StudioLoom

Privacy Policy

Last updated: 1 May 2026

StudioLoom is a learning platform for design and project-based classrooms. This policy explains what we collect, why, who we share it with, and the rights you have over your information. We try to keep it short and plain.

1. Who we are

StudioLoom (“we”, “us”) is operated by the StudioLoom team. You can reach us at hello@loominary.org.

2. Who uses StudioLoom

  • Teachers create classes, design units, and review student work.
  • Students access StudioLoom through their school’s class — they do not sign up directly.
  • Some students are under 13. Their access is controlled by the school. We rely on the school to obtain any consent required under local law (e.g. COPPA in the U.S., GDPR in the EU/UK, the Privacy Act in Australia, PIPL in China).

3. What we collect

Account information

  • Name, email, and (for students) class code.
  • If you sign in with Google or Microsoft, the OAuth provider tells us your name and email — nothing else.
  • Role (teacher / student / lab tech / admin) and school affiliation.

Content you create

  • Units, lessons, classes, and uploaded files (e.g. STL or SVG fabrication files).
  • Student work: text, drawings, files, peer reviews, reflections.
  • Conversations with our AI mentor and any feedback signals (e.g. pace ratings).

Usage data

  • Pages visited, actions taken, time on task. Used to improve teaching analytics.
  • Browser type and approximate location (from IP) — not stored long-term.
  • We use Plausible Analytics, which does not use cookies or collect personal data.

4. Why we collect it

  • To provide the platform — hosting your classes, units, and student work.
  • To power the AI mentor with the context it needs to give relevant feedback.
  • To give teachers visibility into student progress and wellbeing signals.
  • To keep the platform safe (content moderation, abuse prevention).
  • To improve the product. We do not sell data and do not use it for advertising.

5. AI features

StudioLoom uses large language models from Anthropic (Claude) and supplementary providers to generate lesson scaffolding and provide student mentoring. When you use an AI feature, the relevant context (your prompt and surrounding lesson content) is sent to the model provider. We have data-processing agreements with these providers that prohibit them from training their models on your content.

6. Sub-processors

We rely on the following services to operate StudioLoom:

  • Supabase — database, authentication, file storage. Hosted in Singapore.
  • Vercel — application hosting and edge delivery.
  • Anthropic — AI mentoring and lesson generation (Claude models).
  • Voyage AI — text embeddings for knowledge base search.
  • Resend — transactional email (account invites, status updates).
  • Plausible — privacy-friendly, cookie-free analytics.
  • Fly.io — fabrication file scanner workers (Preflight feature only).

A current sub-processor list with data-processing details is available on request.

7. Where data is stored

Primary data is stored in Supabase’s Singapore region. Some sub-processors (e.g. Anthropic, Vercel) operate from the U.S. and other regions. By using StudioLoom you understand that data may be transferred to and processed in countries other than your own. We use standard contractual clauses where required.

8. Your rights

  • Access: request a copy of your data.
  • Correction: ask us to fix inaccurate data.
  • Deletion: ask us to delete your data. For students, the school administers this on your behalf.
  • Portability: export your content in a machine-readable format.
  • Objection / withdrawal of consent: stop a specific use of your data.

Email hello@loominary.org with the subject line “Privacy request”. We respond within 30 days.

9. Retention

  • Active account content: kept for as long as the school maintains the account.
  • Inactive accounts (no sign-in for 18 months): pruned after notice to the school.
  • Audit logs (security): kept for 12 months.
  • AI conversation logs: kept for 12 months for safety and quality review.

10. Children’s data

StudioLoom is designed for school use. We do not knowingly collect data from children outside of an authorised school relationship. Schools determine which students access the platform and obtain any parental consent required by local law.

11. Security

Data is encrypted in transit (TLS) and at rest. Access to production systems is restricted, audited, and protected by multi-factor authentication. We notify affected schools without undue delay if we become aware of a breach affecting their data.

12. Cookies

We use only essential cookies needed to keep you signed in. We do not use advertising or tracking cookies. Plausible Analytics is cookie-free.

13. Changes

We will post material changes to this page and update the “last updated” date. For significant changes affecting student data, we will also notify schools by email.

14. Contact

Questions or requests: hello@loominary.org.