Legal

Privacy Policy

Last updated: June 2025

1. Who we are

StandardCraft ("we," "us," or "our") is a New York-based edtech service that provides NYS standards-aligned classroom resources for educators. StandardCraft is not affiliated with, endorsed by, or sponsored by the New York State Education Department (NYSED).

2. Information we collect

Account information: Name, email address, phone number (optional), and password when you register.

Teaching preferences: Subjects taught, grade levels, and optional marketing consent — to personalize resource recommendations.

Usage data: Resources downloaded, credit transactions, and subscription status.

Payment data: Stripe processes all payments. We do not store full card numbers. We receive billing metadata (customer ID, subscription ID, plan status) from Stripe.

3. How we use your information

  • To provide and operate the StandardCraft service
  • To process credit transactions and subscription billing
  • To generate signed, temporary download URLs for purchased resources
  • To personalize resource recommendations based on your subject and grade preferences
  • To send transactional emails (account confirmations, billing receipts) — required for service delivery
  • To send optional marketing emails about new resources and standards updates, if you opted in

We do not sell your personal information. We do not use your data for targeted advertising.

4. Data sharing

We share data only with:

  • Supabase — our database and authentication provider (hosted on AWS in the US)
  • Stripe — our payment processor (PCI-DSS compliant)
  • Netlify — our hosting and serverless function provider

We do not share your data with any other third parties for marketing or analytics purposes.

5. Ed Law §2-d (School accounts)

If your account is established under a school or district contract, StandardCraft acts as a third-party contractor subject to New York Education Law §2-d (8 NYCRR Part 121). Educator PII collected under such a contract is used solely to provide contracted services and is subject to a separately executed data sharing agreement (DSA). Contact us at the address below to request a DSA.

6. Data retention

We retain your account data while your account is active. If you delete your account, we remove your profile and personal data within 30 days, except where retention is required by law or for legitimate financial record-keeping (e.g., billing history).

7. Security

We use industry-standard practices including encrypted connections (HTTPS), Row Level Security on our database, and short-lived signed URLs for resource downloads. See our Data Security page for details.

8. Your rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us. You may also withdraw marketing consent from your Account Settings page.

9. Contact

StandardCraft
Email: privacy@standardcraft.app
Or use our contact form.