Privacy policy

Last updated: 2026-04-22

1. Provider details

This Privacy Policy explains how TeachersFlow handles personal data when you use teachersflow.com and app.teachersflow.com(together, the "Service").

  • Provider: Jan Maxa
  • IČO (Business ID): 24495689
  • Address: Renoirova 652/16, 152 00 Prague 5, Czech Republic
  • Email: info@teachersflow.com

For account data, billing data, website analytics, and our own service operations, we act as the controller. For student data and school content entered by teachers or organizations, we usually act as a processor on behalf of the teacher, school, or organization.

2. Data we collect

Depending on how you use TeachersFlow, we may process:

  • Account data: name, email, password hash, verification status, account type, organization name, linked teacher emails, Google sign-in ID, profile picture, and session information.
  • Billing and plan data: plan type, usage counters, subscription status, Stripe customer and subscription identifiers, invoices, organization limits, teacher seats, student slots, and shared AI request pool usage.
  • Teaching and student data: classes, groups, subjects, student names, grades, assessments, activity results, notes, teaching goals, and progress records you choose to enter.
  • Content and files: prompts, chat messages, lesson plans, assessments, teaching materials, document content, uploaded DOCX files, PDFs, activity submissions, test photos, question photos, support and feedback messages, and generated outputs.
  • Google Docs data: OAuth tokens, document IDs, document names, URLs, extracted text, word counts, and related metadata when you connect Google Docs.
  • Student portal data: access tokens, expiry dates, student names, group information, shared materials, and the email address you provide if you ask us to send a student portal link.
  • Flowee data: Flowee conversations, tool actions, saved memory notes, personalization settings, and tool-consent preferences.
  • Technical data: cookies, local storage preferences, IP address, device/browser information, logs, rate-limit data, error data, security events, and analytics events.

3. How we use data

  • Provide and improve the Service, including AI-assisted lesson planning, assessment generation, test grading, activities, teaching materials, student portals, and Flowee.
  • Store, display, share, edit, download, and delete content according to your account settings and feature choices.
  • Process payments, subscriptions, invoices, plan limits, refunds, and account deletion requests.
  • Send transactional emails such as verification codes, password reset messages, billing notices, student portal links, and deletion reminders.
  • Protect the Service, respond to support or feedback, prevent abuse, troubleshoot problems, measure usage, and maintain reliability.
  • Comply with legal, accounting, tax, security, and dispute-resolution obligations.

AI features send the relevant text, files, images, settings, student context, and instructions to our AI provider so the requested output can be generated. Teachers are responsible for reviewing AI output before using it with students or in official grading.

4. Legal bases

  • Contract: to create accounts, provide features, store content, enforce limits, and manage subscriptions.
  • Consent: for optional analytics or marketing cookies where consent is required.
  • Legitimate interest: for security, abuse prevention, service diagnostics, fraud prevention, and basic business operations.
  • Legal obligation: for records we must keep, such as tax, accounting, billing, and compliance records.

If you enter student data or other third-party personal data into TeachersFlow, you are responsible for having the required notices, permissions, and legal basis for doing so.

5. Cookies and analytics

We use necessary cookies and local storage to run the Service, remember preferences, and keep users signed in. We also use Google Analytics / Google Tag to understand usage and, where enabled, advertising-related measurement.

In regions where consent is required, Google Consent Mode starts with analytics and advertising storage denied by default and is updated based on your cookie choice. You can also limit tracking through browser settings, content blockers, and Google controls.

If you use browser speech-to-text features, speech recognition may be handled by your browser or device provider. TeachersFlow receives the resulting text you choose to insert into the Service.

6. Sharing and subprocessors

We do not sell personal data. We share data with service providers needed to operate TeachersFlow:

  • Google Cloud and Google Cloud Storage: hosting, infrastructure, file storage, and security.
  • Google Gemini / Google AI: AI text, image, and embedding processing for AI-assisted features.
  • Google: Google sign-in, Google Docs/Drive access, Google Analytics, Google Tag, Google Fonts, and related browser-delivered services.
  • MongoDB Atlas: database hosting, storage, and vector search.
  • Stripe: payments, subscriptions, invoices, billing portal, and related fraud prevention.
  • Mailgun: transactional email delivery.
  • Content delivery providers: delivery of browser-loaded libraries such as MathJax, where used.

We may also disclose data if required by law, to protect users or the Service, to enforce our terms, or as part of a merger, acquisition, financing, or sale of business assets.

7. International transfers

Some providers may process data outside the European Economic Area, including in the United States. Where required, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, and vendor data protection terms.

8. Student data and student portals

TeachersFlow is designed for teachers and educational organizations. Students normally access the Service only through teacher-created activity links or student portal links. A student portal token may allow anyone with the valid link or token to view that student's portal until it expires or is revoked, so teachers must share links only with authorized students, parents, or guardians.

We do not knowingly use student data for behavioral advertising. Teachers and organizations are responsible for deciding what student data is entered, shared, edited, retained, or deleted.

9. Retention and deletion

We generally keep account data and user content while the account is active or as needed to provide the Service. Some billing, tax, security, backup, and dispute records may be kept longer where required or permitted by law.

Account deletion is scheduled from within the application. The current deletion flow uses a 30-day grace period and sends a reminder about 7 days before deletion. During the grace period you may cancel deletion. After deletion is completed, we remove or de-identify account content from primary systems where reasonably possible, except for data we must keep, data retained in backups for a limited period, security logs, billing records, support records, and records needed for legal, tax, accounting, fraud-prevention, or dispute-resolution purposes.

10. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. To exercise rights, contact info@teachersflow.com.

If you are in the EU/EEA, you may lodge a complaint with your local supervisory authority. In the Czech Republic, this is the Office for Personal Data Protection (UOOU), www.uoou.cz.

11. Security

We use reasonable technical and organizational measures, including HTTPS in production, password hashing, encrypted Google OAuth tokens, access controls, rate limits, secure cookies, and vendor security controls. No internet service can be guaranteed completely secure, error-free, or protected against every possible loss or outage.

12. Changes

We may update this Privacy Policy from time to time. The updated version will be posted here with a new last updated date.

13. Contact

Questions about privacy can be sent to info@teachersflow.com.