Our Privacy Commitments
Summary
These are 12 promises we make to every teacher, school, and parent who trusts EMStudio with their data. They are embedded in our Terms of Service, enforced in our Data Processing Addendum, and backed by the technical safeguards on our Security page. They are not aspirational — they describe how EMStudio operates today.
Our 12 Commitments
We will never sell or rent student personal information
Not to advertisers, not to data brokers, not to researchers, not to anyone — for any reason, ever.
We will never use student data for advertising or behavioral targeting
EMStudio has no ads. Student data is never used for marketing, behavioral profiling, or personalized advertising of any kind.
We will never build profiles about students for non-educational purposes
Student data exists in EMStudio for one purpose: education. We never aggregate, analyze, or repurpose it for any other goal.
We will never use student data to train AI models
No data in EMStudio — student or teacher — is used to train, fine-tune, or improve any AI model, whether ours or any third party's. Our AI provider operates under a zero-retention policy.
We will only collect information necessary for the educational purpose
We store only what teachers enter. We never prompt for additional student data, never require unnecessary fields, and never collect data from students directly.
We will keep student data only as long as the teacher needs it
Teachers control retention. They can delete individual records at any time. When an account is deleted, all data is permanently erased within 30 days — from our systems and all sub-processors.
We will publish a complete list of every vendor we share data with
Our sub-processor list is public, always current, and includes exactly what data each vendor receives. Most vendors never see student data at all.
We will maintain strong security safeguards
Encryption in transit (TLS 1.3) and at rest (AES-256), row-level database isolation, strict Content Security Policy, rate limiting, PII scrubbing in logs, and a dedicated incident response process.
We will notify affected users of any data breach without undue delay
Supervisory authorities within 72 hours (GDPR). Schools with a DPA within 24 hours. Affected users without undue delay. Our notification includes what happened, what data was affected, and what we're doing about it.
We will honor deletion and export requests within one month
Teachers can export all data (CSV in a ZIP) and delete their account directly from Settings — no email, no support ticket, no waiting. We respond to all formal rights requests within one month (GDPR) or 45 days (CCPA).
We will make our policies public and publish changes with advance notice
Every policy is public on this site. When we make material changes, we provide advance notice in the app. For changes affecting student data handling, we give at least 30 days' notice.
We will never weaken these commitments without notifying users first
If we ever need to change any of these commitments, we will notify all users before the change takes effect. We will never make our practices less protective of student data silently.
Why These Commitments Exist
The Future of Privacy Forum maintained a “Student Privacy Pledge” that many ed-tech companies signed. That pledge was retired in April 2025. We do not claim to be signatories of a program that no longer exists.
Instead, we wrote our own commitments in our own words — inspired by the principles of the original pledge but tailored to how EMStudio actually works. These commitments are not a badge we applied for. They are promises baked into our Terms of Service, our Data Processing Addendum, and our technical architecture.
We believe this is more meaningful than a third-party seal: it's a direct promise from us to you, enforceable in the contract you agreed to when you created your account.
Hold Us Accountable
If you believe we are not living up to any of these commitments, tell us. We take every report seriously.
- Email: info@emstudio.pro
- Your rights: You can exercise your data rights at any time — access, export, correct, or delete your data directly from Settings
- Supervisory authorities: EU and UK users can lodge a complaint with their local data protection authority
- Transparency: Our annual transparency report discloses government requests, breaches, and content removal requests (all currently zero)
These commitments are contractual
These are not marketing statements. They are formalized in our Terms of Service and Data Processing Addendum. If we violate them, you have contractual recourse — not just our word.
Related Policies
- Privacy Policy — the legal foundation behind these commitments
- Terms of Service — where these commitments are contractually binding
- Data Processing Addendum — formal school agreement with these commitments embedded
- Security — the technical safeguards that make these commitments real
- Transparency — see exactly what data we hold and where it goes
- Sub-Processors — every vendor, with student data breakdown
- FERPA Compliance
- COPPA Compliance
- GDPR Compliance