1. Information We Collect
1.1 Account Information
When you sign in with Google, we receive and store your name, email address, and profile image URL. We do not collect or store your Google password.
1.2 User-Generated Content
You create and store the following content within QuillNext:
- Student profiles (name, birthdate, grade, learning needs)
- Courses, course blocks, and activities
- Living Library resources (books, videos, articles, documents)
- Family discipleship content (prayer journals, Bible memory verses, devotional reflections, church notes, gratitude entries)
- Assessment results and grading data
- Transcripts and academic records
- Schedule and planner entries
- Family Blueprint configuration (educational philosophy, schedule, faith background)
1.3 AI-Related Data
When you generate curriculum content, we send the following context to Google Gemini AI: student first name, grade, age, learning difficulties, support needs, interests, personality traits, learning style preferences, your educational philosophy, and faith background. This data is used solely to personalize the generated content and is not stored by Google beyond the API request.
1.4 Safety Monitoring
When students use the Thinkling Chat feature, messages are automatically scanned for safety concerns (self-harm, bullying, grooming, violence). If a concern is detected, we store a safety flag containing the first 100 characters of the message, the category and severity of concern, and a recommended action. Full message content is not stored in safety records.
1.5 What We Do Not Collect
- No analytics or usage tracking
- No device fingerprinting
- No location data
- No cookies beyond authentication
- No advertising identifiers
2. How We Use Your Data
We use your data exclusively to:
- Provide and operate the QuillNext platform
- Generate personalized curriculum content via AI
- Monitor student safety in chat interactions
- Store and display your educational content and records
We do not use your data for advertising, behavioral profiling, market research, or any purpose beyond the features you actively use.
3. Third-Party Services
We use the following third-party services to operate QuillNext. Each service receives only the data necessary for its function:
| Service | Purpose | Data Shared |
|---|---|---|
| Google OAuth | Authentication | Email, name, profile image |
| Google Gemini AI | Curriculum generation | Student name, grade, age, learning profile, interests, faith background, educational philosophy |
| Firebase Storage | File storage | Uploaded documents and book scans |
| Inngest | Background processing | Event metadata for safety scans and document processing |
| Joshua Project API | Missions data | None (read-only public data) |
| ESV Bible API | Scripture content | None (read-only) |
| Google Books API | Book metadata lookup | ISBN or search queries |
We do not use any advertising networks, data brokers, analytics services, or tracking tools.
4. Data Retention
- Active accounts: Data retained for the lifetime of your account.
- Deactivated accounts: Data retained but not processed. You may reactivate at any time.
- Deleted accounts: All data permanently destroyed within 30 days of deletion request.
- Safety flags: Retained up to 90 days after account deletion for child protection legal compliance, then permanently destroyed.
- Backups: Purged within 30 days of account deletion.
5. Your Rights
- Export:Download all your data as a JSON file from Account Settings → Data & Privacy.
- Delete:Permanently delete your account and all data from Account Settings → Data & Privacy.
- Deactivate: Pause your account while keeping your data intact.
- Access: View all your data within the app at any time.
6. Children's Privacy
QuillNext is designed for use by parents and educators managing education for their children. Student accounts are created and managed by parents. We do not knowingly collect personal information directly from children under 13 without parental consent. All student data is entered and controlled by the parent account holder.
7. Security
We protect your data using industry-standard measures: HTTPS/TLS for all data transmission, secure authentication via Google OAuth with PKCE, HTTP-only secure cookies, and database access restricted by authentication. Instructor PINs are hashed with bcrypt.
8. Changes to This Policy
If we make material changes to this policy, we will notify you via email before the changes take effect. We will provide a clear summary of what changed. The effective date at the top of this page always reflects the latest version.
9. Contact
For privacy questions or data requests, contact us at adam@quillandcompass.app.