Effective date: May 3, 2026 · Last updated: May 20, 2026
Growbook ("we," "our," or "us") is a homeschool compliance and learning documentation service. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
Account information: When you create an account, we collect your name, email address, and password (stored as a secure hash by Supabase Auth).
Family and child information: To generate compliance documents, you provide family address, county, state, and information about each child in your household including name, date of birth, grade level, school district, and enrolled subjects. You may also provide information about a child's IEP or 504 plan.
Educational records: You may upload school records, certificates, and activity documentation. These files are stored securely in Supabase Storage and are accessible only to you and any evaluators you explicitly authorize.
Learning logs and wonder questions: Notes and journal entries you submit about your children's learning activities.
Payment information: Billing is handled by Stripe. Growbook never stores your full credit card number. Stripe's privacy policy governs payment data.
Usage data: Standard server logs including IP address, browser type, and pages visited, used for security and debugging.
We use the information you provide to generate state-required homeschool compliance documents on your behalf, send those documents to you via email, remind you of upcoming document deadlines, maintain a compliance calendar and learning portfolio for each child, allow evaluators you authorize to review your child's portfolio, and process your subscription payment.
Growbook uses artificial intelligence to help generate, classify, and verify the compliance materials you rely on. We disclose how AI is used so you can make an informed decision before consenting at signup.
What AI features exist. We use AI in four places today: (1) drafting state-required compliance documents — for example, your homeschool affidavit, annual learning objectives, quarterly progress reports, and withdrawal letter; (2) classifying the learning-log notes you submit — by web, SMS, or email — so each entry is filed against the correct child and so we can suggest which subjects each entry covers; (3) researching and verifying your school district's filing contact (name, address, email) when our records do not already have a verified entry; and (4) drafting suggested learning objectives by subject for your review before you confirm them.
What user data is sent. To produce these outputs, we send the AI provider only the data needed for that specific task. That can include your child's name, grade, subjects, curriculum, your homeschool name and teaching philosophy, your filing district, the text of learning-log entries you submit, and — for district research — your address and state. We do not send payment details, passwords, or other account credentials to the AI provider.
Which provider. AI requests are sent to Anthropic (the maker of the Claude family of models). Anthropic acts as a sub-processor under our service agreement. Their handling of inputs and outputs is governed by Anthropic's privacy policy and their commercial Data Processing Addendum.
Retention. Anthropic retains AI inputs and outputs only for the limited windows described in their commercial usage policy (currently up to 30 days for trust-and-safety review, longer only as required by law). We do not retain raw AI prompts beyond what is needed to render and store your finished documents inside your Growbook account. Anthropic does not use Growbook customer data to train its models, and neither do we.
Opt-out posture. AI processing is core to how Growbook drafts your compliance paperwork — the document-generation, log-classification, objectives, and district-research features cannot operate without it. We therefore do not offer a partial opt-out today: agreeing to this Privacy Policy at signup is what enables the service. If you do not want your family's information processed by AI, please do not create a Growbook account, and contact privacy@growbook.org if you have already signed up and would like your data deleted (see Section 7 — Your Rights).
Growbook is a service for adults (parents and guardians) to manage homeschool records. You provide information about minor children as part of this service. We treat all child data with heightened care:
We do not collect information directly from children. Child data is never used for advertising or shared with third parties for marketing. Child educational records are accessible only to the account holder and evaluators they explicitly authorize. You may request deletion of all data associated with your account and your children at any time (see Section 7).
We do not sell your data. We share information only as follows:
Service providers: Supabase (database and file storage), Postmark (transactional email), Stripe (payments), Anthropic (AI document drafting and learning-log classification — see Section 3), Railway (application hosting). Each provider is contractually required to protect your data.
Evaluators you authorize: If you grant a year-end evaluator access to your child's portfolio, they can view learning logs, uploaded documents, and compliance records for that child. You can revoke this access at any time from your Settings page.
Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of our users.
We retain your account and family data for as long as your account is active. If you close your account, we will delete your personal data within 30 days, except where we are required to retain it by law. Generated compliance documents may be retained in anonymized form for product improvement.
You have the right to access the personal data we hold about you, correct inaccurate information, request deletion of your account and all associated data, and export your learning logs and documents.
To exercise these rights, contact us at privacy@growbook.org.
We use industry-standard security practices including encrypted connections (TLS), hashed passwords, and private file storage with time-limited access URLs. No system is perfectly secure; we encourage you to use a strong password and notify us immediately if you suspect unauthorized access.
We will notify you by email if we make material changes to this policy. Continued use of Growbook after changes take effect constitutes acceptance.
Growbook privacy@growbook.org