Legal

Privacy Policy

Last updated: April 28, 2026

1. Introduction

ThinkingEngine is designed for classroom teachers and their students. We take student data seriously. This Privacy Policy explains exactly what information ThinkingEngine collects, why we collect it, and what we do not do with it.

ThinkingEngine is operated by ThinkingEngine. If you have questions about this policy, contact privacy@thinkingengine.org.

2. Information We Collect

From teachers and administrators:

  • Name and email address (used for account identification and sign-in)
  • School or district affiliation (optional, used for account management)
  • Topics and discussion scenarios you create on the platform
  • Session history and student performance data you access through the dashboard
  • Billing information (processed and stored by Stripe — ThinkingEngine does not store payment card numbers)

From students:

  • First name or nickname (entered at the start of a dialogue session — you choose what to enter)
  • Dialogue messages exchanged during a session
  • AI-generated reasoning scores and fallacy detections resulting from the dialogue

Students are not required to provide an email address, phone number, date of birth, or any other identifying information. Students do not create individual accounts.

3. What We Do Not Collect

ThinkingEngine does not:

  • Sell student data to third parties
  • Use student dialogue content to train or improve AI models
  • Show advertising to students
  • Collect student age, geolocation, device identifiers, or demographic data
  • Share student data with other educational platforms or services without explicit permission
  • Store student data beyond the retention periods described in Section 9

4. How We Use Information

Teacher information is used to operate your account, provide access to your dashboard, topics, sessions, and scores, and to communicate with you about your account and the service.

Student information is used only to run the dialogue session, generate reasoning scores and fallacy feedback, and display results to the teacher who created the session topic. We do not use student data for any purpose beyond operating the service for the teacher who initiated the session.

5. Data Sharing

ThinkingEngine does not sell, rent, or share student personal information with third parties for their own purposes. We share student data only in the following limited circumstances:

  • Service providers: We use trusted third-party service providers (such as cloud hosting and AI processing providers) who process data on our behalf under strict confidentiality agreements. These providers may not use student data for their own purposes.
  • Legal obligations: We may disclose student data if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, safety, or property of ThinkingEngine, its users, or the public.
  • School or district requests: If a school or district administrator requests access to student data under their FERPA rights, we will cooperate with that request consistent with our obligations.

6. Data Security

ThinkingEngine uses industry-standard technical and organizational measures to protect data, including:

  • HTTPS encryption for all data in transit
  • Encryption at rest for data stored in our databases
  • Access controls restricting production data access to essential personnel only
  • Regular security reviews and monitoring

No method of electronic transmission or storage is completely secure. If you have concerns about data security, contact security@thinkingengine.org.

7. FERPA Compliance

ThinkingEngine is designed to support compliance with the Family Educational Rights and Privacy Act (FERPA). Because students do not provide personally identifiable information beyond a name — and because teachers control access to session codes — the system is designed to minimize data exposure.

ThinkingEngine is considered a "school official" with a legitimate educational interest when teachers use the service in their classrooms. We do not use student data for purposes beyond the specific educational service we provide.

For school-wide deployments requiring a formal FERPA determination, data sharing agreement, or review by district counsel, contact privacy@thinkingengine.org. We can work with districts to execute Data Privacy Agreements (DPAs) where required.

8. COPPA Compliance

The Children's Online Privacy Protection Act (COPPA) applies to operators of websites and online services directed at children under 13, or operators with actual knowledge that they are collecting information from children under 13.

ThinkingEngine is designed for use in K-12 educational settings under the direction of teachers and schools. We do not knowingly collect personal information from children under 13 without verified parental consent. Schools and teachers using ThinkingEngine with students under 13 are responsible for obtaining any necessary parental consents required by their district or state law.

If you believe we have inadvertently collected information from a child under 13 without appropriate consent, contact privacy@thinkingengine.org immediately.

9. Data Retention

ThinkingEngine retains data only as long as necessary to operate the service and comply with legal obligations. The following table describes our current retention periods:

Data type Default retention period Status
Student roster data (first name, session associations) 12 months after last session Confirmed
Dialogue transcripts 12 months after session date Confirmed
AI scores and heatmaps 12 months after session date Confirmed
Usage logs (access patterns, session events) 90 days Confirmed
Security logs (authentication events, access attempts) 180 days Confirmed
Database backups 30 days Confirmed
Billing records Legal and tax retention period (adult accounts only) Adults only

Teachers may request deletion of their account data at any time by emailing privacy@thinkingengine.org. Deletion requests are processed within 30 days, subject to legal retention requirements for billing records.

10. Student Data Rights

Students and their parents or guardians have rights to their educational records under FERPA. Teachers and schools can access, export, and request deletion of student data through the ThinkingEngine teacher dashboard or by emailing privacy@thinkingengine.org.

Students who are the subject of records may have rights to access, correct, or request deletion of their information. These requests should be directed through the student's teacher or school, who can then contact ThinkingEngine on the student's behalf.

11. International Transfers

ThinkingEngine is operated from the United States. Data collected through the service is stored on servers located in the United States. If you are accessing the service from outside the United States, you acknowledge that data will be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction.

12. Cookies and Local Storage

ThinkingEngine uses browser localStorage to remember teacher sign-in state across sessions. We do not use HTTP cookies for tracking or advertising purposes.

We may use anonymous, aggregate usage statistics (which do not include student personal information) to understand usage patterns and improve the service. These statistics are collected in a manner that does not identify individual users.

13. Third-Party Services

ThinkingEngine uses the following third-party services:

  • Stripe: Processes payment information for subscription billing. Stripe's privacy practices are governed by its own privacy policy.
  • Cloud hosting provider: Hosts our application servers and databases. Data is encrypted at rest and in transit.
  • AI processing: Used to power Socratic dialogue responses and reasoning score generation. All AI processing occurs on our infrastructure or under strict data processing agreements.

We do not embed third-party tracking pixels, advertising networks, or analytics tools that collect student personal information.

14. Changes to This Policy

ThinkingEngine may update this Privacy Policy from time to time. If a change is material — including changes to data collection, retention, or sharing practices — we will notify teachers by email at least 30 days before the change takes effect.

The "Last updated" date at the top of this page reflects the most recent version. Your continued use of ThinkingEngine after a policy update constitutes acceptance of the updated terms.

15. Contact

For questions about this Privacy Policy or to submit data access, correction, or deletion requests:

privacy@thinkingengine.org

For security concerns: security@thinkingengine.org

For general support: support@thinkingengine.org