← Back to Login
⚠️ EXCLUSIVE INSTITUTIONAL LICENSE: This application is exclusively developed for and licensed to Lourdes School of Mandaluyong. This Privacy Policy applies solely to that authorized school and its authorized users. Unauthorized use, redistribution, or access is strictly prohibited.
1. Overview & Authority
LSM AI HUB ("System") is an exclusive suite of 15 AI-powered teaching tools — including the Learning Plan AI, Quiz Generator, Rubric Generator, Writing Feedback, Worksheet Generator, Progress Comment, Learning Path, Note Taker, Presentation Maker, Class Programming, AI-Resistant Assignment Generator, Course Outline & Syllabus Generator, Performance Task Generator, GRR Framework Generator, and CER Generator — developed by a freelance developer for use by Lourdes School of Mandaluyong ("School"). This Privacy Policy outlines how teacher data are collected, used, protected, and managed.
Developer Information: This application is developed and maintained by an independent freelance software developer. The developer is NOT an employee of the School and is NOT connected to school administration. Data handling is governed by a separate Technical Service Agreement between the developer and the School.
2. Data Collection & Usage
What Data We Collect:
- Authentication Data: Google email (@lsm.edu.ph domain), name, and profile picture via Google OAuth 2.0
- Lesson Plan Data: Created lesson plans, learning objectives, teaching strategies, and assessment materials
- Session Data: Login timestamps, device information, and session activity logs
- Usage Analytics: Feature usage patterns and application performance metrics
How We Use Your Data:
- Enable authenticated access to the Application
- Provide AI-powered lesson plan generation using Google Gemini API
- Store lesson plans in secure Firestore database
- Maintain audit logs for compliance and security
- Improve Application functionality and performance
- Ensure data security and prevent unauthorized access
3. Data Storage & Infrastructure
- Database: Google Cloud Firestore (encrypted at rest)
- Firestore Collections:
users/{uid} — user profile, session ID, expiration dateusers/{uid}/lessonPlans — lesson plans saved by each userlearnedPatterns/{section} — anonymized AI content patterns used to improve the template fallback engine; not linked to individual userstoolResponses/{toolType} — cached AI-generated content per tool type, used to serve saved responses when the Gemini API quota is exhausted; not linked to individual users
- Hosting: Firebase Hosting (distributed CDN)
- Cloud Functions: Google Cloud Functions (API backend)
- Authentication: Firebase Authentication + Google OAuth 2.0
- Encryption: HTTPS/TLS 1.2+ for all data in transit; AES-256 for data at rest
4. Access Control & Data Isolation
The Application enforces strict access controls through Firestore Security Rules:
- Only users with @lsm.edu.ph email addresses can access the Application
- Users can only view and edit their own lesson plans
- Each user's data is isolated at the database level
- Administrative access requires explicit authorization via custom claims
- All database access is logged in immutable audit logs
🔒 Single-Device Session Management: Each login creates a unique session ID. If you login from another device, the previous session is invalidated after 10 seconds, preventing unauthorized multi-device access.
5. Third-Party Services & APIs
This Application integrates with the following third-party services:
Google Services (Required):
- Google OAuth 2.0: User authentication with @lsm.edu.ph email
- Google Gemini API: AI-powered lesson plan generation
- Google Cloud Firestore: Secure database storage
- Firebase Authentication: User identity management
- Google Cloud Functions: Secure API backend
Google's Privacy Practices: When you use Google OAuth, you consent to Google's Privacy Policy. This Application is configured as an internal organizational application for a single institution. Google's policies regarding domain-restricted applications are fully observed.
API Data Sharing: Prompts sent to Gemini API are processed by Google according to their AI Principles and Privacy Policy. The School retains ownership of all generated lesson plan content.
6. Data Retention & Deletion
- Active Data: Lesson plans and user records are retained indefinitely for institutional continuity
- Session Data: Automatically deleted after logout or 24 hours of inactivity
- Audit Logs: Retained for 365 days for security and compliance
- User Deletion: Upon request to School administration, all user data can be securely deleted from the Application
7. FERPA & Educational Data Protection
This Application complies with the Family Educational Rights and Privacy Act (FERPA) by:
- Restricting access to lesson plans to authorized educational personnel only
- Maintaining detailed access logs for audit purposes
- Ensuring student data in lesson content is protected at all times
- Providing secure data export and deletion capabilities
- Operating under institutional control and governance
Note: This Application stores lesson plan content created by teachers. School administrators are responsible for ensuring that such content complies with FERPA requirements, particularly regarding student privacy.
8. GDPR & International Privacy Laws
While primarily serving a Philippine institution, this Application respects international privacy standards:
- GDPR (EU): Compliant with data protection principles
- CCPA (California): Respects consumer data rights
- Philippine Data Privacy Act (DPA): Full compliance with RA 10173
- Data Portability: Users can export their lesson plans anytime
- Right to Deletion: Users can request complete data removal
9. Security Measures
The Application implements industry-standard security practices:
- Transport Layer: HTTPS/TLS 1.2+ for all communications
- Data Encryption: AES-256 encryption for data at rest
- Authentication: Multi-step Firebase + Google OAuth verification
- Authorization: Firestore rules enforce field-level access control
- API Security: All API endpoints require session validation
- Audit Logging: Comprehensive logs of all database access
- Rate Limiting: Protection against brute force and DDoS attacks
- Regular Updates: Continuous security patches and monitoring
10. Responsibilities & Disclaimer
Developer Responsibilities:
- Maintain secure infrastructure and apply security patches promptly
- Encrypt all data both in transit and at rest
- Maintain detailed audit logs and security documentation
- Respond to data breach incidents within 72 hours
- Provide technical support and maintenance as contractually agreed
School Responsibilities:
- Ensure authorized personnel use appropriate security practices (strong passwords, secure devices)
- Control access credentials and prevent unauthorized sharing
- Maintain compliance with institutional data policies
- Ensure lesson plan content complies with FERPA and privacy laws
- Report suspected data breaches immediately to the developer
⚠️ Limitation of Liability: The developer provides this Application "as-is" without warranty of any kind. While reasonable efforts are made to ensure security and reliability, the developer is not responsible for: (1) unauthorized access due to user negligence, (2) data loss due to server failures beyond reasonable control, (3) service interruptions due to third-party provider outages, or (4) compliance failures by the School or its personnel.
11. Data Breach Response
- Detection: Automated monitoring and audit log analysis
- Notification: School will be notified within 72 hours of discovery
- Investigation: Comprehensive security analysis with detailed report
- Remediation: Immediate steps to secure systems and prevent recurrence
- Documentation: Full incident documentation provided to School
12. Google Compliance & Policies
This Application strictly adheres to Google's policies:
- Google APIs Terms of Service: Full compliance with Google Cloud Terms
- Google User Data Policy: Restricted to authorized institutional use only
- Domain Restriction: Limited to @lsm.edu.ph domain as authorized
- OAuth Scope: Only basic profile and email information requested
- Gemini AI Usage: Compliant with responsible AI usage guidelines
- Data Processing: Compliant with Google's data processing addendum
13. Changes to This Policy
This Privacy Policy may be updated periodically to reflect changes in practices, technology, legal requirements, or other factors. The School will be notified of material changes via email, and continued use of the Application constitutes acceptance of updated terms.
14. Contact & Support
For privacy concerns, data requests, or security issues, please contact the School's IT/Data Administrator, who will coordinate with the application developer.
Direct Developer Contact: Technical issues and security concerns should be reported immediately through official school channels to ensure proper documentation and institutional oversight.
15. Data Subject Rights
As a user of this exclusive institutional application, you have the right to:
- Access all your personal data stored in the Application
- Request correction of inaccurate information
- Request deletion of your data (subject to institutional requirements)
- Obtain a copy of your data in portable format
- Withdraw consent for non-essential processing
- File complaints with relevant data protection authorities
Requests should be directed to your School's designated Data Protection Officer or IT Administrator.