Trust & Security

This page is maintained by Lesson ForgeAI to answer common security and privacy questions about LessonForge AI. It describes current practices and is not an independent audit or certification.

Account security

Sign-in supports email/password and Google OAuth. Passwords are checked against the Have I Been Pwned breach corpus on sign-up.

Sessions use HTTP-only tokens managed by our auth provider, with automatic refresh and revocation on sign-out.

Your data

Lessons, folders, student records, and uploads belong to you. Row-level security policies scope every read and write to the authenticated user (or, for school plans, authorized seats).

You can export any lesson, worksheet, quiz, or pack as PDF, and delete generated content from your dashboard at any time.

Infrastructure

LessonForge AI runs on managed cloud infrastructure with TLS in transit and encryption at rest provided by our hosting and database vendors. Backups and point-in-time recovery are handled by those vendors.

Payments are processed by Paddle (Merchant of Record). Card data never touches our servers.

AI providers & content

AI generation is routed through the Lovable AI Gateway using Google Gemini models. Prompts and outputs are processed transiently to produce your lesson and are not sold to advertisers or used to train third-party consumer models.

Do not paste student-identifying information into prompts. We recommend using initials or anonymous identifiers when generating lessons about specific learners.

Email & notifications

Transactional and account emails are sent from notify.lessonforgeai.comvia our email provider. Every marketing email contains a one-click unsubscribe link.

Reporting a vulnerability

If you believe you've found a security issue, please email security@lessonforgeai.com. We acknowledge reports within 3 business days and credit responsible disclosure on request.