Privacy Policy

1.1 Information Collected Automatically

Geolocation (Country-Level Only)
When you visit the Service, we detect your approximate country using your IP address (via our hosting provider, Vercel). We store your detected country code in a browser cookie (flip-country) to display the correct curriculum for your region. We do not store your IP address, city, or precise location.

Server Logs
Our hosting provider (Vercel) automatically collects standard server log data, including IP addresses, browser type, referring URLs, pages visited, and timestamps. These logs are maintained by Vercel in accordance with their privacy policy and are used for infrastructure security and performance monitoring.

1.2 Information You Provide

Mission Generation Inputs
When you generate a Mission, you provide a curriculum topic selection, an active learning methodology selection, class size (number of students), and available class time (in minutes). This information is used solely to generate your Mission and is not linked to any personal identity.

Account Information (When Available)
When we introduce user accounts, we may collect your name, email address, school or institution name, and authentication credentials (via third-party single sign-on providers such as Google).

Communications
If you contact us at [email protected] or through any other channel, we may collect your name, email address, and the content of your message.

Payment Information (When Available)
When we introduce paid subscription plans, payment processing will be handled by a third-party payment processor (such as Stripe). We will not store your full credit card number, bank account number, or other sensitive payment credentials on our servers.

Email and Newsletter (When Available)
When we introduce email communications, we may collect your email address for product updates, educational content, and marketing. You will always be able to unsubscribe.

1.3 Information Stored Locally on Your Device

Generated Missions and related data are stored in your browser’s local storage. This data remains on your device and is not transmitted to our servers unless you use a feature that explicitly requires it (such as syncing to a future cloud account). You can clear this data at any time by clearing your browser’s local storage.

We use the information we collect to:

• Provide the Service: generate Missions based on your curriculum, methodology, and classroom parameters.
• Improve the Service: analyze aggregated, anonymized usage patterns to enhance our AI models, expand curriculum coverage, and develop new features.
• Communicate with you: respond to your inquiries, send service-related notices, and (with your consent) provide product updates and educational content.
• Ensure security: detect and prevent fraud, abuse, and technical issues.
• Comply with legal obligations: meet applicable legal, regulatory, and contractual requirements.

We do not use your information to:

• Sell your personal data to third parties.
• Serve advertising or allow third-party advertising on the Service.
• Build individual behavioral profiles for marketing purposes.
• Make automated decisions that produce legal effects concerning you.

3.1 How AI Is Used

The core of our Service uses artificial intelligence (specifically, Google’s Gemini language model, accessed via the OpenRouter API) to generate Mission content. When you generate a Mission, the following non-personal information is sent to the AI model:

• Curriculum topic title, description, key questions, and standards alignment codes
• Active learning methodology name, description, and parameters
• Class size, grade level, time available, and country context

3.2 What Is Not Sent to AI

We do not send any of the following to AI providers: your name, email address, or any personal identifier; student names or any student data; school name or institution details; your IP address or device information.

3.3 AI-Generated Images, Media, and Multimodal Content

The Service may generate educational images, illustrations, diagrams, and other visual or multimedia content using AI generation models (currently accessed via the OpenRouter API). Only a text prompt describing the desired educational content is sent to the generation model. No personal data, including names, likenesses, student information, or institutional details, is included in any media generation request.

AI-generated media may be temporarily cached or logged by the AI provider in accordance with their data processing terms. Flip Education does not persistently store AI-generated media on its own servers; generated content is delivered to your browser and stored locally on your device (see Section 1.3).

As we introduce new AI capabilities (which may include audio, video, interactive content, or other modalities), the same data-minimization principles apply: we send only the minimum non-personal information necessary to generate the requested content, and no personal data is included in generation requests regardless of the content type or AI model used.

3.4 Third-Party AI Providers

Our AI processing is performed by third-party providers. Data sent to these providers is subject to their own privacy policies. We select AI providers that commit to not training their models on our API inputs. However, we encourage you to review these providers’ privacy policies directly.

We may change, add, or replace AI providers over time as technology evolves. When we do, we apply the same selection criteria: providers must offer data processing terms that prohibit training on our API inputs, support encryption in transit, and comply with applicable data protection standards. We will update the service provider table in Section 5.1 to reflect material changes in our AI provider relationships.

3.5 Content Safety and AI Governance

We implement commercially reasonable content safety measures across all AI-generated outputs, including prompt-level guardrails, content filtering, and model selection criteria. These measures are designed to reduce (but not eliminate) the risk of AI-generated content that is biased, stereotypical, culturally insensitive, or otherwise inappropriate.

We maintain an internal AI governance process to evaluate new AI models and capabilities before deployment, review content safety reports submitted by users (see our Terms of Service, Section 6.5), and update our safety measures as AI best practices and regulatory requirements evolve.

If you encounter AI-generated content that you believe is inappropriate, biased, or harmful, please report it to [email protected].

4.1 Cookies We Set

We currently use only one cookie, and it is essential to the functioning of the Service. It does not track you across websites or collect personal information.

4.2 Third-Party Cookies

We do not set any third-party cookies. We do not use advertising cookies, social media tracking pixels, or cross-site tracking technologies.

4.3 Analytics (When Implemented)

When we introduce analytics tools, we will update this section with details on any additional cookies or tracking technologies used. We will implement analytics in a privacy-respecting manner, with anonymization where possible, and will provide opt-out mechanisms where required by law.

4.4 Your Cookie Choices

Most web browsers allow you to control cookies through their settings. Note that disabling the flip-country cookie may cause the Service to default to a generic curriculum view.

We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:

5.1 Service Providers

When we introduce additional services, we will update this table to reflect payment processors, analytics providers, and authentication providers.

5.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend our rights or property; (c) prevent fraud or protect against security threats; or (d) protect the personal safety of users or the public.

5.3 Business Transfers

If Flip Education is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

• Server logs: Retained by Vercel in accordance with their data retention policy.
• Browser local storage: Retained on your device until you clear it. We have no control over or access to locally stored data.
• Country cookie: Expires after 1 year or when you clear your browser cookies.
• Account data (when available): Retained for as long as your account is active or as needed to provide the Service. Upon account deletion, your personal data will be deleted or anonymized within 30 days, except as required by law.
• Communications: Retained as needed for support and legal purposes.

We implement reasonable administrative, technical, and physical safeguards to protect your information, including encryption in transit (TLS/HTTPS) for all data transmitted between your browser and our servers, encryption in transit for all API calls to third-party AI providers, secure hosting infrastructure through Vercel, and limited access to personal data on a need-to-know basis.

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Flip Education is based in Canada. Our hosting infrastructure (Vercel) and AI providers (OpenRouter, Google) may process data in the United States and other countries. When your information is transferred internationally, we ensure that appropriate safeguards are in place, including standard contractual clauses (where applicable under GDPR), data processing agreements with service providers, and compliance with applicable cross-border transfer mechanisms.

By using the Service, you acknowledge that your information may be processed in countries other than your own, which may have different data protection laws.

9.1 Age Requirement

The Service is intended for educators and education professionals aged 16 and older. We do not knowingly collect personal information from individuals under 16 years of age. If you are under 16, please do not use the Service or provide any personal information.

If we learn that we have collected personal information from a person under 16, we will delete that information promptly. If you believe we may have collected information from a person under 16, please contact us at [email protected].

9.2 Student Data

Flip Education does not collect, store, or process student data.

Our Service is designed for teachers, and all interactions occur between the teacher and the platform. Students do not have accounts, do not interact with the platform, and are not identified in any way within the Service. Missions are designed for teachers to deliver in their classrooms using physical, off-screen activities. No student information is required to generate, view, print, or deliver a Mission.

9.3 COPPA Compliance (United States)

Because we do not collect personal information from children under 13 (or any children at all), the Children’s Online Privacy Protection Act (COPPA) obligations regarding parental consent do not apply to our current Service. If we introduce features in the future that involve student data, we will comply fully with COPPA and update this Privacy Policy accordingly.

9.4 FERPA Compliance (United States)

Flip Education does not function as a “school official” under the Family Educational Rights and Privacy Act (FERPA) and does not access, collect, or store student education records. Teachers use Flip to generate instructional materials independently of any student record system.

Depending on your location, you may have specific rights regarding your personal information. We respect these rights regardless of where you are located and will make reasonable efforts to honor all valid requests.

10.1 Rights Under Canadian Law (PIPEDA / Alberta PIPA)

If you are a Canadian resident, you have the right to access your personal information held by us, request correction of inaccurate personal information, withdraw consent for the collection, use, or disclosure of your personal information (subject to legal or contractual restrictions), and file a complaint with the Office of the Privacy Commissioner of Canada or the Alberta Information and Privacy Commissioner.

10.2 Rights Under the EU General Data Protection Regulation (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the right to: access your data; request rectification; request erasure (“right to be forgotten”); request restriction of processing; data portability; object to processing; and withdraw consent at any time.

Our legal basis for processing your data under GDPR is legitimate interest (to provide and improve the Service), contract performance (to fulfill our obligations when you use the Service), and consent (where you have given explicit consent, such as for marketing emails).

To exercise your GDPR rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

10.3 Rights Under California Law (CCPA / CPRA)

If you are a California resident, you have the right to: know what personal information we collect, use, and disclose; delete your personal information; opt-out of the sale or sharing of your personal information (we do not sell or share personal information); non-discrimination for exercising your rights; and correct inaccurate personal information.

In the preceding 12 months, we have collected the following categories of personal information: internet activity information (server logs), geolocation data (country-level). We have not sold or shared personal information as defined by the CCPA/CPRA.

10.4 Rights Under Brazilian Law (LGPD)

If you are a Brazilian resident, you have the right to: confirm the existence of processing of your personal data; access your data; correct incomplete, inaccurate, or outdated data; anonymize, block, or delete unnecessary or excessive data; request data portability; request deletion of data processed with your consent; obtain information about entities with which your data has been shared; be informed about the possibility of denying consent and its consequences; and revoke consent.

Our legal basis for processing your data under the LGPD is legitimate interest and the performance of a contract. To exercise your LGPD rights, contact us at [email protected].

The Service does not currently respond to “Do Not Track” (DNT) browser signals because we do not engage in cross-site tracking. If we implement analytics in the future, we will honor DNT signals where technically feasible.

The Service may contain links to third-party websites or resources. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page and update the “Last Updated” date above.

If we make material changes that significantly affect how we handle your personal information, we will provide prominent notice (such as a banner on the Service or, where we have your email address, by email) before the changes take effect.

Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have a complaint about our handling of your information, please contact us:

If you are not satisfied with our response, you may contact the relevant data protection authority in your jurisdiction:

• Canada: Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Office of the Information and Privacy Commissioner of Alberta (oipc.ab.ca)
• European Union: Your local data protection supervisory authority
• United States (California): California Attorney General (oag.ca.gov)
• Brazil: Autoridade Nacional de Proteção de Dados (ANPD) (gov.br/anpd)