Legal Center
Privacy & Data Handling

Privacy Policy

This policy explains how MakerHub handles personal information, school records, service providers, AI-assisted workflows, and Alberta public-body privacy obligations in school-managed deployments.

Effective date: March 10, 2026
Last updated: March 10, 2026

Contract Priority

This public page complements your signed agreement, collection notices, and local legal review. If there is a conflict, the signed agreement controls.

Audience

Written for school authority, board, district, and education authority deployments in a school-managed environment.

01

Scope and Roles

This Privacy Policy describes how MakerHub collects, uses, stores, discloses, and protects personal information and school records processed through the platform.

In most deployments, the school authority, district, board, or education authority acts as the controller, public body, or educational agency for school records, and MakerHub acts as a service provider or processor operating under institutional instructions and contract terms.

02

Information We Collect

We collect only the information reasonably necessary to provide the service, support educational workflows, and protect platform integrity.

  • Account and directory data: name, email address, role, class or organization membership, and authentication identifiers.
  • Learning workflow data: projects, assignments, progress state, submissions, rubrics, grades, teacher feedback, and related instructional content.
  • Safety and training data: module completion, quiz results, acknowledgements, and certification records.
  • Uploaded content: documents, images, PDFs, videos, comments, and other user-submitted media.
  • Technical and security data: device or browser metadata, IP-based network diagnostics, timestamps, audit logs, and security event records.
  • Support and administrative data: messages, settings, exports, and files provided during support, implementation, or institutional administration.
  • Optional billing data: billing contacts, plan details, and payment workflow metadata where a paid plan is enabled.
03

How We Use Information

MakerHub processes information to operate the service for school-authorized educational and administrative use.

  • Authenticate users and enforce role-based access controls.
  • Deliver class, project, grading, reporting, and safety workflow features.
  • Provide optional AI-assisted features when a user invokes them.
  • Send operational notifications, password resets, and service messages.
  • Protect platform security, prevent abuse, investigate incidents, and troubleshoot problems.
  • Maintain, improve, and support the service in ways consistent with contract terms and applicable law.
  • Comply with legal obligations, institutional instructions, and signed agreements.
04

School Governance and Legal Basis

MakerHub is designed for institution-directed use, not consumer self-service use.

Each deploying institution is responsible for determining the legal basis for collection, use, disclosure, parent or guardian notice, consent, records retention, and cross-border transfer analysis required in its jurisdiction.

For Alberta public-body deployments, collection should be limited to personal information authorized by law and reasonably necessary for the program or activity, commonly under section 4(c) of the Protection of Privacy Act.

Personal information should be protected with reasonable security arrangements and used or disclosed only as authorized by the Protection of Privacy Act, the Access to Information Act, and the institution's own statutory authority, privacy management program, and collection notices.

Institutions remain responsible for privacy impact assessments, family notice or consent where required, and the internal access or correction request process that applies to the deployment.

05

AI-Assisted Features

MakerHub offers optional AI-assisted features such as project generation and submission analysis. When those features are used, prompts and related instructional context may be processed by contracted AI providers in order to return draft content or feedback.

  • Teacher-entered project ideas, uploaded source text, rubrics, reflection answers, and similar instructional inputs may be processed to generate a response.
  • AI-generated content is assistive and should be reviewed by educators or authorized staff before classroom use, grading, or recordkeeping decisions.
  • Do not submit highly sensitive health, counselling, disciplinary, or unrelated personal information into AI prompts unless your institution has expressly approved that use.
06

Service Providers, Integrations, and Data Location

MakerHub uses specialized service providers to host, secure, and operate the platform. Depending on enabled features, those providers may process information on MakerHub's behalf.

Data location may vary based on institution configuration and vendor infrastructure. Information may be stored or processed outside Alberta or outside Canada if the institution enables providers or integrations that operate cross-border infrastructure.

Alberta public bodies should review cross-border processing, privacy impact assessment requirements, and family notice expectations before enabling those workflows in production.

  • Google Cloud and Firebase for hosting, authentication, database, and file storage.
  • OpenAI for optional AI-assisted generation and analysis features when enabled.
  • SendGrid for operational email delivery.
  • Stripe for billing and payment workflows where a paid plan is enabled.
  • Google APIs, including Sheets integrations, when the institution enables export or sync features.
07

Sharing and Disclosure

MakerHub does not sell personal information or use student data for cross-context behavioral advertising. We share information only as needed to operate the service, follow institutional instructions, or comply with law.

  • Authorized school officials and staff with a legitimate educational, administrative, safety, or support need.
  • Contracted subprocessors and infrastructure providers performing services for MakerHub.
  • Institution-authorized exports, integrations, and migration targets.
  • Auditors, regulators, legal authorities, or emergency responders when required by law, contract, or safety need.
  • Successor entities under confidentiality and continuity obligations if ownership or service structure changes.
08

Cookies, Local Storage, and Diagnostics

MakerHub uses a limited set of cookies, browser storage, and similar technologies to maintain login state, save preferences, recover from failed asset loads, and support reliability.

The service may also create security and performance logs to detect abuse, diagnose failures, and measure operational health.

09

Security and Incident Handling

MakerHub uses administrative, technical, and organizational safeguards designed to protect the confidentiality, integrity, and availability of information.

  • Role-based access controls, scoped permissions, and school-managed account access.
  • Encryption in transit and managed cloud infrastructure controls.
  • Security headers, logging, monitoring, and incident response procedures.
  • Least-privilege operational access and review of privileged workflows.
  • File type restrictions, validation controls, and defenses against unsafe content or unauthorized access.
  • Prompt escalation of suspected privacy incidents so the institution can assess and satisfy any applicable Alberta breach reporting or notice obligations.
10

Retention and Deletion

Data is retained according to the applicable contract, institutional instructions, and legal requirements. Different record types may have different retention periods.

When services end, MakerHub supports institution-requested export and deletion workflows, subject to backup cycles, legal hold requirements, dispute preservation, and security archive needs.

11

Rights and Requests

Parents, students, staff, and administrators should generally direct access, correction, deletion, export, and restriction requests to their school authority administrator or privacy office.

For Alberta public-body deployments, formal access requests will usually be handled through the institution's Access to Information coordinator, while privacy, correction, and collection concerns will usually be handled through the institution's privacy office or designated officer.

MakerHub will assist the institution in responding to verified requests as required by contract and applicable law.

12

Changes and Contact

We may update this policy to reflect legal, operational, vendor, or product changes. Material updates will include a revised effective date.

Platform privacy and security questions can be sent to support@makerhub.app. Institution-specific legal, records, or notice questions should be directed to your school authority or school privacy contact.