Privacy Policy

Last updated: May 2026

PhonoFlow ("we," "us," or "our") is committed to protecting the privacy of the teachers and students who use our platform. This policy explains what data we collect, how we use it, and your rights as a teacher and account holder.

The Short Version

We do not store any student personally identifiable information (PII). Students are identified only by a short Student Code assigned by their teacher — never by name, birthday, photo, or any other identifying information. Your assessment data belongs to you. We store it to keep your app and web dashboard in sync; we do not access it, analyze it, or claim any ownership over it.

What We Collect

For teacher accounts:

• Name and email address (used for login and account communication)
• Encrypted password (we never store passwords in plain text)
• Account creation date

For student records and assessments:

• Student Codes — short codes set by the teacher; no student names or personal information
• Assessment results: accuracy score, words correct, words attempted, words per minute, duration
• Reading passage text (entered by the teacher for each assessment session)
• Audio recordings are processed in real time for transcription and are never stored on our servers

What We Do Not Collect

• Student names, dates of birth, grades, or any personally identifiable information
• Audio recordings (transcribed transiently via Azure, never retained)
• Student photos or biometric data
• Location data
• Device identifiers beyond what is standard for authenticated web sessions

Who Owns Your Data

You do. All Student Codes and assessment results you create belong entirely to you as the teacher and account holder. PhonoFlow stores this data for one purpose only: to keep your Android app and web dashboard in sync so your class is accessible on any device you sign in to.

We do not read your assessment data, analyze your students' results, use your data to train models, sell it, share it with third parties, or claim any ownership over it. Your class is yours.

How We Use Your Data

Teacher account data (name, email) is used solely to authenticate you and communicate about your account. We do not use it for advertising or share it with third parties.

Assessment data is stored in your account and is accessible only to you through authenticated sessions. It is used only to display your own dashboard and history — never for any other purpose.

Data Security

All data is transmitted over HTTPS. Passwords are hashed using bcrypt. Your data is stored in a secured database accessible only through authenticated API endpoints with JWT tokens. We follow security best practices as a core design principle, not an afterthought.

Data Retention and Deletion

Teacher accounts and all associated data are retained for as long as the account is active. You may request deletion of your account and all associated data at any time by contacting us at support@phonoflow.org. We will process deletion requests within 30 days.

Third-Party Services

PhonoFlow uses Microsoft Azure Cognitive Services for real-time audio transcription. Audio is sent to Azure solely for transcription and is not retained by Azure beyond the duration of the API call. We do not share assessment data or Student Codes with any third party.

FERPA & Student Privacy

PhonoFlow is designed to support FERPA compliance. Because we never collect student PII — only anonymous Student Codes assigned by the teacher — the typical FERPA obligations around student records do not apply to data stored in PhonoFlow. Teachers remain responsible for ensuring they use Student Codes in a manner consistent with their school or district policies.

Changes to This Policy

We may update this policy as PhonoFlow grows. Material changes will be communicated to teachers via email. The current version is always available at this URL.

Contact

Questions about this policy? Reach us at support@phonoflow.org or through our contact page.