Privacy policy

Last updated: 2026-03-08

1. Introduction

This Privacy Policy explains how TeachersFlow collects, uses, and shares personal data when you use our public website (www.teachersflow.com) and our application (app.teachersflow.com) (together, the “Service”).

2. Controller (who is responsible for your data)

The data controller is:

  • Legal name: Jan Maxa
  • ID No. (IČ): 24495689
  • Business address: Renoirova 652/16, 152 00 Prague 5, Czech Republic
  • Contact email: info@teachersflow.com

3. What we collect

Depending on how you use the Service, we may process the following categories of data:

  • Account data: name, email, password (if you sign up with email/password), verification status, account type (individual teacher, organization administrator, or organization teacher), organization name and website (for org admins and org teachers)
  • Usage and plan data: plan type, usage counters (e.g., requests used/limit, activities used/limit), subscription status and related identifiers; for organization accounts: shared AI request pool usage (requests used and limit at the organization level), teacher seats, student slots, and billing cycle information
  • Organization management data (org admins only): list of teacher email addresses linked to the organization, organization limits (students, teachers, AI requests), pending limit change configurations
  • Educational content you provide: prompts, context text, chat messages, generated content, teaching goals
  • Student-related data you input: student names and educational records you store (assessments/grades/notes)
  • Files you upload/connect: training documents (e.g., DOCX, connected Google Docs), activity submission PDFs
  • Images you upload: photos you upload or capture for image-based features (for example, grading assistance); and, if you save results, related images stored for later viewing/downloading
  • Technical data: basic logs and technical identifiers needed to operate and secure the Service; for org teacher accounts, each authenticated request also verifies active organization linkage and subscription status

4. How we use data

  • Provide the Service (including AI-assisted features)
  • Store and display your saved content (including any saved images you choose to keep in the Service)
  • Operate and secure the Service (abuse prevention, troubleshooting, reliability)
  • Enforce plan limits and show usage statistics
  • Process payments and manage subscriptions via Stripe
  • Send transactional emails (e.g., verification codes and password reset)

5. Legal basis for processing

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases to process your personal data:

  • Performance of a contract (Art. 6(1)(b) GDPR): We process your account data, educational content, uploaded files and images, student data you enter, and usage/plan data as necessary to provide, operate, and maintain the Service you signed up for — including AI-assisted features, content generation, activity hosting, and subscription management.
  • Consent (Art. 6(1)(a) GDPR): Where we use analytics or marketing cookies on the public website (www.teachersflow.com), we rely on your consent obtained through our cookie consent banner. You may withdraw consent at any time by adjusting your cookie preferences.
  • Legitimate interest (Art. 6(1)(f) GDPR): We process technical data (such as logs and basic identifiers) for the purposes of securing the Service, preventing abuse, troubleshooting, and ensuring reliability. Our legitimate interest is maintaining a safe and functional service for all users.
  • Legal obligation (Art. 6(1)(c) GDPR): We may retain certain data (such as billing and transaction records) where required by applicable law, for example for tax and accounting purposes.

Where you input personal data of third parties (such as student data) into the Service, you act as the data controller for that data and are responsible for having a valid legal basis for its processing. We process it on your behalf under our contractual relationship with you.

6. Cookies, analytics, and advertising

Public website (www.teachersflow.com): We use a cookie consent banner on the public website that lets you choose whether to allow analytics and marketing cookies (where applicable).

Application (app.teachersflow.com): The logged-in application loads Google Tag/Google Analytics and configures Google Consent Mode with analytics and ad storage set to grantedby default. This means analytics/advertising-related storage may be enabled when you use the application. You can limit tracking using browser settings, content blockers, or Google controls, but some functionality may be affected.

7. Sharing and subprocessors

We share data with service providers (“processors”) to operate the Service. Key providers include:

  • Google Cloud: cloud hosting/infrastructure for running the Service
  • OpenAI: processes content you submit to AI-powered features (text and/or images, depending on the feature)
  • Google: authentication and document access (where enabled); analytics/ads tags (Google Tag/Google Analytics); and email delivery via Gmail SMTP (for verification/password reset)
  • Stripe: payments and subscription management
  • MongoDB Atlas: database hosting/storage and vector search for personalization features
  • Third-party content delivery (e.g., Google Fonts, jsDelivr): your browser may download fonts/libraries from these providers when loading pages (which may reveal your IP address and device information to them)

We may also share data if required by law, to protect our rights and users, or in connection with a business transaction (e.g., merger or acquisition).

8. International transfers

The Service is available worldwide. Some of our providers (such as OpenAI, Google, Stripe, and MongoDB Atlas) process data outside the European Economic Area (EEA), primarily in the United States.

Where we transfer personal data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • The country has been deemed to provide an adequate level of protection for personal data by the European Commission.
  • We use specific Standard Contractual Clauses (SCCs) approved by the European Commission which give personal data the same protection it has in Europe.

9. Retention and deletion

We generally retain your account data and content for as long as your account is active. You can delete your account from within the application. When you delete your account, we delete data associated with your account from our primary systems (including saved images you stored in the Service) except where retention is required or permitted by law (for example, for accounting, dispute resolution, or security).

10. Your rights

Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data, and to object or request portability where applicable. To exercise your rights, contact us at info@teachersflow.com.

If you are located in the EU/EEA, you also have the right to lodge a complaint with your local supervisory authority. In the Czech Republic, the supervisory authority is the Úřad pro ochranu osobních údajů (ÚOOÚ),www.uoou.cz.

11. Security

We use reasonable technical and organizational measures to protect data. However, no system is perfectly secure, and we cannot guarantee absolute security.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with an updated “Last updated” date.

13. Contact

If you have questions about this Privacy Policy, contact us at info@teachersflow.com.