No data to leak.

Overview

TeacherMagic is a one-person shop run by Jim Tyler that builds privacy-safe Chrome extensions for K-12 schools. Two extensions are currently published:

• TeacherMagic — an AI prompt dispatcher for K-12 staff.
• You Shall Not Pass — a filter-evasion blocker for student Chromebooks.

Both extensions are built on the same principle: nothing leaves your device. We don't collect personal information, run analytics, track usage, sell data, or operate a backend that could lose data. This policy describes the architecture in detail so you (or your district's legal team) can verify those claims.

What we do not collect

• No personal information. No names, emails, school identifiers, student IDs, IP addresses logged on our servers (we have no servers), or any other PII.
• No accounts. There is no login, no signup, no SSO, no password — because there is no account system.
• No browsing history. The You Shall Not Pass extension inspects pages locally to make blocking decisions. URLs, iframe sources, and page content are read in-place and discarded. Nothing is logged, stored long-term, or transmitted.
• No AI prompt content. The TeacherMagic extension dispatches your prompts directly from your browser to the AI provider you chose (Gemini, ChatGPT, Claude, or Copilot). We never see, log, or proxy them.
• No analytics or telemetry. No Google Analytics, no Plausible, no Sentry, no custom error reporting. The extensions do not phone home.
• No tracking cookies. Our website (teachermagic.org) sets no first-party tracking cookies.

What is stored locally on your device

Both extensions use chrome.storage.local only for non-personal configuration data:

TeacherMagic extension

• Your optional teacher profile (name, role, district context) — used only client-side to personalize prompts before they're sent to the AI provider you picked. Visible only to you. Delete anytime by clearing extension data.
• Your prompt history — stored locally so you can reuse past prompts. Never transmitted.

You Shall Not Pass extension

• A cached copy of your district's managed-configuration JSON (if your district admin set one up). This contains only what your admin chose to put in their configuration file — toggles, thresholds, allowlist entries. No user data.
• No event logs, no violation history, no per-student records of any kind.

Outbound network requests

The extensions make the following network requests, and only these:

• TeacherMagic: dispatches your prompt directly to the AI provider you selected. The request goes from your browser to the AI provider's API — not through us. We have no API gateway or proxy in this path.
• You Shall Not Pass: once per startup and every 60 minutes, fetches the policy JSON from the URL your district admin configured (if any). Destination is district-controlled. We never see this request. If no managed configuration URL is set, the extension makes zero outbound requests.

District deployment, student data, and COPPA

You Shall Not Pass is typically force-installed across managed Chromebooks by school districts using Chrome Enterprise. The deployment decision sits with the district under their Acceptable Use Policy and broader CIPA compliance program.

COPPA (Children's Online Privacy Protection Act) regulates online operators that collect personal information from children under 13. Because we collect no personal information from any user, COPPA's consent and notice obligations do not apply to us as an operator. The FTC's longstanding "school exception" guidance further allows schools to consent on behalf of parents for educational technology — which is the framework under which districts deploy filtering extensions broadly.

FERPA, PPRA, SOPIPA, and equivalent state student-data-privacy laws (NY Ed Law 2-d, Illinois SOPPA, Colorado SDPPA, and others) generally apply to operators handling educational records or student PII. We handle neither. If your district requires a formal Data Privacy Agreement (DPA) to satisfy local procurement, contact privacy@teachermagic.org and we'll sign one. There is nothing to disagree about — we have nothing to share.

Source code transparency

The extension source is included in the Chrome Web Store package itself. Any IT administrator can unzip the published extension and verify the claims in this policy. There is no obfuscation and no minified-only code paths.

Children's privacy

Both extensions may be used by children under 13. Because we collect no personal information from any user, regardless of age, there is no path by which information about a child could be collected by us. If you believe we have inadvertently received personal information about a child, contact privacy@teachermagic.org — but as a matter of architecture, the path does not exist.

Security

Because we hold no user data, there is no user data to breach. The extensions are reviewed and distributed through the Chrome Web Store's security pipeline. Updates are signed by Google and delivered through Chrome's update mechanism.

Changes to this policy

If this policy materially changes, the "Last updated" date at the top will move and the change will be noted in the relevant extension's changelog. We don't expect substantive changes because the data-handling architecture is built to need none.

Contact

• Privacy questions: privacy@teachermagic.org
• Support: support@teachermagic.org
• General feedback or bug reports: feedback@teachermagic.org

Real humans read every email, usually within a couple of days. Email is the only contact channel — there is no contact form, because forms collect data.