Privacy is a Human Right.
Our standard.
Two traditions hold us. We name them so the commitments are auditable.
Contextual integrity.
Helen Nissenbaum, Cornell Tech. Privacy in Context, 2010.
The right to privacy is a right to appropriate flow of information. Information is not violated when it is collected; it is violated when it moves outside the norms of the context that produced it. A worker's credentials may move appropriately between staffing firm and customer; the same credentials sold to a third party are a violation. The Cassion audit substrate is built to enforce this distinction.
Privacy by Design.
Ann Cavoukian, founder of the Global Privacy & Security by Design Centre. Adopted as an international standard in 2010; codified into GDPR.
Seven principles. Proactive, not reactive. Privacy as the default setting. Embedded into design, not bolted on. End-to-end security. Visibility and transparency. Respect for user privacy. Full functionality, not zero-sum tradeoffs.
Both are floors. We track the work above them on this page.
This site.
Type on this site is served from our own servers. No third-party font provider is used. No analytics. We track no clicks. We set no tracking cookies.
One functional cookie is used during stealth: preview_bypass, set when a designer or reviewer visits with the preview token. It carries no personal information, identifies no one, and expires after thirty days. It exists so we can let named readers behind the curtain without lifting the curtain for everyone.
We sell nothing to anyone.
Our products.
Privacy in our products is governed by contract and by audit. The terms of a customer agreement define what data is held, by whom, for what purpose, and for how long. The exception path is named on the page that runs it. Customers see what we see; their workers see what their employer agreed they would see.
The audit substrate is immutable, scoped, and attributed. Every write is recorded; every record can be traced to the human, agent, or system that made it. Auditability is what makes a privacy commitment enforceable.
The policy.
This is the operational policy for pedagogue.co, the public site you are reading. It does not cover the customer products; those are governed by customer agreements with their own data terms.
What we collect.
When you submit the interest form, we collect what you type: your name, your email, the topic you selected, your message if you wrote one. We also record the IP address and browser of the submission for security audit. We collect nothing else from this site.
Why.
To respond to you. To keep the site secure. Nothing else.
Where it goes.
Submissions are stored in our database, hosted by Supabase. The site is hosted by Vercel. Both are SOC 2 and GDPR-aligned. Neither processes the data for any purpose beyond holding it on our behalf. There are no other recipients. We do not sell, rent, share, or trade.
Cookies.
We set no tracking cookies. We set one functional cookie, preview_bypass, only when a designer or reviewer visits with the preview token. It is required for the curtain to recognize them on subsequent visits. It contains no personal information, identifies no one, and expires after thirty days.
How long.
We keep your submission until the conversation it started is complete, or until you ask us to delete it. Server logs roll over within thirty days. When you ask us to delete, we delete within thirty days.
Your rights.
You can ask us to: tell you what we have on you, correct what is wrong, delete it all, give you a copy in a portable format, or stop using it for a specific purpose. We will respond within thirty days. If you live in the EU, UK, California, or anywhere with comparable privacy law, these rights are guaranteed by that law. Wherever you live, we offer them.
To exercise a right.
Use the interest form. Select "Ask a question." Tell us what you want done.
Children.
We do not knowingly collect information from anyone under sixteen. If you believe we have, write us and we will delete.
Changes.
When we change this policy in a meaningful way, the change will be visible at the bottom of the page with the date. We will not make changes retroactive.
Who runs this.
Pedagogue Systems, Inc., a Delaware C-corporation. Contact via the interest form.
The hard path.
The floor is what the law requires. The line above it is what we are tracking. We name the work so the discipline is visible.
Live research thread: Beyond compliance: privacy research and harder paths.
Questions or requests.
Anything in this policy is yours to question. Anything in our hands is yours to ask about. Use the interest form, select "Ask a question," and we will respond within thirty days.
Write us.Effective: May 12, 2026.