive (drive.file, drive.readonly) Sensitive

drive.file: Upload graded PDFs to your Drive
drive.readonly: Download student submissions for grading

Why both read and write scopes?

Read scopes = safe verification (check before modifying)
Write scopes = necessary changes only
Principle of least privilege

11. De-identified Data

Definition

Data with all personal identifiers removed, aggregated across 10+ individuals, cannot reasonably identify anyone.

How We Use It

Improve grading algorithms and features
Educational research and analytics
Display aggregate statistics ("Average scores improved 12%")
Peer benchmarking for schools (anonymized)

Protection Standards

Minimum 10 individuals per aggregate
Cannot be reverse-engineered
Separate from personal data systems
No re-identification attempts

12. Children's Privacy

How We Handle Children's Data

The Learning Mate is designed for teachers to use with their students
Students under 13 may use The Learning Mate under teacher supervision
Student data is used only for educational features (grading, feedback)
Student data is not used for advertising

Parents and Guardians

Parents can:

Request to review their child's information
Request corrections to inaccurate data
Request deletion of their child's data
Contact the teacher or email support@thelearningmate.com

Age Restrictions

Primary users are teachers (18+)
Students of any age can view their grades if teacher enables this
Students should use The Learning Mate under teacher/school supervision

The Learning Mate acts as a data processor on behalf of teachers and schools.

Requests from parents or guardians may be redirected to the relevant teacher or school administrator for authorization.

13. International Data Transfers

Where Data Is Stored

Primary location: Europe (AWS servers in Europe West region)
Google services: Various locations based on your Google Workspace configuration

Data Protection

All data encrypted in transit and at rest
Service providers maintain security standards
Data Processing Agreements with third-party providers

14. Business Transfers

If The Learning Mate is acquired, merges, or sells assets:

We'll notify you before any data transfers
New owner must honor this privacy policy OR
You can request data deletion before the transfer
Minimum 30 days' notice

15. Legal Disclosures

We may disclose data when required to:

Comply with laws, court orders, or subpoenas
Protect our rights and property
Prevent fraud or security threats
Protect safety of users or the public

16. Changes to This Policy

How We Notify You

Email (30 days advance notice for material changes)
Dashboard banner notification
In-app alert on next login

Material Changes

For significant changes to how we handle student data:

30 days' advance notice via email
Option to disconnect or delete data before changes take effect
Continued use after changes means acceptance

Your Options

Continue using (acceptance)
Disconnect before changes take effect
Request data deletion

17. Contact Information

General Support & Privacy Inquiries: support@thelearningmate.com

Company: The Learning Mate Website: www.thelearningmate.com

Response Time: 2-3 business days for general inquiries, 30 days for formal data access/deletion requests

18. Security & Verification

Current Status

Google OAuth Verification: Undergoing review
Security audits: Ongoing

Documentation Available

Upon request, we can provide:

This privacy policy and any amendments
List of third-party service providers
Security overview documentation

Email support@thelearningmate.com for documentation requests

19. Key Takeaways


*What*	*Details*
*Access Method*	OAuth 2.0 (you control permissions)
*Data Usage*	Educational features only
*Security*	AES-256 encryption, regular audits
*Retention*	Retained until deletion requested
*Student Data*	Treated as confidential, not used for ads
*Your Control*	Disconnect anytime, request deletion anytime
*Transparency*	Clear about data use, 30-day notice for changes
*Time Savings*	85-90% reduction in grading admin work

Additional Resources

Google API User Data Policy: https://developers.google.com/terms/api-services-user-data-policy
Google Classroom Privacy: https://support.google.com/edu/classroom/answer/6149258
Google Privacy Policy: https://policies.google.com/privacy

By connecting your Google Classroom account to The Learning Mate, you acknowledge that you have read and understood this Privacy Policy.

Last Updated: December 10, 2025 | Version 1.1

For questions: support@thelearningmate.com