Privacy Policy

Lecturly (“we”, “us”, “our”) operates the AI teaching assistant available at lecturly.app. This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, how we protect it, and your rights regarding that data.

This policy applies to all users of Lecturly, including users who sign in via Google OAuth.

Account information: Your name, email address, and password (hashed) when you register directly.

Google user data: If you choose to sign in with Google, we receive only your name and email address from Google. We do not request or receive any other Google account data, Google Drive files, Gmail content, calendar data, or any other Google service data.

Profile information: Subject taught, grade level, and school name — all optional, provided during or after signup.

Usage data: The inputs you submit to AI tools (e.g. lesson topics, grade levels, student context) and the outputs generated. This data is stored in your library and used to power the Service.

Referral data: If you use a referral code or refer others, we record the referral relationship to award bonus generations.

Testimonials: If you voluntarily submit a testimonial, we store your quote, name, role, and school. These are only displayed publicly if you provide explicit consent and an admin approves your submission.

Analytics data: Pages visited, features used, and events such as tool opens, generations, and shares. Collected pseudonymously via PostHog and Vercel Analytics.

The name and email address we receive from Google are used solely to:

• Create and identify your Lecturly account.
• Display your name within the application interface.
• Send transactional emails related to your account (e.g. usage limit notifications, account updates).
• Add you to our educator mailing list via MailerLite so we can send product updates and tips. You can unsubscribe at any time.

We do notuse Google user data for advertising, profiling, or any purpose unrelated to providing or improving Lecturly's functionality. We do not sell, rent, or trade Google user data to any third party.

• To provide, personalise, and improve the Service.
• To generate AI content tailored to your classroom context.
• To track usage against your monthly generation limit.
• To send product updates, tips, and re-engagement emails (opt-out available at any time).
• To detect abuse and enforce our Terms of Service.
• To analyse aggregate, anonymised usage patterns and improve the product.

We do not sell, rent, or trade your personal data — including any Google user data — to third parties.

We share data only with the following service providers, strictly to operate and improve the Service:

• Supabase— database, authentication, and storage. Your account and generation data is stored in Supabase's hosted Postgres database.
• Google Gemini (Generative AI API) — your tool inputs (lesson topics, context you provide) are sent to Google Gemini to generate content. This does not include your Google account data. Google processes this under their API Terms of Service.
• MailerLite — your name and email are shared with MailerLite to send you product-related emails. MailerLite acts as a data processor under our instructions. You can unsubscribe at any time via any email we send.
• PostHog — receives pseudonymous usage events (feature interactions, generation counts). No Google account data or raw generation content is sent to PostHog.
• Vercel — hosts and deploys the application. Page-level analytics (page views, performance) are collected anonymously. No personally identifiable information is included.

No Google user data is transferred to any of these third parties except as described above (name and email to MailerLite for service-related communications, and only under your implied consent at sign-up). We do not transfer Google user data to third parties for advertising, resale, or any purpose beyond providing the Service.

We implement the following measures to protect your data, including Google user data:

• Encryption in transit: All data is transmitted over HTTPS/TLS.
• Encryption at rest: Data stored in Supabase is encrypted at rest.
• Hashed passwords: Passwords are never stored in plain text.
• Row-level security: Database access controls ensure users can only access their own data.
• Minimal scope: We request only the minimum Google OAuth scopes necessary (name and email).
• Access controls: Only authorised personnel have access to production systems.

No system is perfectly secure. We cannot guarantee absolute security and are not liable for unauthorised access beyond our reasonable control. In the event of a data breach affecting your personal data, we will notify affected users as required by applicable law.

We retain your personal data, including Google user data (name and email), for as long as your account is active.

If you request account deletion, we will permanently delete your personal data — including your name, email, profile, and generation history — within 30 days. You can request deletion by emailing support@lecturly.app.

Aggregated, anonymised analytics data (with no personally identifiable information) may be retained indefinitely for product improvement purposes.

Data shared with MailerLite will be removed from our mailing lists upon account deletion or upon your request.

Lecturly uses cookies and local storage for session management (Supabase auth tokens) and to persist referral codes across OAuth redirects. PostHog and Vercel Analytics may set anonymous tracking cookies. You can disable cookies in your browser settings, though this may affect functionality.

Depending on your location, you may have the right to:

• Access a copy of the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and all associated data.
• Opt out of marketing emails at any time via the unsubscribe link in any email.
• Object to or restrict certain processing of your data.
• Withdraw consent for Google OAuth sign-in by deleting your account.

To exercise any of these rights, contact us at support@lecturly.app.

Lecturly is intended for use by adults (18+) and professional educators. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us immediately and we will delete it.

We may update this policy from time to time. We will notify you of material changes via email or a notice within the Service. The “last updated” date at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

For privacy questions, data requests, or concerns about how we handle your data — including Google user data — email us at support@lecturly.app.