Legal
Last updated: April 30, 2026
ThinkingEngine uses administrative, technical, and organizational safeguards to protect teacher accounts, student dialogue data, and session transcripts. Some safeguards are implemented directly; others are provided by our infrastructure vendors. No formal security certifications (SOC 2, ISO 27001, etc.) are claimed.
The following controls are currently implemented:
| Control | Description |
|---|---|
| Teacher authentication | Secure login with email and password for teacher accounts. No student passwords for standard classroom use. |
| Two-factor authentication (optional) | Optional TOTP-based 2FA available for teacher accounts. Admin panel access requires TOTP for superuser roles. |
| Limited superuser access | Administrative access is restricted to a verified email whitelist. No broad administrative accounts. |
| Vendor-supported hosting | Application is hosted by Polsia on Render, a SOC 2-compliant cloud platform. Database is provided by Neon (PostgreSQL). |
| No student payment data | ThinkingEngine does not collect or store student payment information. Teacher billing is processed by Stripe independently. |
| No student passwords | Students access sessions via teacher-generated codes. No student account creation or password management required. |
For district agreement review: Before entering a district agreement, the following items should be confirmed directly with ThinkingEngine:
Contact privacy@thinkingengine.org to request documentation on any of the above items.
If you discover a security vulnerability, please contact us at security@thinkingengine.org. We ask that you:
Security issues: security@thinkingengine.org
Privacy and district inquiries: privacy@thinkingengine.org
General support: support@thinkingengine.org