Get started

Privacy Policy

This Privacy Policy applies to all digital products and services operated by Educative Technologies under the Reach LMS brand. This includes our website, web-based learning platform, and mobile applications (collectively, "our Services"). By using any of our Services, you agree to the collection and use of information as described below.

Section 1Information We Collect

1.1  Account and Authentication Data

When you register or log in, we collect information necessary to create and manage your account, including your name, email address, and institutional affiliation. Authentication on our platform is handled via Canvas OAuth 2.0. Credentials are never stored in plain text; access tokens are held in encrypted storage.

For users who register on the website, we store the personal information provided in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username).

1.2  Information You Provide

When you interact with our Services, you may provide:

  • Profile information (name, email, role)
  • Course content, assignment submissions, and uploaded files
  • Messages and communications sent through the platform
  • Comments posted on the website
  • Feedback or support requests

1.3  Comments

When visitors leave comments on our site, we collect the data shown in the comment form, as well as the visitor's IP address and browser user agent string to help with spam detection. An anonymised string created from your email address (a hash) may be sent to the Gravatar service to check whether you use it — see Automattic's Privacy Policy for details. After approval, your profile picture may be visible to the public alongside your comment.

1.4  Usage and Analytics Data

We use Firebase Analytics to collect anonymised usage data across our Services, including pages and screens visited, feature interactions and navigation events, session duration and frequency of use, and a pseudonymous user identifier. This data is used solely to improve our Services and is not sold to third parties.

1.5  Device and Technical Data

When you access our Services, we or our third-party providers may automatically collect:

  • IP address and general geographic region
  • Browser type, version, and user agent string
  • Device model and operating system (mobile)
  • Referring URLs and exit pages
  • App version, device advertising identifier, and push notification token (mobile)

1.6  Cookies and Similar Technologies

Our website and platform use cookies for the following purposes:

Comment cookies If you leave a comment and opt in, your name, email, and website are saved for one year so you do not need to re-enter them on future visits.
Session detection A temporary cookie set when you visit our login page to check if your browser accepts cookies. Contains no personal data and is discarded when you close your browser.
Login cookies Set when you log in to save your login state and screen preferences. Login cookies last two days; screen options last one year. "Remember Me" extends login to two weeks. Logging out removes all login cookies.
Editor cookies Records the post ID of content you edit or publish. Contains no personal data and expires after one day.
Analytics cookies Used to analyse usage patterns across our Services.

You can control cookie behaviour through your browser settings. Disabling certain cookies may affect the functionality of parts of our Services.

1.7  Media and File Uploads

Files you upload (e.g. assignment attachments, profile photos, images) are transmitted to your institution's Canvas instance and/or Firebase Storage. We only access files you explicitly choose to share.

⚠️ If you upload images to the website, avoid including embedded location data (EXIF GPS). Visitors may be able to download and extract location data from images that are publicly displayed.

Section 2Information We Do Not Collect

We do not collect or request access to:

Precise or approximate location Device contacts or address book Device camera Biometric data

Section 3How We Use Your Information

PurposeData Used
Provide and personalise our ServicesAccount data, usage data
Authenticate you with your institution's Canvas systemCanvas OAuth token
Deliver course content, assignments, and gradesCanvas API data
Send push notifications and email communicationsPush token, email address
Improve performance and user experienceAnalytics data, cookies
Support assignment and file submissionsFiles you select
Enable website commentingComment data, IP address, email hash
Detect and prevent spamIP address, browser user agent
Respond to support requestsContact information, message content
Comply with legal obligationsAs required by applicable law

Section 4Data Sharing and Disclosure

We do not sell your personal information. We may share data with the following third parties only to the extent necessary to operate our Services:

  • Your Institution — All academic data (courses, assignments, grades, submissions) is transmitted to and stored by your educational institution's Canvas LMS instance, subject to that institution's own data policies.
  • Google / Firebase — Analytics, push notification delivery, and file storage. Firebase processes data per Google's Privacy Policy.
  • Google Cloud Functions — Used for secure token handling and feedback submission.
  • Gravatar (Automattic) — An anonymised hash of your email may be sent to retrieve your profile picture for display alongside comments. See Automattic's Privacy Policy.
  • Spam Detection Services — Visitor comments may be checked through an automated spam detection service.
  • Hosting and Infrastructure Providers — Third-party services used to host and operate reachlms.com and related platforms.
  • Password Reset Emails — If you request a password reset, your IP address will be included in the reset email.
  • Legal Requirements — We may disclose information if required by law, or to protect the rights, property, or safety of our users or the public.

Section 5Data Retention

  • Account and authentication tokens are retained for the duration of your active account and deleted upon account closure or logout (tokens).
  • User profile data is stored for as long as your account exists. Users may request deletion at any time (see Section 8).
  • Comments and metadata are retained indefinitely to enable automatic recognition and approval of follow-up comments. You may request deletion of your comment data (see Section 8).
  • Analytics data is retained by Firebase per Google's data retention policies (default: 14 months).
  • Uploaded files are retained on your institution's Canvas system per that institution's data retention policies.
  • Website cookies expire as defined by each cookie type — see Section 1.6 for specific durations.

Section 6Children's Privacy

Our Services are intended for use by students and educators in accordance with their institution's policies. We do not knowingly collect personal information from children under 13 (or the applicable age of digital consent in your jurisdiction) without appropriate institutional or parental consent. If you believe such information has been provided without consent, please contact us and we will take steps to delete it.

Section 7Security

We implement industry-standard security measures including HTTPS/TLS for all data in transit, encrypted on-device storage for authentication tokens (mobile), and access controls limiting who within our organisation can access personal data. No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

Section 8Your Rights and Choices

Depending on your location, you may have the right to access, correct, export, or delete your personal data.

  • Account and profile data — You can view, edit, or delete your personal information at any time through your account settings.
  • Data export and erasure — If you have an account or have left comments, you can request an exported file of the personal data we hold about you, or request that we erase it. This does not include data we are required to retain for administrative, legal, or security purposes.
  • Academic records — Requests regarding academic data held by your institution should be directed to your institution.

Email communications: Unsubscribe from non-essential emails via the link in any such email. Push notifications: Disable at any time through your device's notification settings. Cookies: Manage through your browser settings — see Section 1.6 for details.

Section 9Embedded Content from Other Websites

Pages and articles on our website may include embedded content (e.g. videos, images, articles). Embedded content from other websites behaves in the same way as if you had visited those websites directly — they may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that content, including if you are logged in to that website.

Our mobile applications may also display third-party content (including YouTube videos) via in-app browsers. Use of those services is subject to their respective privacy policies.

Section 10Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date above and, where appropriate, by posting a notice on our website or sending a notification through our Services. Continued use of our Services after changes constitutes acceptance of the revised policy.

Section 11Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Educative Technologies
Website: reachlms.com
Email: office@educativetech.com
© 2026 Educative Technologies. All rights reserved. Covers reachlms.com, the web platform, and mobile applications.