Privacy Policy & Compliance
ProfGenie is built for education. We protect student data, instructor content, and institutional trust with industry-leading security standards.
Last updated: March 29, 2026
Regulatory & Industry Compliance
ProfGenie aligns with the following frameworks to protect your data
Student education records are protected. Only authorized instructors access their own students’ data.
Platform is designed for higher-education users 18+. No data is knowingly collected from children under 13.
Infrastructure follows SOC 2 Trust Service Criteria for security, availability, and confidentiality.
Platform meets accessibility standards so all users, including those with disabilities, can participate fully.
Controls aligned with NIST 800-171 for protecting Controlled Unclassified Information in non-federal systems.
Copyright-protected content is safeguarded. We respond to valid DMCA takedown requests promptly.
Compliant with Google’s Limited Use requirements. OAuth data is used solely for authentication, never sold or shared.
Advanced Client Security
In-browser protections active on every page
Source Code Protection
Right-click, View Source, and developer-tool shortcuts are disabled to prevent content scraping.
Copy / Paste Blocked
Clipboard operations are restricted outside input fields to protect proprietary course content.
DevTools Detection
F12, Ctrl+Shift+I/J/C keyboard shortcuts are intercepted to deter unauthorized inspection.
Anti-Print Shield
Print and Save-Page shortcuts are blocked, and print stylesheets are suppressed in protected views.
Security Headers
CSP, HSTS (preload), X-Frame-Options DENY, and strict Referrer-Policy headers on every response.
Session Expiry
Authenticated sessions auto-expire after 8 hours to minimize risk from unattended devices.
Data Control & Ownership
You own your data — here's how we enforce it
Strict Data Isolation
Every professor sees only their own courses, students, and content. No cross-account data leakage — ever.
Role-Based Access Control
Admin, Professor, and Student roles enforce least-privilege access at every API endpoint.
Right to Deletion
Request full account and data deletion at any time. We honor deletion requests within 30 days.
Consent-Based Processing
AI features only process content you explicitly submit. No background data mining or model training on your data.
Google API Services — Limited Use Disclosure
ProfGenie's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
- We only request scopes necessary for authentication (email, profile).
- Google user data is never sold, rented, or shared with third parties for advertising.
- Data obtained via Google OAuth is used solely to create and maintain your account.
- You may revoke access at any time through your Google Account security settings.
Full Privacy Policy
1. Overview
ProfGenie Platform respects your privacy. This policy explains what data we collect, how we use it, and the choices you have.
2. Data We Collect
- Account data: name, email, and profile image via Google OAuth.
- Course content you create (syllabi, assignments, discussion prompts).
- AI interaction logs for the features you explicitly use.
- Usage analytics (page views, feature usage) to improve reliability.
3. How We Use Data
- Provide, personalize, and improve platform features.
- Authenticate users securely via Google OAuth.
- Generate AI-powered responses only when you request them.
- Support, troubleshooting, and service communications.
4. Data Sharing
We do not sell personal data. We may share data with trusted infrastructure providers (hosting, database, payment processing) strictly to operate the platform under contractual safeguards.
5. Data Retention & Deletion
We retain account data while your account is active. You may request full deletion at any time — we will purge all personally identifiable information within 30 days of a verified request.
6. Security Measures
- TLS 1.3 encryption for all data in transit.
- AES-256 encryption for data at rest in our database provider.
- Strict Content Security Policy and security headers on every response.
- Role-based access control at every API endpoint.
- 8-hour session expiry with secure, HttpOnly cookies.
- Client-side source code and content protection.
7. Your Rights & Choices
- Access and export your data at any time.
- Update your profile information in account settings.
- Request complete account and data deletion.
- Revoke Google OAuth access from your Google Account.
- Opt out of non-essential communications.
8. Children's Privacy (COPPA)
ProfGenie is intended for higher-education professionals and students aged 18 and older. We do not knowingly collect personal information from children under 13. If we learn we have collected data from a child under 13, we will delete it promptly.
9. FERPA Compliance
ProfGenie supports institutional FERPA compliance. Student education records are accessible only to the instructor who created the course. We act as a “school official” with a legitimate educational interest under FERPA and do not disclose student records without consent.
10. DMCA & Copyright
We respect intellectual property rights and respond to valid DMCA takedown notices. To report copyright infringement, contact us at support@profgenie.ai with the required DMCA notice elements.
11. Changes to This Policy
We may update this policy periodically. Material changes will be communicated via the platform or email. Continued use after changes constitutes acceptance.
12. Contact
For privacy questions or data requests, please use our contact form or email us at support@profgenie.ai.