Trust & Security
Last updated: July 10, 2026
This page is for school and district administrators evaluating Lesson Maker Pro. It describes what data the platform handles, where that data goes, and how it is protected. If you need something we have not covered here, contact us and we will get you an answer.
At a glance
- Built for teachers. There are no student accounts, no rosters, and no student logins.
- We do not need student data to work, and we tell teachers not to upload it.
- Teachers own the content they create.
- Data is encrypted in transit. Our database provider encrypts data at rest.
- Payments are handled by Stripe. Card numbers never touch our servers.
- Uploaded images are stored in a private bucket and served through short-lived signed links.
- We do not sell personal information.
- A data processing agreement is available on request.
What we collect
- Teacher account information: email address and password.
- Content teachers create: lesson plans, unit plans, materials, presentations, and chat conversations with the teaching assistant.
- Files teachers upload to the teaching assistant, such as images of existing worksheets.
- Billing details for paid plans, processed by Stripe.
- Product usage data to understand what is working.
Visitors can try the product without an account. Those sessions use an anonymous identifier that is not tied to a name or email address.
What we do not collect
- Student accounts. Students never log in to Lesson Maker Pro.
- Student rosters or gradebooks.
- Student records. The product does not ask for them and does not need them to function.
Student data, FERPA, and COPPA
Lesson Maker Pro is designed so schools can use it without student data. It is a planning tool for teachers, not a classroom tool for students. There is no student-facing mode, no student account type, and no feature that asks for student information.
We instruct teachers not to include student names or other personally identifiable student information in prompts, conversations, or uploads. Because the product does not serve students and does not collect information from them, it is built to stay outside the scope of student data regulations rather than to manage student data under them.
If your district has specific compliance requirements, contact us through the district inquiry form and we will work through them with you.
How AI generation works
Lesson Maker Pro is not a passthrough to a chatbot. When a teacher generates a lesson plan or material, we build the request: we ground it in our database of over 450,000 verified state and national standards, apply grade and subject constraints, and define the structure the output must follow. Results then run through our own formatting and quality checks before the teacher sees them.
The generation step itself runs on OpenAI models, with Anthropic as a fallback when OpenAI declines a request. These providers may use content sent through their APIs to improve their services and models, in accordance with their own data usage policies.
AI-generated content can contain mistakes. We tell teachers to review everything before using it in a classroom.
Security practices
- All traffic is encrypted in transit with TLS.
- Our database provider encrypts data at rest.
- Database access is controlled with row-level security, so each account can only read its own data.
- Uploaded images are stored in a private bucket. They are never publicly reachable and are served through signed links that expire after one hour.
- All protected API routes go through centralized authentication.
- Google account access uses the narrowest OAuth scopes available: per-file Drive access and Classroom coursework creation. We can only see files the app itself creates.
Subprocessors
We use the following service providers to run Lesson Maker Pro. Each one receives only what it needs for its job.
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Database, authentication, and file storage | Account email, created content, uploaded files |
| Vercel | Application hosting and site analytics | Request data, anonymized page analytics |
| OpenAI | AI content generation | Prompts, content being generated or edited, uploaded files used in generation |
| Anthropic | Backup AI provider for lesson generation | Lesson prompts, only when the primary provider declines a request |
| Stripe | Payment processing | Payment details and billing email. Card numbers never touch our servers. |
| Resend | Transactional and product email | Email address |
| PostHog | Product analytics and error reporting | Usage events and error reports. No tracking cookies. |
| Optional export to Drive, Docs, Slides, Forms, and Classroom; image search | Exported files go to the teacher's own Google account, only after they connect it. Image searches send the search text only. | |
| CloudConvert | File format conversion for presentation PDF export | The presentation file being exported |
| Unsplash / Pexels | Licensed stock images for presentations | Image search text only |
Retention and deletion
- Teachers can delete individual lesson plans, materials, and conversations from within the app at any time.
- Deleting a conversation also deletes any images uploaded to it from our storage.
- Account deletion is handled by request: email support@lessonmakerpro.com and we will delete the account and its data.
- Created content can be exported as PDF, Word, or PowerPoint files, or sent to Google Drive, Docs, Slides, Forms, or Classroom.
For districts
A data processing agreement is available on request. We are also happy to complete security questionnaires and answer procurement questions directly.
Start with the district inquiry form or email sales@lessonmakerpro.com.
See also our Privacy Policy and Terms of Service.