Data Transparency
Summary
This page shows you exactly what data EMStudio holds, where it goes, and who can see it — no legalese. Every data type, every vendor, every access path is documented in the tables below.
1. What We Collect
This table documents every category of data EMStudio holds, why we hold it, where it's stored, how long we keep it, and our legal basis under the GDPR.
| Data Type | What | Why | Stored In | Retention | Legal Basis |
|---|---|---|---|---|---|
| Teacher account | Name, email, password (hashed), avatar | Authentication and account management | Supabase | Until account deletion | Contract |
| Subscription | Billing email, last 4 card digits, plan status | Payment processing | Stripe + Supabase | 7 years (tax law) | Contract + Legal obligation |
| Student identity | First name, last name, student ID, photo | Classroom management | Supabase | Until teacher deletes | Contract + School auth |
| Student contact | Student email, parent email, phone, address | Parent communication reference | Supabase | Until teacher deletes | Contract + School auth |
| Academic records | Grades, assignments, attendance, notes | Grade tracking and reporting | Supabase | Until teacher deletes | Contract + School auth |
| Lesson content | Lesson plans, unit plans, objectives, materials | Lesson planning and curriculum | Supabase | Until teacher deletes | Contract |
| Uploaded files | Documents, images, attachments | Lesson and assignment attachments | Cloudflare R2 | Until parent record deleted | Contract |
| Usage analytics | Page views, feature clicks, session events | Product improvement | PostHog | Aggregated & anonymized | Consent |
| Error logs | Request metadata, error messages (PII scrubbed) | Debugging and reliability | Supabase | 90 days | Legitimate interest |
| Cookie consent | Consent choice, timestamp | Respecting your privacy choice | localStorage + Supabase | Until changed or account deleted | Legal obligation |
For the full legal description of each data type, see our Privacy Policy.
2. Where Your Data Flows
This table shows exactly which sub-processors receive each type of data and whether it involves student information.
| Data Type | Flows To | Purpose | Contains Student Data? |
|---|---|---|---|
| All app data | Supabase | Primary database | Yes |
| Uploaded files | Cloudflare R2 | File storage | Possibly (if teacher uploads student files) |
| Billing details | Stripe | Payment processing | No |
| Lesson metadata only | OpenRouter → Google Gemini | AI lesson assistance | No — PII stripped |
| Usage events | PostHog | Product analytics (consent-gated) | No |
| Page views | Google Analytics | Marketing analytics (consent-gated) | No |
| Teacher email | Kit | Transactional email | No |
| Request metadata (scrubbed) | Vercel | Hosting & CDN | No |
6 of 8 vendors never see student data
Only Supabase (our database) stores student records. Cloudflare R2 may store student-related files if a teacher uploads them. The remaining 6 vendors receive only teacher-level or anonymous data. See the full student data breakdown.
3. AI Data Flow
When a teacher uses the AI lesson assistant, here is the exact data flow:
| Step | What Happens | Data Involved |
|---|---|---|
| 1. Teacher types a prompt | The teacher's message is sent to our server | Teacher's chat message |
| 2. Privacy guard runs | Our server-side AI privacy guard strips PII from the lesson context | Emails, phone numbers, student-identifiable info removed |
| 3. Allowlisted fields sent | Only permitted fields are forwarded to the AI provider | Lesson title, subject, class name, sanitized content preview |
| 4. AI processes request | OpenRouter routes to Google Gemini | Zero-retention — not stored or used for training |
| 5. Response returned | AI response streamed back to the teacher | Generated lesson content |
What never enters the AI pipeline: student names, grades, attendance records, parent contacts, IEP/504 notes, behavioral observations, or any other student-identifiable information. This is enforced at the code level — it is an architectural safeguard that cannot be bypassed by the teacher or by EMStudio staff. See our AI Security section for technical details.
4. Who Can Access Your Data
| Who | Can They See Your Data? | Details |
|---|---|---|
| You (the teacher) | Yes | Full access to all your own data. You can view, edit, export, and delete everything. |
| Other teachers | No | Row-Level Security prevents any teacher from seeing another teacher's data. There is no shared view. |
| EMStudio support | Only with your explicit request | We can access your data only if you contact us for support and explicitly grant access. We never browse user data proactively. |
| Students | No | Students do not have accounts and cannot log in to EMStudio. |
| Parents | No | Parents do not have accounts. They can request access to their child's data through the school. See parental rights. |
| Advertisers | Never | We do not have advertisers. We do not sell data. We do not show ads. See our commitments. |
| Government / law enforcement | Only if legally compelled | See Section 6 below. |
5. What We Don't Collect
For complete clarity, here is what EMStudio does not collect or store:
- Precise geolocation (GPS coordinates)
- Biometric data (fingerprints, face scans)
- Browsing activity outside of EMStudio
- Contacts, calendars, or files from your Google/Microsoft account (OAuth only provides name, email, and profile photo)
- Full credit card numbers (Stripe handles payment — we only see last 4 digits)
- Social media profiles or social graph data
- Student device information (students don't use EMStudio)
- Audio, video, or screen recordings
6. Government & Law Enforcement Requests
EMStudio will only disclose user data to government or law enforcement when legally compelled by a valid subpoena, court order, or other binding legal process. We commit to:
- Narrow compliance: We disclose only the specific data required by the legal process — nothing more
- User notification: Unless prohibited by law (e.g., a gag order), we will notify the affected user before disclosing their data
- Challenging overbroad requests: We will push back on requests that are vague, overbroad, or that we believe are not legally valid
- Transparency: We disclose the number of requests received in our annual transparency report
7. Annual Transparency Report
2025–2026 transparency report
- Government/law enforcement data requests received: 0
- National security requests received: 0
- User data disclosed to any government: 0 records
- Content removal requests received: 0
- Data breaches: 0
We publish this report annually. A count of zero is itself the signal — it means no government has asked us for your data. We will update this section each year and note any changes. For our breach notification procedures, see our Security page and DPA breach notification table.
8. Contact
For questions about data transparency or to request details about how your specific data is processed:
Education Management Studio
d/b/a EMStudio
Email: info@emstudio.pro
Related Policies
- Privacy Policy — the full legal privacy notice
- Sub-Processors — detailed vendor list with student data breakdown
- Cookie Policy — cookie inventory and consent details
- Security — technical safeguards and incident response
- GDPR Compliance — legal bases and your rights
- FERPA Compliance — education records and school relationships
- COPPA Compliance — children's data protections
- Data Processing Addendum — formal school agreement
- Our Commitments — 12 privacy promises