Skip to content

Privacy Policy

Last Updated: 19th March 2026

Our contact details

TeachMateAI Ltd (trading as Teachmate), registered as a company in England and Wales with company number 14972646.

Our registered business address is:

C/O High Royd Business Services Limited B B I C, Innovation Way, Barnsley, South Yorkshire, United Kingdom, S75 1JL

Hosting, Processing and Data Storage Locations

All customer data (including account information and any data entered into our AI tools) is stored and processed within the UK and EU, using servers provided by Amazon Web Services (AWS) and Microsoft Azure.

In order to operate our website, provide marketing communications, process payments, and analyse website usage, we use a number of third party services which may process limited personal data (such as IP addresses, cookies, and browsing behaviour) in the US or other jurisdictions. These services are listed in the "Third Party Services" section below. Where data is transferred internationally, appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), UK International Data Transfer Agreements (IDTAs), or the EU-US/UK-US Data Privacy Framework.

We do not share any data used in our tools to train large language models (LLMs) or other AI models.

The type of personal information we collect

We currently collect and process the following information:

  • Personal identifiers, contacts and characteristics (for example, name and contact details)
  • Technical data collected automatically when you visit our website (such as IP address, browser type, device information, and browsing behaviour) through cookies and similar tracking technologies
  • Payment information processed by Stripe (we do not store payment card details on our servers)

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • Creating an account on Teachmate
  • Processing a subscription payment using Stripe
  • Visiting our website (technical data collected automatically via cookies and analytics tools)
  • Signing up for marketing communications or webinars

We use the information that you have given us in order to manage your Teachmate account and give you access to our tools.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

(a) Your consent. We rely on consent for marketing cookies, marketing communications, and webinar sign ups. You are able to remove your consent at any time. You can do this by contacting us from our "Contact Us" page, or by managing your cookie preferences via the consent banner on our website.

(b) Contractual obligation. We process your personal data where this is necessary to perform our contract with you, including managing your Teachmate account and processing subscription payments via Stripe.

(c) Legal obligation. We may process your data where required to comply with a legal obligation.

(d) Legitimate interest. We rely on legitimate interest for website analytics (subject to your cookie consent preferences), essential cookies required for the website to function, and sending news, features and development updates to our users.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. We use Termly to manage your cookie consent preferences. When you first visit our website, you will be asked to choose which cookies you consent to.

Essential cookies: These are necessary for the website to function and cannot be switched off. They include cookies for authentication and security.

Analytics cookies: With your consent, we use Google Analytics and Amplitude to understand how visitors interact with our website. This helps us improve our service.

Marketing cookies: With your consent, we use cookies from Meta (Facebook), LinkedIn, Microsoft (Bing), and HubSpot to measure the effectiveness of our advertising campaigns. These cookies may track your browsing activity across different websites.

You can change your cookie preferences at any time by clicking "Consent Preferences" in the footer of our website.

Third Party Services

We use the following third party services to operate our website and business. These services may process personal data as described below:

  • Stripe: Payment processing (stripe.com/legal/dpa)
  • Google Analytics / Google Tag Manager: Website analytics and tag management
  • HubSpot: CRM, marketing communications, and analytics
  • Meta (Facebook Pixel): Advertising performance measurement
  • LinkedIn Insight Tag: Advertising performance measurement
  • Microsoft Bing UET: Advertising performance measurement
  • Amplitude: Product analytics
  • Termly: Cookie consent management
  • Sentry: Error monitoring and application performance
  • Eventbrite: Webinar and event booking management

International Data Transfers

All customer data entered into our AI tools is processed and stored within the UK and EU. Some of the third party services listed above may transfer limited personal data (such as IP addresses, cookies, and browsing behaviour) outside the UK and EU to countries including the United States.

Where personal data is transferred outside the UK and EU, we ensure that appropriate safeguards are in place in accordance with UK data protection law. These safeguards may include:

  • The UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses
  • The UK-US Data Bridge (UK extension to the EU-US Data Privacy Framework)
  • Transfers to countries with UK adequacy regulations

How we store your personal information

Your information is securely stored. We apply the following retention periods:

  • Individual accounts: We keep your personal information for the duration of your subscription. Individual accounts remain active until the user deletes their account or requests deletion. Inactive accounts will be deleted after 6 years of inactivity.
  • School accounts: School data is deleted 28 days after expiration of the contract, unless there are active discussions about renewing the licence.
  • Content created using our AI tools: Inputs and outputs are retained for 28 days in the My Content area, after which they are automatically deleted. Users can delete content at any time before then.

When your data is no longer required, we will dispose of your information by deleting your records from the secure servers on which they are stored.

Cloud Storage Integration (Google Drive and OneDrive)

TeachMateAI Ltd offers optional integration with Google Drive and Microsoft OneDrive to enable saving of documents directly to your cloud storage. These integrations use secure OAuth2 authentication and do not grant Teachmate access to your account credentials.

Google Drive Integration

  • Authentication Process: We use Google's OAuth2 for secure authentication, without accessing your Google account credentials.
  • Information Collected: Only the necessary token for Google Drive access is collected, not your Google account credentials.
  • Token Usage and Storage: Tokens are used solely for saving documents to your Google Drive and are stored securely, complying with UK GDPR and Google's policies.
  • Revoking Access: You can revoke our access at any time through your Google account settings, which will lead to the deletion of stored tokens from our systems.
  • Consent: By using this feature, you consent to our use of Google OAuth2 authentication for the stated purpose. You can withdraw this consent anytime via your Google account settings.

Microsoft OneDrive Integration

  • Authentication Process: We use Microsoft's OAuth2 for secure authentication, without accessing your Microsoft account credentials.
  • Information Collected: Only the necessary token for OneDrive access is collected, not your Microsoft account credentials.
  • Token Usage and Storage: Tokens are used solely for saving documents to your OneDrive and are stored securely, complying with UK GDPR and Microsoft's policies.
  • Revoking Access: You can revoke our access at any time through your Microsoft account settings, which will lead to the deletion of stored tokens from our systems.
  • Consent: By using this feature, you consent to our use of Microsoft OAuth2 authentication for the stated purpose. You can withdraw this consent anytime via your Microsoft account settings.

Single Sign On (SSO) Authentication (Schools Only)

TeachMateAI Ltd offers Single Sign On (SSO) authentication for schools. SSO allows schools to enable their staff to log in to Teachmate using their existing school accounts. SSO is only available to schools and is configured by the school's administrator.

Google OIDC SSO for Schools

  • Authentication Process: We use OIDC/OpenID Connect protocol for secure authentication with your school's Google Workspace directory, without accessing your password.
  • Information Collected: Only the OIDC token and user identifier are collected, not your credentials.
  • Token Usage and Storage: OIDC tokens are used solely for authentication and are stored securely, complying with UK GDPR and Google's policies.
  • Revoking Access: Your school administrator can revoke access through your Google Workspace admin settings, which will lead to the deletion of associated tokens from our systems.
  • Consent: By using this feature, you consent to our use of Google OIDC for the stated purpose. Your school administrator controls access.

Microsoft Azure AD / OIDC SSO for Schools

TeachMateAI Ltd supports Microsoft Azure AD and OIDC (OpenID Connect) single sign on to enable schools using Microsoft 365 to authenticate with their existing school accounts.

  • Authentication Process: We use OIDC/OpenID Connect protocol for secure authentication with your school's Microsoft 365 directory, without accessing your password.
  • Information Collected: Only the OIDC token and user identifier are collected, not your credentials.
  • Features Enabled: This integration enables schools to enforce managed device access requirements, multi factor authentication, and other security policies configured in Microsoft 365.
  • Token Usage and Storage: OIDC tokens are used solely for authentication and are stored securely, complying with UK GDPR and Microsoft's policies.
  • Revoking Access: Your school administrator can revoke access through your Microsoft 365 directory settings, which will lead to the deletion of associated tokens from our systems.
  • Consent: By using this feature, you consent to our use of Microsoft Azure AD / OIDC for the stated purpose. Your school administrator controls access.

Your data protection rights

Under data protection law, you have rights including:

  • Your right of access: You have the right to ask us for copies of your personal information.
  • Your right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing: You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us via our contact form if you wish to make a request.

We are registered with the ICO and you can view our details here.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us by filling in our contact form page. We aim to respond to requests within 24 to 48 hours on weekdays.

Trusted AI built for education