Privacy Policy
This Privacy Policy describes how CLIL Notebook (“we”, “us”, “our”) collects, uses, stores, and protects personal information when you use the CLIL Notebook web application at our website (the “Service”). It applies to teachers and other users who sign in and use the platform.
If you use the CLIL Notebook Capture Chrome extension, please also read our Extension Privacy Policy, which covers extension-specific data collection.
1. Overview
CLIL Notebook is an educational tool for lesson planning, resource management, and AI-assisted content generation in CLIL (Content and Language Integrated Learning) contexts. We process personal data only as needed to provide the Service, keep your account secure, and improve reliability. We do not sell your personal data.
2. Data controller
The operator of CLIL Notebook is responsible for personal data processed through the Service. For privacy-related requests, contact us using the details in Section 15.
3. Information we collect
3.1 Account and authentication data
When you sign in with Google, we receive information from Google’s authentication service, such as:
- Your Google account identifier (user ID)
- Email address
- Display name and profile picture (if provided by Google)
Authentication is handled through Firebase Authentication (Google Cloud). We use this data to create and maintain your account, identify you across sessions, and secure access to your content.
3.2 Content you create or upload
We store content you voluntarily provide while using the Service, including:
- Lessons — titles, lesson structure, generated and edited text, metadata (e.g. last modified dates)
- Resources — URLs, page titles, summaries, extracted or uploaded text, thumbnails, notes, and file uploads (e.g. documents you choose to upload)
- Class profiles — class names, student counts, grade levels, language and activity preferences
- Activity settings — customized activity-type prompts and custom activities you define
- Chat and generation inputs — prompts, instructions, and context you send when generating or refining lesson content
- Language tools — text you submit for translation or language-focused generation
- Favourites and organisation — starred items, grouping preferences, and similar in-app settings
3.3 Sharing between users
If you use the sharing feature, we process the recipient’s email address you enter and metadata about shared lessons or resources (sender, recipient, item type, status). Shared content may be copied to the recipient’s library if they accept the share.
3.4 Technical and usage data
We may automatically collect limited technical information, such as:
- Browser type, device type, and general device information
- IP address (typically logged by our hosting infrastructure for security and abuse prevention)
- Timestamps of requests and error logs
- Authentication tokens and session-related data necessary to keep you signed in
3.5 Local storage in your browser
The Service uses local storage and similar browser technologies for preferences (e.g. UI language, theme, active class selection) and temporary workflow state. This data stays on your device unless synchronised through your account via our backend.
3.6 Speech and read-aloud features
Speech-to-text (dictation) and text-to-speech (read aloud), where available, may use your browser’s built-in speech APIs. Audio processing for dictation may occur locally in the browser or via your browser vendor’s speech services, according to your browser settings. We do not intentionally store raw audio recordings from dictation unless clearly stated in the feature UI.
4. How we use your information
We use personal data to:
- Provide, operate, and maintain the Service
- Authenticate you and enforce access controls so only you (and intended recipients of shares) can access your data
- Store and sync your lessons, resources, classes, and settings
- Process URLs and files you submit to build resource summaries and support lesson generation
- Generate and refine educational content using AI, based on your inputs and settings
- Enable sharing of lessons and resources with colleagues you designate
- Respond to support requests and fix bugs
- Protect the security and integrity of the Service (fraud prevention, abuse detection, backups)
- Comply with legal obligations
We do not use your data for third-party advertising or sell personal information.
5. AI processing
Certain features send your prompts, lesson context, resource text, and related parameters to third-party AI providers (such as OpenAI) to generate or transform content. This may include lesson activities, helper text, chat replies, translations, and search-related processing.
When using AI features:
- Only the information needed for the request is transmitted
- Processing is performed to fulfil your explicit action (e.g. clicking Generate or Send)
- You should avoid submitting unnecessary personal data about students or others in prompts
AI outputs may be inaccurate or inappropriate; you are responsible for reviewing content before classroom use. Provider terms and privacy practices also apply to data they process on our behalf.
6. How we share information
6.1 Other users (sharing feature)
When you share a lesson or resource, we share the relevant content and metadata with the recipient you specify. Recipients must have (or create) a CLIL Notebook account to accept shares in the normal workflow.
6.2 Service providers
We use trusted processors to run the Service, including:
- Google Firebase / Google Cloud — authentication, database (Firestore), and hosting-related infrastructure
- OpenAI — AI text generation and related features
- Hosting provider — application hosting and delivery (e.g. our deployment platform)
- Third-party content services — where you save URLs (e.g. fetching page metadata, transcripts, or thumbnails from video or article sources), limited to what is needed to process your request
These providers process data under contractual and security obligations appropriate to their role. They may not use your content for their own marketing purposes except as described in their policies.
6.3 Legal requirements
We may disclose information if required by law, court order, or governmental request, or when we believe disclosure is necessary to protect rights, safety, or the security of the Service.
7. International data transfers
Your data may be processed in countries other than your own (including the United States and European Union), where our service providers operate data centres. We rely on appropriate safeguards where required by law (such as standard contractual clauses or provider certifications).
8. Data retention
We retain your account data and content for as long as your account is active or as needed to provide the Service. You may delete individual resources and lessons within the application. If you wish to delete your account or request erasure of personal data, contact us (see Section 15). We may retain limited information where required by law or for legitimate security and backup purposes for a reasonable period.
9. Data security
We use industry-standard measures to protect data, including HTTPS encryption in transit, Firebase security rules and authentication for access control, and restricted access to production systems. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
10. Your rights
Depending on your location (including the UK and EEA under GDPR), you may have rights to:
- Access — request a copy of personal data we hold about you
- Rectification — correct inaccurate data
- Erasure — request deletion in certain circumstances
- Restriction — limit processing in certain cases
- Portability — receive data in a structured, machine-readable format where applicable
- Objection — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent
- Complain — lodge a complaint with your local data protection authority
To exercise these rights, contact us at the address in Section 15. We may need to verify your identity before responding.
11. Legal bases (EEA/UK)
Where GDPR applies, we process personal data on bases including:
- Contract — to provide the Service you request
- Legitimate interests — security, improvement, and operation of the platform, balanced against your rights
- Consent — where required (e.g. optional features or cookies beyond strictly necessary)
- Legal obligation — where we must comply with law
12. Children’s privacy
CLIL Notebook is intended for educators and adult users. It is not directed at children under 13 (or 16 in some jurisdictions). We do not knowingly collect personal information from children through the Service. If you believe a child has provided us personal data, please contact us so we can take appropriate steps.
Teachers are responsible for complying with school policies and applicable laws when using generated content with students, including obtaining any required consents.
13. Cookies and similar technologies
We use strictly necessary cookies and storage for authentication and session management. We may use preference storage (local storage) for settings such as language and theme. We do not use third-party advertising cookies on the Service. You can control cookies through your browser settings; disabling essential cookies may affect login.
14. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Material changes may be communicated through the Service or by email where appropriate. Continued use after changes take effect constitutes acceptance of the updated policy.
15. Contact us
For privacy questions, data subject requests, or concerns about this policy, contact the CLIL Notebook team:
- Through the support or contact option in the CLIL Notebook application, or
- By email: privacy@clilnotebook.app (replace with your operational contact if different)
We aim to respond to legitimate requests within a reasonable timeframe and in accordance with applicable law.