Teach Weave

Privacy Policy

Last updated: May 12, 2026

The short version. We collect what we need to run a teaching-resource marketplace — your account email, your purchases, your uploads, your settings. We don't sell your data. We never see your credit card. We use a small set of trusted vendors (Stripe, Supabase, Anthropic, Resend, Google, Vercel, Inngest, Sentry) and tell you exactly who they are and what they handle. The rest of this page is the long version.

1. Information we collect

Account information

When you sign up, we collect your email address. If you sign in with Google, we additionally receive your name and profile picture from Google's OAuth response. You can edit your name and add a bio, photo, or other profile fields any time from the Account page.

Creator information

If you become a creator, we collect a public display name, optional bio, optional social and website links, and the subjects and grade levels you teach. To receive payouts, you go through Stripe's identity verification (a process called “Stripe Connect Express onboarding”) — Stripe collects what they need from you for that, and Teach Weave never sees your full Social Security Number, date of birth, or bank account number. We only see the high-level status they send back: whether you're verified and whether you're cleared to receive payouts.

Buyer information

When you make a purchase, we record the order — which resource, when, the price you paid — so we can show it in your library and pay the creator. We don't see or store your card number; that goes directly to Stripe. We also store the cart you're building, the items you've saved to your wish list, the reviews you write, and your teaching preferences (framework, grade levels, subjects) when you set them.

Content you upload

If you publish resources, we store the files you upload (PDFs, images, slide decks, etc.), the metadata you set on them (title, description, price, tags), and any updates you make later. Your files live in private storage; only you and people who've purchased them can download.

AI inputs and outputs

We use Anthropic (Claude) to power three features: standards alignment at upload, optional teacher-voice description generation, and optional reading-level or language adaptations of resources. To do this, we send the source file and limited metadata (title, subjects, grade levels) to Anthropic over an authenticated API. Anthropic processes the request and returns a result; per their commercial terms (as published as of the effective date of this policy), API content is not used to train their models. If we change AI providers or if our provider's data-handling terms change materially, we'll update this policy. We retain the AI's outputs (alignment suggestions, generated descriptions, generated adapted PDFs) so we don't have to re-run the AI for the same input.

We do not send Google Classroom or Drive data to Anthropic or any other AI/ML provider. Course names, assignment metadata, and files uploaded to your Drive stay within Google's APIs and our own encrypted token store; they are never used as AI inputs or outputs.

Google Classroom integration (optional)

If you connect Google Classroom from Settings, we request three OAuth scopes from Google: classroom.courses.readonly (so we can list your courses for the “push to class” picker), classroom.coursework.students (so we can create draft assignments in the course you pick), and drive.file (so we can upload the resource PDF to your Drive — limited to files this app creates; we cannot read or modify your other Drive files). This flow is separate from sign-in and uses a different OAuth client.

Google issues us a refresh token so we can mint short-lived access tokens when you push a resource. We store that refresh token encrypted at rest using AES-256-GCM. Disconnect at any time from Settings, which deletes our copy of the refresh token; you can also revoke our access from your Google account.

Limited Use of Google user data

Teach Weave's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we do not transfer Google user data (your course list, the draft assignments we create, or the files we upload to your Drive) to any AI or machine learning model. We do not use it for advertising. We do not sell it. We do not allow humans to read it except where you've explicitly directed an action that requires it (sending a resource to a course you picked), for security purposes, to comply with applicable law, or where the data has been aggregated and de-identified.

Public Q&A on resources

Resource pages have a Q&A surface. Anyone signed in can ask a question; the creator decides whether their answered question is publicly visible to other shoppers or stays private to the asker. When a question is public, your name (or “A teacher” if you haven't set one) and your question text are visible to anyone visiting the resource page. Submissions go through an automated AI moderation pre-filter and a per-user rate limit before they post.

Per-buyer file watermarking

Every PDF you download from your library carries an invisible-but-traceable footer stamp with your account email and the order line ID. This is forensic — if a purchased resource turns up on a piracy site, the stamp lets the creator (and us) trace the leak source. The stamp is on the PDF itself; it's not removed by printing or screenshotting individual pages.

If a watermarked file is found posted publicly, we may share the watermark contents (the email and order line ID) with the affected creator solely to investigate and remediate the leak. We do not use watermark data for any other purpose.

Cookies and session data

Two kinds of cookies. Supabase Auth sets first-party session cookies to keep you signed in — those are required for the app to work. Google Analytics 4 sets first-party measurement cookies (_ga and related) so we can see aggregate traffic to the marketing site and the signed-in app: pages visited, referrers, time on site. We do not use advertising cookies, we don't share GA data with advertisers, and we don't track you across other websites.

Communications

When we send you transactional email (receipts, refund notices, change-request acknowledgements, account alerts), we record that we sent it. Marketplace activity emails (sales, reviews, change requests received) are gated by your preferences in Settings. Marketing emails, if we ever send any, are also gated by your preferences.

One specific case to know: when you (as a buyer) submit a “change request” on a resource page, the email we send to the creator uses your email address as the Reply-To header so the creator can reply directly to you instead of going through Teach Weave. Your message body is included in that email. Submitting a change request shares your email address with that creator.

2. How we use your information

  • To run the marketplace. Showing you relevant resources, processing your orders, granting access to what you bought, paying creators, and handling refunds.
  • To power AI features. Sending the source file content to Anthropic when you (as a buyer) request an adaptation, when alignment runs at upload, or when a creator opts in to AI description generation.
  • To communicate with you. Sending the transactional and (opted-in) marketplace emails described above.
  • To improve the service. We look at aggregate, non-identifying signals (search terms, popular resources, error rates) to make the product better. We don't profile individual users.
  • To meet legal and tax obligations. Maintaining records of transactions for accounting, and complying with Stripe's reporting requirements for creator earnings.

3. Who we share information with

We use a small set of vendors (sometimes called “subprocessors”) to run the service. Each one only sees the slice of data they need to do their job.

  • Stripe. Card payments, payouts to creators via Stripe Connect, identity verification. All cardholder data goes directly from your browser to Stripe — Teach Weave servers never see card numbers.
  • Supabase. Authentication, database, and file storage. Your account data and uploaded files live on Supabase infrastructure.
  • Anthropic. AI processing for alignment, description generation, and adaptations. See above for what we send and their data-handling terms.
  • Resend. Email delivery. Your email address and the contents of any email we send to you pass through Resend.
  • Google (OAuth + Classroom + Drive). Two separate flows. Sign-in: only if you choose “Continue with Google,” we receive your email, name, and profile picture — no other scopes. Classroom integration (optional, opt-in from Settings): we receive a refresh token scoped to listing your courses, creating draft assignments, and uploading resource files to your Drive (only files this app creates). Refresh tokens stored encrypted; revocable at any time from Settings or from your Google account. Google Classroom data (course list, draft assignments we create) and Drive data (files uploaded by this app) is never shared with our other vendors — including Anthropic, Resend, Sentry, and Google Analytics. It stays within Google's APIs plus our own encrypted token store.
  • Vercel. Application hosting. Vercel processes web requests on our behalf.
  • Inngest. Background job processing for AI alignment, thumbnail generation, and similar asynchronous work.
  • Sentry. Error tracking and performance monitoring. When something breaks in the app we capture the error, the URL it happened on, and a stack trace — so we can fix it. We deliberately do not attach IP addresses, cookies, or user identifiers to error reports by default. Engineers can manually attach a user ID during a specific incident investigation, then remove it. We don't send Sentry the contents of your uploads, your messages, or your payment info.
  • Google Analytics. Aggregate web analytics — what pages people visit, where they came from, what they clicked. Used to understand whether the marketing site is doing its job. Your activity inside the signed-in app is included; we don't ship contents of your library or messages.

We do not sell your personal information. We do not share it with advertisers. We'll only disclose information to law enforcement under a valid legal order, and we'll tell you when we're allowed to.

If we add a new subprocessor that processes user content, we'll update this page at least 30 days before they start handling your data so you have time to object.

4. Children's data

Teach Weave is a service for adult teachers and education professionals; you must be 18 or older to create an account. We do not knowingly accept users under 18, and the service is not designed for children or students to sign up or use directly.

Important note for creators: when you upload resources to the marketplace, do not include personally identifiable information about your students — names, photos, student IDs, or anything else that could identify a specific child. The resources you publish are visible to other teachers and may be processed by AI. Strip student data before uploading.

5. Data retention

We keep your information for as long as your account is active and as long as we need it to run the marketplace. Specifically:

  • Account data. Kept while your account exists. You can request deletion (see Section 6 below).
  • Order and transaction records. Kept for up to seven years after the transaction, in line with US tax and accounting record-keeping requirements.
  • Uploaded resources. Kept while you're a creator. You can archive or delete a resource any time; archives keep purchase history intact for past buyers, deletes wipe the file from storage entirely (and aren't allowed for resources that have been purchased).
  • Reviews. Tied to active purchases. If a buyer is fully refunded, their review is automatically removed.
  • AI inputs and outputs. Cached for as long as the source resource remains in the marketplace, plus 90 days after the resource is removed or unpublished. We don't use them for any other purpose.
  • Google Classroom integration tokens. The refresh token Google issues us is stored encrypted at rest and used only when you push a resource. When you disconnect from Settings, we delete our copy of the token immediately. We do not cache Google course lists, assignment IDs, or any data fetched through these scopes — every push reads fresh from Google's APIs at the moment of action.

6. Your rights

You have rights over your information. Depending on where you live (especially if you're in the EEA, UK, or California), the specific list varies. At a minimum, you can:

  • Access the information we hold about you. The Account page shows your activity, profile, and preferences in one place.
  • Correct what's wrong. Most fields are editable from your account.
  • Delete your account and request that we delete your personal information. We may keep tax-relevant transaction records as required by law.
  • Opt out of non-transactional emails from the Email preferences section in Settings.
  • Export what you've uploaded or purchased. Email us and we'll send it.

To exercise any of these rights, email support@teachweave.com. We'll respond within 45 days; if we need more time, we'll tell you within that period and may extend by an additional 45 days.

Additional rights for US state residents

Depending on the state you live in, you may have additional rights under state privacy law (including the California Consumer Privacy Act as amended by the CPRA, and comparable laws in other states).

Categories of personal information we have collected in the past 12 months:

  • Identifiers (name, email, IP address)
  • Commercial information (purchases, wish list, payouts for creators)
  • Internet or network activity (pages visited, GA measurement, device identifiers)
  • Professional information (subjects and grade levels you teach)
  • User-generated content (resource uploads, reviews, Q&A submissions)
  • Inferences drawn from your activity in the Service

Some of this information — such as account credentials and certain financial information handled by Stripe — may be considered “sensitive personal information” under state law. We use it only to provide the Service and as otherwise permitted by law; we do not use it to infer characteristics about you. We do not sell or share personal information for cross-context behavioral advertising, and we have not done so in the past 12 months.

You have the right to: know what we have collected; correct inaccurate information; delete your personal information; receive a copy in a portable format; opt out of any sale or sharing of personal information for cross-context behavioral advertising (we don't); limit our use of sensitive personal information; designate an authorized agent to submit a request on your behalf; and appeal a denial. We do not discriminate against you for exercising any of these rights. We also recognize the Global Privacy Control (GPC) browser signal as a valid opt-out.

7. Security

We use industry-standard practices to protect your information: TLS for traffic in transit, encryption at rest for the database and storage, scoped access tokens for our service accounts, and strict separation between public buckets (preview thumbnails, watermarked sample PDFs) and private buckets (source resource files accessible only to verified buyers via short-lived signed URLs). Cardholder data is handled exclusively by Stripe.

If we become aware of a security incident affecting your personal information, we'll notify you without undue delay and in any event within the timeframes required by applicable law.

8. Where data is processed

Teach Weave is operated from the United States and intended for users located in the United States. Our subprocessors may process data from US or European data centers depending on the vendor; your data is held in accordance with each vendor's contractual security and data-handling commitments. We don't actively market the Service outside the US, and our standards graph (Common Core, TEKS, B.E.S.T., NGSS) targets US K–12 frameworks.

9. Changes to this policy

We'll update this page when we make material changes. The “Last updated” date at the top will reflect the most recent revision. Substantive changes will get an email to your registered address at least 14 days before they take effect.

10. Contact us

Teach Weave is operated by Burt Consulting LLC, a Texas limited liability company doing business as Teach Weave, with a mailing address of 13423 Blanco Road #774, San Antonio, TX 78216, United States. Questions, requests, or concerns? Email support@teachweave.com. Real humans on the other end.