Privacy at Taday.
How Taday handles school, family, and student information: least-privilege access, teacher approval, regional data residency, and no advertising — ever.
Jump to section...
Information Taday processes
Taday processes classroom information authorized and synced by your school's administrators. This includes class lists, student rosters, assignments, announcements, due dates, grading categories, and resource materials from Google Classroom. We also process account information created for school staff, parents, and students (such as names, emails, user avatars, and role permissions). We do not collect or request information beyond what is necessary to generate school-to-home summaries.
How information is used
Classroom information is processed solely to generate role-specific summaries, homework digests, student feeds, and parent recaps. Taday has a strict data usage policy: we never display advertising, we never sell, share, or monetize student, parent, or staff data, and we do not use your school's data to train foundation models or third-party AI systems. Your data remains isolated within your school's secure sandbox environment.
Least-privilege Google integrations
Taday connects to Google Classroom via official API endpoints using the absolute minimum scopes required to fetch assignments and announcements. Administrators have complete visibility into the read scopes Taday requests. Additionally, every draft generated by Taday remains hidden and pending in a secure queue until a classroom teacher reviews and explicitly approves it.
Compliance and regional data residency
Taday complies with FERPA, COPPA, and provincial privacy frameworks. We support strict regional data residency: for Canadian institutions, all data—including databases, assets, prompts, AI operations, system logs, and backups—is hosted and processed entirely within AWS regions inside Canada (e.g. Canada Central). A similar regional lock is applied to other jurisdictions based on school preferences.
Security and encryption measures
We protect all personal and school data using industry-leading security practices. All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. We perform regular vulnerability scans, keep detailed access logs, and enforce strict multi-factor authentication (MFA) protocols for administrative access to the hosting infrastructure.
Data retention and deletion
We retain your school's data only as long as your subscription remains active. Upon request or termination of service, all synced records are permanently and securely deleted from our databases and backups within 30 days. Students, parents, and staff can request access, correction, or deletion of their personal information at any time by contacting their school's Taday administrator.
Third-party subprocessors
We limit third-party subprocessors to essential cloud infrastructure and model hosting services (such as AWS and trusted API gateways for language processing). All subprocessors are legally bound by strict data processing agreements (DPAs) that meet or exceed our privacy standards. We do not use general-purpose commercial models that retain data for training.