Privacy Notice
Effective Date: March 20, 2026 — Digital Dog Tech, a product line of iTeachAI LLC
1. Scope of This Notice
This Privacy Notice applies to all products and services operated by Digital Dog Tech, a product line of iTeachAI LLC, including Blossom (AI teaching assistant), College Buddy (AI student assistant), and Open Rover (AI automation tool), as well as our websites, mobile applications, and related services.
For information specifically about children under 13, please refer to our COPPA Privacy Notice. For information about student education records, please refer to our FERPA Statement.
2. Information We Collect
2.1 Account Information (Provided by You)
- Name, email address, and password
- School or institution name and role (teacher, student, administrator, parent)
- Grade level(s) and subject area(s) taught (for teachers)
- Billing information (processed by Stripe; we do not store full payment card numbers)
- Profile photo (optional)
2.2 Usage Information (Generated by Your Activity)
- Lesson plans, assignments, and curriculum materials created or uploaded
- Student work submitted through the platform
- AI conversation history and prompts
- Grades, assessments, and feedback
- Feature usage patterns and preferences
2.3 Automatic Information (Collected by Our Systems)
- IP address and approximate geographic location (city/state level)
- Browser type, version, and operating system
- Device type and screen resolution
- Pages visited, timestamps, and session duration
- Referring URL and search terms used to find our site
- Error logs and performance data
2.4 Information We Do NOT Collect
- Social Security numbers
- Biometric data
- Precise geolocation (GPS coordinates)
- Financial information beyond what is needed for billing
- Health or medical records
3. How We Use Your Information
| Purpose | Legal Basis |
|---|
| Provide and maintain the Services | Performance of contract |
| Authenticate users and secure accounts | Performance of contract / Legitimate interest |
| Process payments and manage subscriptions | Performance of contract |
| Deliver AI-powered features (tutoring, lesson planning, grading) | Performance of contract |
| Send service-related communications (updates, security alerts) | Performance of contract |
| Improve and develop new features | Legitimate interest |
| Provide customer support | Performance of contract |
| Comply with legal obligations (FERPA, COPPA) | Legal obligation |
| Detect and prevent fraud or abuse | Legitimate interest |
We do NOT use personal information for: Targeted advertising, building marketing profiles, selling or renting to third parties, or training AI models on identifiable student data.
4. How We Disclose Your Information
We do not sell your personal information. We may share information only in the following limited circumstances:
- Service Providers: Trusted vendors who help us operate the Services (hosting, payment processing, email delivery), bound by contractual confidentiality obligations.
- AI Model Providers: Anonymized and de-identified data may be sent to AI model providers (Anthropic) for processing. No personally identifiable student information is included.
- Schools & Districts: Student data is shared with the student’s school or district as part of their institutional account.
- Legal Compliance: When required by law, subpoena, court order, or government request.
- Safety: When we believe disclosure is necessary to prevent harm, protect rights, or investigate violations.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.
5. Cookies & Tracking Technologies
5.1 Cookies We Use
| Cookie Type | Purpose | Duration |
|---|
| Essential / Session | Authentication, CSRF protection, session management | Session / 7 days |
| Preference | Language, theme, and accessibility settings | 1 year |
| Analytics (first-party) | Usage patterns, feature adoption, error tracking | 90 days |
5.2 What We Do NOT Use
- Third-party advertising cookies
- Cross-site tracking pixels
- Social media tracking widgets
- Fingerprinting techniques
5.3 Managing Cookies
You can manage cookies through your browser settings. Disabling essential cookies may prevent the Services from functioning correctly.
6. Data Security
We implement industry-standard security measures to protect your information:
- Encryption at rest: All stored data is encrypted using AES-256 encryption.
- Encryption in transit: All data transmitted between your device and our servers is protected by SSL/TLS (HTTPS).
- Access controls: Role-based access controls limit employee access to data on a need-to-know basis.
- Authentication: Passwords are hashed using bcrypt. Support for multi-factor authentication (MFA) is available for institutional accounts.
- Infrastructure: Our servers are hosted in professionally managed data centers with physical security, redundancy, and monitoring.
- Monitoring: Automated intrusion detection, audit logging, and anomaly monitoring.
- Incident response: We maintain a documented incident response plan. Affected users and authorities will be notified within 72 hours of discovering a confirmed breach.
7. Data Retention
- Active accounts: Data is retained for the duration of the account.
- Inactive accounts: Accounts inactive for more than 24 months may be flagged for deletion with 30 days’ notice.
- Deleted accounts: Personal data is deleted within 60 days of account closure. Anonymized, aggregated data may be retained for analytics.
- Student data: Deleted at the end of the school year or upon school/district request, whichever is sooner, unless retention is required by law.
- Billing records: Retained for 7 years as required by tax law.
8. Children’s Privacy
We are committed to protecting the privacy of children. Our COPPA compliance measures include:
- We do not knowingly collect personal information from children under 13 without verifiable parental consent or school authorization.
- Student accounts for children under 13 are managed by schools or parents.
- Children’s data is used solely for educational purposes; never for marketing or advertising.
- Parents may review, request deletion of, or revoke consent for their child’s data at any time.
For complete details, please see our COPPA Privacy Notice.
9. Your Rights & Choices
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate information.
- Deletion: Request deletion of your personal information.
- Portability: Request your data in a machine-readable format (CSV or JSON).
- Opt-out: Opt out of non-essential communications at any time.
- Restrict Processing: Request that we limit how we use your data.
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at info@iteachai.co. We will respond within 30 days.
9.1 California Residents (CCPA/CPRA)
California residents have additional rights under the CCPA/CPRA, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.
10. International Data Transfers
Our primary servers are located in the United States. If you access the Services from outside the US, your information may be transferred to and processed in the US. We ensure appropriate safeguards are in place for any international data transfers.
11. Changes to This Notice
We may update this Privacy Notice from time to time. Material changes will be communicated via email or in-app notice at least 30 days before taking effect. The “Effective Date” at the top of this page indicates when the notice was last revised.
If you have questions or concerns about this Privacy Notice or our data practices, please contact us: