Privacy Policy
Last updated: May 25, 2026
1. Introduction
Fluence Foundation(“we”, “our”, “the platform”) is an English language education platform that helps teachers manage students, deliver learning materials, and track progress. This Privacy Policy explains what personal data we collect when you use Fluence Foundation, why we collect it, how we use it, and what rights you have over your information.
By creating an account or using the platform you agree to the practices described in this policy. If you do not agree, please discontinue use of the platform.
2. Data We Collect
We collect only the data necessary to provide the platform service. The categories below describe what is collected, from whom, and where it is stored.
2a. Account Data — Teachers
- Full name and work email address
- Password (hashed by Supabase Auth — never stored in plaintext by the platform)
- Acceptance of the Terms of Service (boolean flag recorded at registration time)
- Unique user identifier (UUID auto-generated at registration)
2b. Account Data — Students
- Full name, email address, and phone number (entered by the teacher at invite time)
- Password (hashed — set by the student during account activation)
- English proficiency level (CEFR: A1–C2) assigned by the teacher
- Unique invite code (ABCD-1234 format) used for account activation
2c. Profile Data — Both Roles
- Profile photo (uploaded to Cloudflare R2 object storage; only an object key reference is stored in our database)
- Dark mode preference (light or dark)
- Onboarding completion timestamp
2d. Educational Content — Teachers
- PDF files uploaded to Cloudflare R2 storage
- YouTube and external URLs added as link or video materials (URL only — no content is copied)
- Activity titles, comprehension questions, and pedagogical notes
- Assignment records (which activity was assigned to which student or level, and when)
- Per-teacher storage usage (bytes used and total quota)
2e. Activity Submissions — Students
- Text answers submitted for activity questions
- Submission timestamp and completion status
- Teacher feedback received on each submission, including the feedback timestamp
- Correct answer counts
2f. Notification Data
- In-app notification records triggered by platform events (assignment created, assignment submitted, feedback received)
- Notification payloads include names and activity titles embedded for display purposes
- Read/unread status and read timestamp per notification
2g. Session and Browser Data
- Authentication token stored in your browser's
localStorage, valid for up to 8 hours - Supabase authentication cookies required for server-side session verification (see our Cookie Policy for details)
3. How We Use Your Data
- To create and manage your account and authenticate your identity
- To provide the core platform service: creating activities, assigning materials, and tracking student progress
- To send in-app notifications about relevant activity in your account (new assignments, submitted answers, teacher feedback)
- To allow teachers to review student answers and provide written feedback
- To maintain your display preferences (dark or light mode)
- To enforce storage quotas and display usage information to teachers
We do not use your data for advertising, profiling, or any purpose beyond delivering the platform service described above.
4. Data Sharing
We do not sell your personal data. Data is shared only with the following infrastructure service providers who process data strictly on our behalf:
- Supabase — authentication and database hosting. Supabase processes authentication credentials and stores application data on our behalf.
- Cloudflare R2 — file storage for PDF materials and profile photos. Files are accessed via short-lived presigned URLs.
No data is shared with advertising networks, analytics providers, or any other third parties beyond those listed above.
5. Data Retention
Your data is retained for as long as your account is active on the platform. If you request account deletion, your personal data will be removed within 30 days of the request. Uploaded files (PDF materials, profile photos) stored in Cloudflare R2 are deleted as part of the same process.
To request account deletion and data erasure, contact us at fluencefoundation@gmail.com.
6. Your Rights
You have the following rights regarding your personal data:
- Access — Request a copy of the personal data we hold about you.
- Correction — Request correction of inaccurate or incomplete information in your account profile.
- Deletion — Request erasure of your account and associated personal data.
- Portability — Request your data in a portable, machine-readable format.
- Objection — Object to processing of your data where we rely on legitimate interest as the legal basis.
To exercise any of these rights, contact us at fluencefoundation@gmail.com. We will respond to your request within 15 business days.
7. LGPD — Brazilian Users
Fluence Foundationcomplies with the Lei Geral de Proteção de Dados (LGPD, Law No. 13,709/2018), Brazil's federal data protection law. This section provides additional disclosures required for users located in Brazil.
Legal bases for processing: We process your personal data under two legal bases recognized by the LGPD:
- Contractual necessity (Art. 7, V) — Processing required to deliver the platform service, including account creation, assignment management, and content delivery.
- Legitimate interest (Art. 7, IX) — Processing for session management, in-app notifications, and display preference persistence, provided such interests do not override your fundamental rights.
The rights described in Section 6 of this policy correspond directly to the data subject rights granted under LGPD Articles 18 and 20, including access, correction, deletion, portability, and the right to object to processing.
Data Protection Contact: fluencefoundation@gmail.com
Para informações em Português sobre seus direitos, entre em contato pelo e-mail acima.
8. Security
We take reasonable technical and organizational measures to protect your personal data:
- Passwords are never stored in plaintext — all password handling is managed by Supabase Auth, which stores only cryptographic hashes.
- Authenticated sessions expire after 8 hours of inactivity, requiring re-authentication.
- All API requests to our backend require a valid bearer token on every request.
- File uploads and downloads use short-lived presigned URLs that expire after a brief window, preventing unauthorized access to stored files.
- Communication between your browser and our servers is encrypted via HTTPS/TLS.
Despite these measures, no internet-based service can guarantee absolute security. In the event of a data breach that may affect your rights, we will notify affected users in accordance with applicable law.
9. Children's Privacy
Fluence Foundationis not directed at children under 13 years of age, and we do not knowingly collect personal data from children under 13 without verified parental or guardian consent. Teachers who add student accounts for minors are solely responsible for obtaining all necessary permissions and consents from students' parents or legal guardians before entering student contact information (name, email, phone number) into the platform.
If we become aware that personal data has been collected from a child under 13 without appropriate consent, we will take steps to delete that information promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make changes, we will update the “Last updated” date at the top of this page. For material changes, we will notify users via email or an in-app notice. Continued use of the platform after changes are posted constitutes your acceptance of the revised policy.
11. Contact
If you have questions or concerns about this Privacy Policy or how we handle your personal data, please contact us at:
Fluence Foundation
Email: fluencefoundation@gmail.com