PRIVACY POLICY

The Language Firm

languagefirm.org  —  Effective Date: January 5, 2026  —  Last Updated: March 2026


This Privacy Policy describes how The Language Firm, LLC (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you access or use our websites, applications, Google Workspace add-ons, and services (collectively, the “Services”).


1. Scope

This Privacy Policy applies to:

  • Our public website(s) at languagefirm.org

  • The District Filing — our subscription-based content and compliance resource platform

  • Customer portals, dashboards, and web applications we operate, including accounts, licensing, and seat management

  • Google Workspace Marketplace add-ons, including editor add-ons for Google Sheets

  • Templates, exports, reports, and generated artifacts

  • Professional services including audits, consulting, implementation support, training, and professional development

  • Support channels and newsletters we operate

This policy does not cover third-party websites, products, or services you access through links or integrations.


2. Contact

The Language Firm, LLC

Email (Support & Legal): jcs@thelanguagefirm.org

Website: languagefirm.org


3. Key Concepts and Roles (Education Contexts)

When a school, district, or educational organization (“Customer”) uses our Services to process student or staff data, the Customer typically acts as the data controller, or the educational agency or institution under applicable education privacy laws. We act as a service provider and processor, handling Customer Content only to provide the Services and under the Customer’s instructions.

If you are an individual user not acting on behalf of an organization, you may be the controller for your own information.


4. Information We Collect

A. Information You Provide

We may collect information you submit when you create an account, purchase a subscription, request a demo, contact support, or use our Services, including:

  • Name, email address, organization name, and role or title (phone number optional)

  • Account and profile settings where applicable

  • Support requests and communications, including attachments you choose to share

  • Training and professional development registration information

  • Billing contact information provided during checkout

B. Payment and Subscription Information

Payments are processed by Stripe. We do not store full payment card numbers. We may receive and store:

  • Stripe customer and subscription identifiers

  • Subscription status, invoices, receipts, and payment status

  • Limited billing details made available by Stripe, such as billing name and address

C. Data Processed Within Tools (Customer Content)

Our tools may process data you or your organization input or generate, including:

  • Rosters, assessment inputs and outputs, scoring results, groupings, flags, intervention notes, and tags

  • District and school rollups, exports, snapshots, one-pagers, and generated files

  • Template configurations and settings

Many workflows are designed to keep Customer Content primarily in the Customer’s Google Workspace environment (Google Sheets and Drive) and/or the Customer’s chosen storage environment. We may also store limited account and licensing metadata — such as user email, seat status, subscription identifiers, and timestamps — to operate access controls and provide support.

D. Google Account and Workspace Information

If you install and use our Google Workspace add-ons, we may access Google account information and Google files only as needed for add-on functionality and licensing, depending on the scopes you authorize.

E. Automatically Collected Information

When you visit our website or use our web applications, we and our service providers may collect:

  • Device and browser information, IP address, approximate location (city or region), and timestamps

  • Pages viewed, links clicked, and referring or exit pages

  • Cookies and similar technologies (see Section 13)


5. How We Use Information

We use information to:

  • Provide, operate, secure, and maintain the Services

  • Create, generate, and deliver requested outputs such as templates, exports, reports, and artifacts

  • Manage accounts, subscriptions, seat access, licensing enforcement, and payments

  • Provide customer support and troubleshooting

  • Improve performance, reliability, and user experience

  • Communicate about service updates, policy changes, and administrative notices

  • Send newsletters and marketing communications (you can opt out at any time)

  • Detect, prevent, and respond to fraud, abuse, and security incidents

  • Comply with legal obligations and enforce our agreements

Marketing emails include an unsubscribe mechanism and we honor opt-out requests as required by law. Even if you opt out of marketing, we may still send transactional or administrative messages such as receipts, security notices, or important service updates.


6. Google API Data and Limited Use

Some Services integrate with Google APIs, including Google Workspace add-ons. Our use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. In practice:

  • We use Google API data only to provide or improve user-facing features that are prominent in the requesting application’s interface.

  • We do not sell Google API data.

  • We do not use Google API data for advertising or to build generalized user profiles unrelated to providing the Services.

  • We share Google API data with service providers only as necessary to deliver the Services and under appropriate safeguards.


7. External Requests and Integrations

Certain features may connect to external services, such as licensing and seat checks or optional integrations. When enabled, we transmit only the minimal information needed to perform the requested function — for example, user email for seat verification, plan identifiers, timestamps, and request metadata.


8. How We Share Information

We do not sell personal information. We may share information in the following situations:

A. Service Providers (Subprocessors)

We use vendors to help operate the Services. These providers may access information only to perform services for us under contractual obligations consistent with this policy. Current subprocessors include:

  • Stripe — payment processing and billing

  • Supabase — authentication, database, and account and licensing data storage

  • Vercel — hosting and content delivery for our website and web applications

  • Google Analytics — website analytics and performance measurement

B. Legal, Compliance, and Protection

We may disclose information to comply with law, respond to lawful requests, protect rights and safety, enforce our agreements, and prevent fraud or abuse.

C. Business Transfers

If we undergo a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.


9. Data Retention

We retain information only as long as necessary for:

  • Providing the Services and fulfilling customer requests

  • Maintaining subscription, licensing, and accounting records

  • Resolving disputes, enforcing agreements, and preventing abuse

  • Meeting legal obligations

Customer Content retention is often controlled by the Customer through their Google Workspace or storage environment. If you request deletion of our backend records, we will delete or de-identify them unless retention is required for legal, security, fraud-prevention, or legitimate business purposes.


10. Security

We use administrative, technical, and organizational safeguards designed to protect information. No method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for controlling permissions and sharing in your Google Workspace or other environments.


11. Student Data Commitments (K–12)

To the extent Customer Content includes student data or education records, we handle such data in accordance with applicable federal and state law, including FERPA. We do not sell student data or use it for targeted advertising, and we do not use student data to build profiles for purposes unrelated to providing the Services. We share student data only with service providers as necessary to deliver the Services and under appropriate safeguards.

Organizations with specific contractual requirements for student data handling are encouraged to contact us at jcs@thelanguagefirm.org to discuss a Data Processing Addendum before using the Services with student data. Where a DPA is executed, it controls in the event of a conflict with this Privacy Policy regarding student data.


12. Children’s Privacy (COPPA) and Education Privacy (FERPA)

Our Services are intended for use by authorized educators, staff, and organizations — not for direct use by children without school involvement. Where student data is processed, the Customer is responsible for providing any required notices and obtaining any necessary consents. We process student data only to provide the Services under the Customer’s instructions.


13. Cookies and Similar Technologies

We may use cookies and similar technologies for:

  • Essential site and application functionality, including authentication and session management

  • Preferences and settings

  • Analytics and performance measurement

  • Security and fraud prevention

You can manage cookies through your browser settings. Some features may not function properly if cookies are disabled.


14. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, or receive a copy of certain personal information, or to object to or restrict certain processing. For school or district-managed data including student records, requests should generally be directed to the Customer (your school or district). For our account and billing records, contact jcs@thelanguagefirm.org.

California Privacy Notice (CCPA/CPRA)

If you are a California resident and applicable California privacy law applies, you may have the right to:

  • Know and access the personal information we collect, use, and disclose

  • Request deletion of personal information, subject to exceptions

  • Request correction of inaccurate personal information

  • Opt out of the “sale” or “sharing” of personal information as defined by law

  • Limit certain uses and disclosures of sensitive personal information where applicable

We do not sell personal information. We do not share personal information for cross-context behavioral advertising as defined by California law. If our practices change, we will update this policy.

To exercise your rights, email jcs@thelanguagefirm.org with your request and account email. We may need to verify your identity. You may use an authorized agent where permitted by law. We will not discriminate against you for exercising your privacy rights.

Where required and technically feasible, we will honor Global Privacy Control (GPC) and similar opt-out preference signals.

Other State Privacy Laws

Residents of other states — including Texas, Virginia, Colorado, and others with applicable privacy laws — may have similar rights regarding their personal information. To make a request, contact jcs@thelanguagefirm.org. We will respond in accordance with applicable law.


15. International Data Transfers

If you access our Services from outside the country where our servers are located, your information may be transferred and processed in other jurisdictions. Where required by applicable law, we use appropriate safeguards for such transfers.


16. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last Updated” date. Material changes may be communicated through the Services or by email. Continued use of the Services after changes take effect constitutes acceptance of the revised policy.

Contact Us

For privacy questions, data requests, or concerns:

Email: jcs@thelanguagefirm.org

Website: languagefirm.org