Privacy Policy
Effective July 10, 2026 · Operated by HUSH
HUSH is designed for higher-education classrooms. We collect the minimum information necessary to help teachers see student confusion and act on it. This policy explains what we collect, why, and the rights you have.
1. Summary (plain English)
- Students do not create accounts. Questions can be submitted anonymously.
- Teachers create accounts with an email and password (or Google sign-in).
- We do not sell personal data. We do not use it to train third-party models.
- Data is encrypted in transit (HTTPS) and at rest by our cloud provider.
- You can request deletion of your data at any time by emailing hush.org@outlook.com.
2. Who this policy covers
This policy applies to teachers, teaching assistants, institution administrators, and students who submit questions through a HUSH class portal ("Users"). It applies to the HUSH web application, marketing site, and support communications (collectively, the "Service").
3. Information we collect
3.1 Teacher account information
- Name, email address, hashed password (or OAuth identifier for Google sign-in).
- Institution name, department, and course names you enter.
- Billing information — processed by Stripe. We store only the last four digits of the card and a Stripe customer ID, not full card numbers.
3.2 Student submissions
- The text of the question or confusion submission.
- A hashed device identifier used only to prevent duplicate votes and abuse — not linked to a name.
- Timestamp and the class portal the submission was made to.
3.3 Automatically collected
- Basic request logs (IP address, user agent, page requested) retained for up to 30 days for security and debugging.
- Product analytics events (e.g. "created a class") to understand feature usage — no submission content.
4. How we use information
- Operate the Service, including displaying questions to teachers and generating confusion maps.
- Send transactional email (verification, password reset, billing receipts).
- Provide support when you contact us.
- Detect abuse, spam, and safety issues.
- Comply with legal obligations.
5. AI processing
Confusion maps and reteach suggestions are generated by a large-language-model provider. When a teacher runs an AI generation, the anonymized question text is sent to that provider for processing. We do not permit the provider to use this data to train their models. Providers may retain input for a short abuse-monitoring window under their own policies.
6. Sharing
We share information only with:
- Subprocessors that operate the Service (hosting, database, email delivery, payments, AI inference). A current list is available on request.
- Your institution if you signed up under a department or institution plan and the administrator has a legitimate need.
- Law enforcement where required by valid legal process.
We do not sell personal data.
7. Your rights
Depending on your jurisdiction (e.g. GDPR in the EU/UK, CCPA in California), you may have the right to access, correct, port, or delete your personal data, and to object to certain processing. Email hush.org@outlook.com to exercise these rights. We will respond within 30 days.
8. Retention
- Teacher accounts and their classes: retained until the account is deleted.
- Student submissions: retained until the teacher deletes the class or requests deletion.
- Backups: up to 30 days after deletion, then purged.
- Request logs: 30 days.
9. Security
We use industry-standard safeguards: TLS in transit, encryption at rest by our cloud provider, row-level access controls, and least-privilege service credentials. See our Security Statement for more.
10. Children
HUSH is intended for higher-education users aged 13 and older. It is not directed to children under 13, and we do not knowingly collect personal information from them. If we learn we have collected such information, we will delete it. Institutions serving learners under 13 should contact us before deploying HUSH.
11. International transfers
The Service is operated from the United States. If you access it from outside the US, you understand that your information will be transferred to and processed in the US.
12. FERPA (US higher education)
For institutions in the United States, HUSH is designed to be used in a manner consistent with FERPA. When acting as a School Official under a written agreement, we use student data only for the educational purpose the institution defines. Contact hush.org@outlook.com for our institutional data-processing addendum.
13. Changes to this policy
We will post material changes to this page and, where practical, notify account holders by email. Continued use of the Service after a change constitutes acceptance.
14. Contact
HUSH — hush.org@outlook.com
Reach us at hush.org@outlook.com — or use our department contact form.
