Privacy Policy

1. Introduction

EduAI (“we,” “our,” or “us”) is committed to protecting the privacy of our users, including educators, students, and parents/guardians. This Privacy Policy describes how we collect, use, store, and share personal information through our educational technology platform.

This policy is designed to comply with the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and other applicable privacy regulations.

2. Information We Collect

We collect the following categories of information:

Account Information: Name, email address, password (hashed), and role (teacher or school administrator) provided during registration.

Student Education Records: Student names, grade levels, email addresses, test scores, attendance records, learning style information, and teacher notes. These records are entered by authorized educators and constitute “education records” under FERPA.

Usage Data: We collect usage information such as pages visited, features used, and session duration to improve our service. We do not use this data for advertising.

Technical Data: Browser type, device information, and IP address for security and audit purposes.

3. How We Use Information

We use collected information solely for educational purposes:

To provide and maintain our educational platform; to enable teachers to create, manage, and assess educational content; to generate reports and analytics for educators; to maintain security and prevent unauthorized access; and to comply with legal obligations.

We do not sell personal information. We do not use student data for advertising or marketing. We do not create advertising profiles based on student information.

4. Children’s Privacy (COPPA Compliance)

Our platform may be used in educational settings involving children under the age of 13. In compliance with COPPA:

We collect only the minimum personal information necessary for educational purposes. We do not collect personal information directly from children — all student data is entered by authorized educators acting as “school officials” under FERPA. We obtain verifiable consent from schools/educators who act under the authority of parents for educational purposes. Parents have the right to review their child’s personal information, request deletion, and refuse further collection.

5. Data Storage and Security

We use Firebase (Google Cloud) for data storage and authentication. All data is encrypted in transit using TLS/SSL. Sensitive fields are encrypted at rest. Access to student data is restricted to the authorized teacher who created the records.

We maintain audit logs of all access to student education records as required by FERPA. We implement session timeouts and require re-authentication for sensitive operations.

6. Data Sharing

We do not share student education records with third parties except as permitted by FERPA or as required by law. Our service providers (Firebase/Google Cloud) process data on our behalf under strict data processing agreements.

7. Data Retention

Student records are retained for up to 3 years after last activity. Audit logs are retained for 7 years as required by FERPA. Consent records are retained for 7 years. Users may request deletion of their data at any time, subject to a 30-day grace period.

8. Your Rights

Parents/Guardians: You have the right to inspect and review your child’s education records, request amendments to inaccurate records, consent to or refuse disclosure of records, and request deletion of your child’s data.

Educators: You have the right to access, export, and delete your account data and any student records you have created.

To exercise any of these rights, please contact us at the address below.

9. Changes to This Policy

We will notify users of material changes to this policy via email and in-app notification. Continued use of the platform after notice constitutes acceptance of changes. We will request renewed consent if changes materially affect how student data is handled.

10. Contact Us

For privacy-related inquiries, data access requests, or to report a concern, please contact our Data Protection Officer at: privacy@eduai.app