Privacy Policy

Last Updated: November 6, 2025

1. Introduction

NextJS Lessons ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our educational platform.

We are especially committed to protecting the privacy of children and comply with the Children's Online Privacy Protection Act (COPPA).

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name (full name for creators, display name optional)
  • Email address
  • Password (encrypted and never stored in plain text)
  • Profile picture (optional)
  • Educational role (teacher, homeschool parent, tutor, etc.)

2.2 Content You Create

  • Lesson plans, courses, and educational materials
  • AI prompt inputs and generation preferences
  • Educational perspective selection
  • Subject areas and grade levels

2.3 Usage Data

  • Pages visited and features used
  • Time spent on platform
  • AI generation history and credits used
  • Search queries and filters
  • Browser type and device information
  • IP address and approximate location

2.4 Payment Information

For marketplace transactions and subscriptions:

  • Payment card information (processed by Stripe, not stored by us)
  • Billing address
  • Transaction history
  • Payout preferences for creators

2.5 Student Data (COPPA Considerations)

Important: We do NOT collect personal information directly from children under 13. Teachers and parents are responsible for:

  • Not creating individual accounts for students under 13
  • Not including student names or personal information in lesson content
  • Obtaining parental consent before sharing any student work
  • Using teacher/parent accounts to access content for children

3. How We Use Your Information

We use collected information to:

  • Provide the Service: Create and manage your account, generate lessons, process payments
  • AI Generation: Process your inputs through Claude AI to create educational content and suggest copyright-free media
  • Media Suggestions: Search copyright-free media sources (Unsplash, Pexels, Pixabay, Wikimedia Commons) to suggest relevant educational images and videos
  • Content Moderation: Analyze lessons for safety and appropriateness using AI
  • Personalization: Recommend relevant content and improve your experience
  • Communications: Send notifications through our in-platform notification system (bell icon). We do NOT send marketing emails or newsletters to students. Parent/teacher accounts may receive important account updates via email (login security, payment receipts, COPPA consent requests only)
  • Analytics: Understand how the platform is used and improve features
  • Security: Detect fraud, abuse, and protect against unauthorized access
  • Legal Compliance: Comply with COPPA, FERPA, and other regulations

Email Communication Policy (COPPA Compliant):

  • Students Under 13: NO marketing emails. Only essential account emails (password resets, security alerts) sent to parent email with parental consent
  • Students 13+: Account security emails only. Can opt-in to educational newsletters (optional)
  • Teachers/Parents: Account updates, payment receipts, COPPA consent requests, optional educational resources newsletter
  • In-Platform Notifications: All users receive important updates via the notification bell system (no email required)

4. Third-Party Services

We use the following trusted third-party services:

4.1 Supabase (Database & Authentication)

  • Stores your account data and lesson content
  • Handles user authentication securely
  • Subject to Supabase Privacy Policy

4.2 Anthropic Claude (AI Generation)

  • Processes your lesson creation inputs
  • Generates educational content based on your parameters
  • Analyzes content for safety and appropriateness
  • Subject to Anthropic Privacy Policy and Commercial Terms
  • Data retention: 30 days per Anthropic policy

4.3 OpenAI (Embeddings)

  • Creates vector embeddings for knowledge base search
  • Subject to OpenAI Privacy Policy
  • Data retention: 30 days per OpenAI API policy

4.4 Stripe (Payments)

  • Processes all payment transactions
  • We do NOT store your full payment card information
  • Subject to Stripe Privacy Policy and PCI DSS compliance

4.5 Copyright-Free Media Sources (AI Suggestions Only)

Our AI lesson builder suggests media from these copyright-free sources:

  • Unsplash API: We search for educational images. No personal data sent. Subject to Unsplash API Terms
  • Pexels API: We search for educational photos/videos. No personal data sent. Subject to Pexels API Terms
  • Pixabay API: We search for educational media. No personal data sent. Subject to Pixabay API License
  • Wikimedia Commons API: We search for educational content. Public API, no personal data sent

Important: These services only receive search queries (e.g., "photosynthesis diagram", "solar system"). We do NOT share your account information, student data, or personal information with media providers. All media remains hosted on their platforms����we only embed URLs.

4.6 User-Added Media (YouTube, Custom URLs)

When you manually add media from external sources:

  • YouTube/Vimeo Embeds: Subject to their privacy policies. They may track views when videos are played
  • Custom URLs: You are responsible for ensuring privacy compliance of third-party media sources
  • No Data Sharing: We do not share user information with manually-added media sources beyond standard HTTP referrer headers

4.7 Vercel (Hosting)

  • Hosts our web application
  • Collects standard server logs (IP addresses, access times)
  • Subject to Vercel Privacy Policy

5. How We Share Your Information

We do NOT sell your personal information. We share data only in these limited circumstances:

  • Public Content: Lessons you publish to Global Library or Marketplace are publicly visible
  • Service Providers: Third-party services listed above, under strict contracts
  • Legal Requirements: When required by law, court order, or to protect rights and safety
  • Business Transfers: In event of merger, acquisition, or sale (with notice to you)
  • With Consent: When you explicitly authorize sharing

6. Children's Privacy (COPPA)

6.1 Our Commitment

We comply fully with the Children's Online Privacy Protection Act (COPPA). Our platform is designed for teachers and parents, NOT for direct use by children under 13.

6.2 No Direct Collection from Children

  • Children under 13 may NOT create accounts
  • We do not knowingly collect personal information from children under 13
  • Teachers/parents must use their own accounts to access content for children

6.3 Parental Rights

Parents have the right to:

  • Review any information collected about their child
  • Request deletion of such information
  • Refuse further collection or use
  • Contact us at privacy@nextjslessons.com

6.4 School/Teacher Use

Schools and teachers using this platform with students under 13 act as agents of parents and are responsible for obtaining necessary parental consents under FERPA and COPPA.

7. Data Security

We protect your data using:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Secure authentication with Supabase Auth
  • Regular security audits and updates
  • Access controls and monitoring
  • Secure payment processing (PCI DSS compliant via Stripe)

However, no system is 100% secure. You are responsible for maintaining your account password security.

8. Data Retention

  • Account Data: Retained while your account is active
  • Lesson Content: Retained until you delete or close account
  • AI Processing: Anthropic/OpenAI retain data for 30 days per their policies
  • Payment Records: Retained for 7 years for tax/legal compliance
  • Analytics: Aggregated data retained indefinitely (anonymized)

9. Your Privacy Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information
  • Deletion: Request account and data deletion (subject to legal retention requirements)
  • Export: Download your lesson content
  • Opt-Out: Unsubscribe from marketing emails
  • Portability: Receive your data in machine-readable format

To exercise these rights, contact privacy@nextjslessons.com

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication (keeping you logged in)
  • Preferences (remembering your settings)
  • Analytics (understanding platform usage)
  • Security (preventing fraud and abuse)

You can control cookies through your browser settings, but this may limit platform functionality.

11. International Users

Our servers are located in the United States. By using this service, you consent to transfer of your data to the U.S. We comply with applicable international privacy laws including GDPR for EU users.

12. California Privacy Rights (CCPA)

California residents have additional rights under CCPA:

  • Know what personal information is collected
  • Know whether personal information is sold or disclosed
  • Say no to the sale of personal information (we do NOT sell data)
  • Access personal information
  • Request deletion of personal information
  • Not be discriminated against for exercising these rights

13. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated date. Material changes will be communicated via email or platform notification.

14. Contact Us

For privacy questions, concerns, or requests:

  • Privacy Email: privacy@nextjslessons.com
  • COPPA Concerns: coppa@nextjslessons.com
  • Data Requests: datarequests@nextjslessons.com
  • General Support: support@nextjslessons.com

Related Policies:

Terms of ServiceContent Policy

By using NextJS Lessons, you acknowledge that you have read and understood this Privacy Policy.