Documentation

How Lesson Commons is built — and the design decisions behind it.

Most software keeps its design decisions private. We publish ours, because the decisions are the product. When a teacher trusts Lesson Commons with a classroom of minors’ data, “trust us” is not an answer — the architecture is.

These notes are adapted from our internal architecture decision records. They are written to be read by anyone evaluating the platform: teachers, school data-protection officers, and fellow builders who want to do the right thing and can’t find a map for it.

Privacy & Data Protection

Lesson Commons is designed GDPR-first: EU data-protection law was the starting point, not a retrofit. These notes describe the choices that follow from that.

Privacy by Design: The Principles We Build From

Data minimisation, the school-as-controller model, and why students log in with an access code instead of an email address.

What We Collect, and What We Refuse To

The student activity model: pseudonymised IP hashing, a 90-day automatic purge, legitimate-interest basis, and the surveillance features we deliberately rejected.

Data Subject Rights in Practice

How access, export, erasure, and objection actually work in the product — not as a policy promise, but as features that ship.

For how this marketing website (not the platform) handles visitor data, see our site privacy page. For the platform’s formal policies, see the teacher and student privacy policies.

Building EdTech and trying to get this right?

We think vendor best practices for student-data protection are badly under-documented. If these notes are useful — or you think we’ve got something wrong — we’d like to hear it.

Get in Touch Follow Us on LinkedIn