Thin Slides Live — a product of Learning Innovation Systems, LLC.
Effective Date: April 9, 2026 | Last Updated: April 9, 2026
Thin Slides Live is a real-time classroom response tool that lets teachers display student work on a shared screen. We built it for educators, and we take student privacy seriously. This policy explains what data we collect, why, how we protect it, and when we delete it.
Thin Slides Live is operated by Learning Innovation Systems, LLC. When this policy says "we," "us," or "our," it refers to Learning Innovation Systems, LLC. When it says "you," it refers to any user of Thin Slides Live — teachers, students, or school administrators.
We collect different information depending on your role.
Teachers do not currently create accounts. A teacher starts a session by entering a title and prompt — no email, password, or login is required. The only optional data collection from teachers occurs if they choose to connect their Google account for exporting slides to Google Slides, which uses Google OAuth solely for that export functionality.
Students do not create accounts. They join a live session using a short session code shared by their teacher. No login is required. During a session, we collect the following:
| Data | Purpose | Retention |
|---|---|---|
| First name or nickname | Display on the teacher's shared screen so the teacher can identify responses | 24 hours (auto-deleted) |
| Text responses | Displayed to the class as part of the lesson activity | 24 hours (auto-deleted) |
| Uploaded images | Displayed to the class as part of the lesson activity (e.g., photos of student work) | 24 hours (auto-deleted) |
| Session metadata | Socket connection IDs and slide assignments used to route data in real time | 24 hours (auto-deleted) |
All data we collect is used exclusively to provide the Thin Slides Live service — displaying student responses on a teacher's shared screen during a live class session. We do not use student data for any other purpose. Specifically, we do not use student data to advertise, to build profiles, to sell to third parties, or to train machine learning models.
We use the following infrastructure providers, all of which store data in the United States:
| Provider | Role | Data Stored |
|---|---|---|
| Railway | Application hosting | Processes session data in transit (not persisted) |
| Upstash | Session data store (Redis) | Student names, text responses, image references, session metadata |
| Cloudflare R2 | Image storage | Student-uploaded images (compressed JPEG) |
All data is transmitted using TLS encryption in transit. We are committed to ensuring encryption at rest across all storage layers.
Student session data — including names, text responses, uploaded images, and all session metadata — is automatically and permanently deleted within 24 hours of the session's creation. This deletion is enforced through automated expiration rules at the infrastructure level and does not require any manual action from teachers, students, or administrators.
If teacher accounts are introduced in the future, this policy will be updated to reflect the additional data collected and its retention period.
Thin Slides Live is designed to support schools' compliance with the Family Educational Rights and Privacy Act (FERPA). When a school or district enters into a Data Processing Agreement (DPA) with us, we act as a "school official" with a "legitimate educational interest" under FERPA. In this capacity, we agree to the following:
We use student data solely for the educational purpose for which it was provided. We do not disclose student data to any third party except our infrastructure subprocessors listed above, and only to the extent necessary to provide the service. We maintain reasonable administrative, technical, and physical safeguards to protect student data. We delete student data automatically within 24 hours.
We are prepared to sign the Student Data Privacy Consortium (SDPC) National Data Processing Agreement or a district's own DPA upon request.
Thin Slides Live may be used by children under 13 in a school setting. Under the Children's Online Privacy Protection Act (COPPA), schools may consent to the collection of student information on behalf of parents when the data is used solely for an educational purpose. By allowing students to use Thin Slides Live, the school represents that it has the authority to provide this consent.
We do not collect more information than is reasonably necessary to participate in a classroom session. Students do not create accounts, and all student data is deleted within 24 hours.
Many states have enacted student data privacy laws with requirements that extend beyond FERPA. We have designed our data practices to align with common requirements across state laws, including those of California (SOPIPA), New York (Education Law 2-d), Illinois (SOPPA), and Colorado (Student Data Transparency and Security Act). Our practices include minimal data collection, no sale or commercial use of student data, automatic 24-hour deletion, and transparency about subprocessors.
If your state has specific requirements not addressed here, please contact us and we are happy to discuss how our practices align.
We implement the following technical safeguards to protect student data:
All data is transmitted over TLS-encrypted connections. Access to infrastructure is restricted to authorized personnel using strong authentication. Session codes are randomly generated and expire automatically. Image upload URLs are cryptographically signed and expire within 5 minutes. Image download URLs are cryptographically signed and expire within 1 hour. Input validation and sanitization is applied to all student submissions. We use rate limiting and size constraints to prevent abuse.
We do not sell, rent, lease, or share student data with any third party for commercial purposes. The only third parties that process student data are our infrastructure subprocessors (Railway, Upstash, and Cloudflare), and only to the extent necessary to deliver the service. Each subprocessor is bound by their own data processing terms. We do not embed any third-party analytics, advertising, or tracking tools in the student experience.
In the event of a data breach that affects student information, we will notify affected schools and districts without unreasonable delay and no later than 72 hours after becoming aware of the breach. Notification will include a description of the data involved, the date or estimated date of the breach, and the steps we are taking in response.
Because no user accounts are required (for teachers or students) and student data is automatically deleted within 24 hours, the practical scope for data access and deletion requests is limited. However, we respect the following rights:
Schools and districts may request confirmation of data deletion, details about our data handling practices, or termination of data processing under an active DPA. Parents may contact their child's school to inquire about how Thin Slides Live is used in the classroom. Because we do not maintain user accounts or retain student data beyond 24 hours, there is no persistent student data for us to provide access to or delete on request.
We may update this policy from time to time. If we make material changes to how we handle student data, we will notify schools and districts with active DPAs at least 30 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision.
If you have questions about this privacy policy, our data practices, or if you would like to sign a Data Processing Agreement, please contact us:
Learning Innovation Systems, LLC
20409 Yorba Linda Blvd. Suite K2 225
Yorba Linda, CA 92886
Email: support@eduprotocols.com