Privacy Policy

The Language Firm, LLC (the “Company,” “we,” “us,” “our”)

Effective date: January 5, 2026
Last updated: January 5, 2026

This Privacy Policy describes how we collect, use, disclose, and protect information when you access or use our websites, applications, Google Workspace add-ons, and services (collectively, the “Services”).

1) Scope

This Privacy Policy applies to:

  • Our public website(s) hosted at languagefirm.org

  • Any customer portals, dashboards, and web apps we operate (including accounts, licensing, and seat management)

  • Google Workspace Marketplace add-ons (for example, editor add-ons for Google Sheets)

  • Templates, exports, reports, and generated artifacts

  • Professional services (audits, consulting, implementation support, training/PD)

  • Support channels and newsletters we operate

This policy does not cover third-party websites, products, or services that you access through links or integrations.

2) Contact

The Language Firm, LLC

Email (Support & Legal): jcs@thelanguagefirm.org

3) Key concepts and roles (education contexts)

When a school, district, or educational organization (“Customer”) uses our Services to process student or staff data, the Customer typically acts as the data controller (or the educational agency/institution under applicable education privacy laws). We act as a service provider/processor and handle Customer Content only to provide the Services and under the Customer’s instructions.

If you are an individual user not acting on behalf of an organization, you may be the controller for your own information.

4) Information we collect

A. Information you provide

We may collect information you submit when you create an account, purchase a subscription, request a demo, contact support, or use our Services, such as:

  • Name, email address, organization name, role/title (phone number optional)

  • Account/profile settings (where applicable)

  • Support requests and communications (including attachments you choose to share)

  • Training/PD registration information (if you enroll)

  • Billing contact information you provide during checkout

B. Payment and subscription information (Stripe)

Payments are processed by Stripe. We do not store full payment card numbers. We may receive and store:

  • Stripe customer and subscription identifiers

  • Subscription status, invoices/receipts, payment status

  • Limited billing details made available by the processor (for example, billing name and address)

C. Data processed within tools (Customer Content)

Our tools may process data you or your organization input or generate, including:

  • Rosters, assessment inputs/outputs, scoring results, groupings, flags, intervention notes/tags

  • District/school rollups, exports, snapshots, one-pagers, and generated files

  • Template configurations and settings

Many workflows are designed to keep Customer Content primarily in the Customer’s Google Workspace environment (Google Sheets/Drive) and/or the Customer’s chosen storage environment. We may also store limited account and licensing metadata (for example, user email, seat status, subscription identifiers, and timestamps) to operate access controls and provide support.

D. Google account and Workspace information (for add-ons)

If you install and use our Google Workspace add-ons, we may access Google account information and Google files only as needed for add-on functionality and licensing, depending on the scopes you authorize.

E. Automatically collected information (website/app)

When you visit our website or use our web apps, we (and our service providers) may collect:

  • Device and browser information, IP address, approximate location (city/region), timestamps

  • Pages viewed, links clicked, referring/exit pages

  • Cookies and similar technologies (see “Cookies and similar technologies”)

5) How we use information

We use information to:

  • Provide, operate, secure, and maintain the Services

  • Create, generate, and deliver requested outputs (templates, exports, reports, artifacts)

  • Manage accounts, subscriptions, seat access, licensing enforcement, and payments

  • Provide customer support and troubleshooting

  • Improve performance, reliability, and user experience

  • Communicate about service updates, policy changes, and administrative notices

  • Send newsletters/marketing communications (you can opt out)

  • Detect, prevent, and respond to fraud, abuse, and security incidents

  • Comply with legal obligations and enforce our agreements

Marketing emails include an unsubscribe mechanism, and we honor opt-out requests as required by law. Even if you opt out of marketing, we may still send transactional or administrative messages (for example, receipts, security notices, or important service updates).

6) Google API Data and “Limited Use”

Some Services integrate with Google APIs (including Google Workspace add-ons). Our use of information received from Google APIs will comply with the Google API Services User Data Policy, including the Limited Use requirements.

In practical terms:

  • We use Google API data only to provide or improve user-facing features that are prominent in the requesting application’s user interface.

  • We do not sell Google API data.

  • We do not use Google API data for advertising or to build generalized user profiles unrelated to providing the Services.

  • We only share Google API data with service providers as necessary to deliver the Services and under appropriate safeguards.

7) External requests and integrations

Certain features may connect to external services (for example, licensing/seat checks or optional integrations). When enabled/used, we may transmit the minimal information needed to perform the requested function (for example, user email for seat verification, plan identifiers, timestamps, and request metadata).

8) How we share information

We do not sell personal information. We may share information in these situations:

A. Service providers (subprocessors)

We use vendors to help operate the Services (for example, hosting, databases, analytics, and payment processing). These providers may access information only to perform services for us under contractual obligations consistent with this policy.

Current subprocessors may include:

  • Stripe (payment processing and billing)

  • Supabase (authentication, database, and account/licensing data storage)

  • Vercel (hosting and content delivery for our website and web applications)

  • Google Analytics (website analytics and performance measurement)

B. Legal, compliance, and protection

We may disclose information to comply with law, respond to lawful requests, protect rights and safety, enforce agreements, and prevent fraud or abuse.

C. Business transfers

If we undergo a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.

9) Data retention

We retain information only as long as necessary for:

  • Providing the Services and fulfilling customer requests

  • Maintaining subscription, licensing, and accounting records

  • Resolving disputes, enforcing agreements, and preventing abuse

  • Meeting legal obligations

Customer Content retention is often controlled by the Customer through their Google Workspace or storage environment. If you request deletion of our backend records, we will delete or de-identify them unless retention is required for legal, security, fraud-prevention, or legitimate business purposes.

10) Security

We use administrative, technical, and organizational safeguards designed to protect information. No method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of account credentials and for controlling permissions/sharing in your Google Workspace or other environments.

11) Student Data Commitments (K–12)

To the extent Customer Content includes student data or education records (“Student Data”):

  • We process Student Data only to provide, secure, and support the Services and as directed by the educational institution and/or as described in an applicable DPA.

  • We do not sell Student Data.

  • We do not use Student Data for targeted advertising.

  • We do not use Student Data to build profiles about students for purposes unrelated to providing the Services.

  • We share Student Data only with service providers as necessary to deliver the Services and under appropriate safeguards.

  • Where a DPA applies, the DPA may include more specific privacy, security, retention, and deletion terms and will control in the event of a conflict with this Privacy Policy regarding Student Data.

12) Children’s privacy (COPPA) and education privacy (FERPA)

Our Services are intended for use by authorized educators, staff, and organizations—not for children to use directly without school involvement. Where student data is processed:

  • The Customer is responsible for providing any required notices and obtaining any necessary consents.

  • We process student data only to provide the Services under the Customer’s instructions.

13) Cookies and similar technologies

We may use cookies and similar technologies for:

  • Essential site/app functionality (authentication, session management)

  • Preferences and settings

  • Analytics and performance measurement

  • Security and fraud prevention

You can manage cookies through your browser settings. Some features may not function if cookies are disabled.

14) Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or receive a copy of certain personal information, or to object/restrict certain processing.

For school/district-managed data (including student records), requests should generally be directed to the Customer (your school/district). For our account and billing records, contact jcs@thelanguagefirm.org.

California Privacy Notice (CCPA/CPRA)

If you are a California resident and we are subject to applicable California privacy law, you may have the right to:

  • Know/access the personal information we collect, use, and disclose

  • Request deletion of personal information (subject to exceptions)

  • Request correction of inaccurate personal information

  • Opt out of the “sale” or “sharing” of personal information as those terms are defined by law

  • Limit certain uses and disclosures of “sensitive personal information,” where applicable

We do not sell personal information. We do not share personal information for cross-context behavioral advertising as defined by California law. If our practices change, we will update this policy.

How to exercise rights: Email jcs@thelanguagefirm.org with your request and the account email. We may need to verify your identity. You may use an authorized agent where permitted. We will not discriminate against you for exercising privacy rights.

Global Privacy Control (GPC): Where required and technically feasible, we will honor GPC and similar opt-out preference signals.

15) International data transfers

If you access our Services from outside the country where our servers are located, your information may be transferred and processed in other jurisdictions. Where required, we use appropriate safeguards.

16) Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date. Material changes may be communicated via the Services or email.