Security & privacy

What we do and don't do with student writing.

Six principles. Plain English. Defensible to parents, admins, and IT.

Coach Mode is server-enforced

Every classroom AI request runs through a server-side filter that refuses to draft prose for a student. The toggle is not on the client. Prompt-injection attempts are rejected before the model sees them.

Student writing is never used to train models

We send drafts to OpenAI and Anthropic for inference only. Both vendors honor zero-retention contracts for inference traffic on our account.

No ads. No analytics resale.

Student data does not flow to advertising or analytics providers. We use first-party telemetry only, scoped to product diagnostics.

13+ attestation

In v1, classrooms operate under teacher attestation that all students are 13+. We are not yet COPPA-cleared for under-13 use.

Students own their writing

A student can leave a classroom at any time and keep every word. The teacher loses read access immediately.

Vendor questionnaires welcomed

Email hello@creader.io and we will respond within 5 business days with a completed questionnaire and any additional documents your IT team requests.

Have a specific question?

Parents: if your child has been invited to a Creader classroom and you want to vet it before they join, email hello@creader.io or use the contact form (select “Parent with a question”).
School IT / vendor due diligence: we respond to questionnaires within 5 business days. Email hello@creader.io with your form, or use the contact form (select “School IT”). The OpenAPI spec lives at /api/openapi and security disclosures at /.well-known/security.txt.
Safeguarding leads: if a specific concern about a student's writing has arisen, email hello@creader.io with the classroom name. We do not auto-flag or block; the teacher remains the first responder per your school's policy.