TeacherCommentsGenerator LogoTeacherCommentsGenerator

Security

Last Updated: January 25, 2026

Our Commitment to Security

At TeacherCommentsGenerator, we take security seriously. We understand that educators trust us with sensitive student information, and we are committed to protecting that data with industry-leading security measures. This page outlines our security practices and how we safeguard your information.

Security Measures

Encryption

All data in transit is encrypted using TLS 1.3, and data at rest is encrypted using industry-standard encryption algorithms. Your sensitive information is protected at every stage.

Authentication

We use secure OAuth 2.0 authentication through trusted providers (Google, GitHub) and implement multi-factor authentication capabilities. Passwords are never stored in plain text.

Access Control

Row-level security policies ensure that users can only access their own data. Service role keys are kept secure and never exposed to client-side applications.

Data Privacy

Student information provided for comment generation is processed securely and is not permanently stored. Generated content is only accessible to the account owner.

Infrastructure Security

Our infrastructure is hosted on secure, compliant cloud platforms with regular security audits, monitoring, and automated threat detection systems.

Compliance

We follow industry best practices and comply with relevant data protection regulations including GDPR, CCPA, and FERPA guidelines for educational data.

Data Protection

Encryption Standards

  • In Transit: All communications between your browser and our servers are encrypted using TLS 1.3, the latest and most secure encryption protocol.
  • At Rest: All stored data is encrypted using AES-256 encryption, ensuring that even if data storage is compromised, your information remains protected.
  • Database Security: Our database (Supabase) implements encryption at multiple layers, including disk encryption and application-level encryption for sensitive fields.

Authentication Security

  • We use OAuth 2.0 authentication through trusted providers (Google, GitHub), eliminating the need to store passwords.
  • Session tokens are securely generated and expire after periods of inactivity.
  • We implement rate limiting and monitoring to detect and prevent unauthorized access attempts.

Infrastructure Security

Hosting and Infrastructure

  • Our application is hosted on secure, compliant cloud infrastructure with regular security audits.
  • We use Supabase for database and authentication services, which maintains SOC 2 Type II compliance.
  • All servers are regularly patched and updated to address security vulnerabilities.
  • We implement network security measures including firewalls, DDoS protection, and intrusion detection systems.

Monitoring and Incident Response

  • We continuously monitor our systems for security threats and anomalies.
  • Automated alerts notify our team of potential security issues in real-time.
  • We maintain an incident response plan to quickly address and mitigate any security breaches.
  • Regular security audits and penetration testing help identify and address vulnerabilities.

Data Handling and Privacy

Student Information

We understand the sensitive nature of student information. Our practices include:

  • Student information provided for comment generation is processed through secure AI services but is not permanently stored in our database.
  • Generated comments and images are stored temporarily for your access but can be deleted upon request.
  • We comply with educational data privacy laws including FERPA (Family Educational Rights and Privacy Act) guidelines.
  • You are responsible for ensuring you have proper authorization to process student data in your jurisdiction.

Data Access Controls

  • Row-level security policies ensure users can only access their own account data.
  • Service role keys are kept secure and never exposed to client-side code.
  • Access to production systems is restricted to authorized personnel only.
  • All data access is logged and monitored for security purposes.

Third-Party Security

We work with trusted third-party service providers who maintain high security standards:

  • Supabase: SOC 2 Type II compliant, provides secure database and authentication services.
  • Creem.io: PCI DSS compliant payment processor, handles all payment transactions securely.
  • Replicate: Secure AI service provider for comment generation, processes data according to their security policies.
  • OAuth Providers: Google and GitHub maintain their own security standards for authentication.

Your Role in Security

Security is a shared responsibility. You can help protect your account by:

  • Using strong, unique passwords for your OAuth accounts (Google, GitHub)
  • Not sharing your account credentials with others
  • Logging out when using shared or public computers
  • Reporting any suspicious activity immediately
  • Keeping your browser and devices updated with the latest security patches
  • Ensuring you have proper authorization to process student data in compliance with applicable laws

Security Incident Reporting

If you discover a security vulnerability or suspect a security breach, please contact us immediately at security@teachercommentsgenerator.com. We take all security reports seriously and will investigate promptly. We appreciate responsible disclosure of security issues.

Security Updates

We continuously work to improve our security measures. This Security page will be updated to reflect any significant changes to our security practices. We recommend reviewing this page periodically to stay informed about how we protect your data.

Contact Us

For security-related questions or concerns, please contact us at:

Security Email: security@teachercommentsgenerator.com
General Contact: teachercommentsgenerator.com

    Security | Teacher Comments Generator