Introduction

Welcome to Student Story AI LLC ("we," "us," or "our"). We are committed to protecting your privacy and ensuring compliance with all applicable federal and state laws, including the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA), and other relevant rules, policies, and regulations. This Data Policy outlines how we handle information collected from educators, administrators, and school staff ("users") and emphasizes our strict prohibition against uploading personally identifiable information (PII) about students.

Information We Collect

Personal Information from Users

Account Information: When users create an account, we collect personal information such as name, email address, and school affiliation.

Payment Information: For purchasing our services, we collect necessary payment details through our secure payment processor.

Usage Data: We collect data on how users interact with our platform to improve our services.

Student Data Collected

While we prohibit the upload of any student PII, we do collect student-generated content that is non-identifying. This may include:

General Non-Identifying Works: Such as essays, writing samples, artwork, survey responses, and other educational materials that do not contain PII.

Prohibited Information

Student PII: Users are strictly prohibited from uploading any personally identifiable information about students. This includes, but is not limited to:

• First and Last Name
• Telephone Numbers
• Social Security Numbers
• Home or Physical Address: Including street name and city or town name.
• Online Contact Information: Such as email addresses.
• Screen or User Names: That function as online contact information.
• Persistent Identifiers: That can recognize a user over time and across different websites or online services.
• Photographs, Videos, or Audio Files: Containing a child's image or voice.
• Geolocation Information: Sufficient to identify street name and city or town name.
• Other Personal Information: Concerning the child or the child's parents collected online and combined with any of the above identifiers.

How We Use Information

Communication: To send updates, respond to inquiries, and provide customer support.

Educational Purposes: To facilitate educational activities by allowing users to access and manage their own student-generated content.

Advertising Policy

We are committed to ensuring that your data remains confidential and is used solely for the purposes outlined in this Data Policy.

No Disclosure or Sale of Information: We will not disclose, share, or sell any information to outside parties under any circumstances, including for purposes of targeted advertising.

No Profiling: We do not develop profiles or create groups based on your information for any purpose other than the operation and functionality of our platform features.

Data Sharing

We do not sell, share, or make available any data to third parties. All data collected, including user information and student-generated content, is kept strictly confidential and used only as described in this Data Policy.

Exception – Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our business, your information may be transferred to the successor organization with due notice to current users. We will strive to see that any such transfer is subject to the same strict privacy and security requirements that Student Story adheres to, as outlined in this Data Policy.

Data Management

We employ comprehensive data management practices to ensure compliance with this Data Policy and applicable laws:

Identification Systems: We employ automated systems that attempt to detect and flag personal information that may have been inadvertently uploaded.

Redaction Systems: We employ tools that attempt to identify and automatically redact identified PII from user submissions to prevent unauthorized access or disclosure.

Manual Reviews: Our team conducts routine manual reviews to identify and remove any PII that automated processes may have missed.

Data Security

We implement robust security measures to protect user information, including:

256-Bit SSL Encryption: All data transmitted between your device and our servers is secured using 256-bit Secure Socket Layer (SSL) encryption to ensure confidentiality and integrity.

Secure Servers: Our servers are protected by advanced security technologies. We use Google for all of our computing and storage services, a trusted source for educational institutions around the globe.

Regular Security Assessments: We conduct routine security audits and assessments to identify and mitigate potential vulnerabilities.

Access Controls: Strict access controls are in place to limit data access to authorized personnel only.

CCPA Compliance: In accordance with the California Consumer Privacy Act (CCPA), we have implemented appropriate security measures to protect the personal information of California residents from unauthorized access, exfiltration, theft, or disclosure.

Data Security Involving AI Applications

Our AI applications operate in a secure, isolated environment disconnected from external sources. Unlike traditional AI interactions where submitted data and messages may be stored in repositories for future model training—which could make your data part of publicly available models—our AI models are entirely separated from public frameworks. Any data or messages sent to our AI models remain confined within our internal system and are not accessible to third parties for the advancement of their AI models.

Data Processing and Storage

All data collected through our platform will be processed, maintained, and stored within the United States. For clients who require data to be maintained within their state's borders, regional data processing and storage options are available for select regions. We are committed to accommodating such requirements to comply with state-specific regulations and client preferences.

Subprocessors

We may engage third-party service providers ("subprocessors") to assist in delivering our services. We ensure that all processes performed by these entities meet our security standards. Any subprocessors we engage are required to adhere to this Data Policy and implement security measures that are at least as stringent as our own, ensuring your data remains protected and confidential.

Compliance with Laws

FERPA Compliance

We comply with FERPA by ensuring that no student education records or PII are collected, stored, or disclosed through our platform. Users who submit data have declared that all student-generated content is non-identifying and is used solely for educational purposes by authorized administrators, educators and school staff. Additionally, we employ safeguards in an attempt to identify and redact any PII that my have mistakenly been submitted.

COPPA Compliance

Our services are intended for use by educators, administrators and other district staff. We do not knowingly collect personal information from children under the age of 13. Any student-generated content collected is non-identifying and submitted by authorized users who have asserted that their actions are in compliance with all applicable laws.

CCPA Compliance

In compliance with the California Consumer Privacy Act (CCPA), we respect and protect the privacy rights of California residents. Under the CCPA, California residents have the right to:

Know: Request information about the categories and specific pieces of personal data we have collected.

Delete: Request the deletion of personal information we have collected about them.

Opt-Out: Opt-out of the sale of their personal information. However, we do not sell personal information.

If you are a California resident and wish to exercise your rights under the CCPA, please contact us using the information provided below.

User Responsibilities

Prohibition of Student PII Uploads: Users must not upload any student PII to our platform.

Ensuring Non-Identifying Content: When submitting student-generated content, users must ensure that it does not contain any PII.

Reporting Violations: Users should immediately report any suspected violations of this policy to us.

Adherence to Policies: Users are responsible for reviewing and complying with this Data Policy and any updates.

Additional Agreements for Enterprise Customers

For enterprise customers, we offer custom-tailored Service Level Agreements (SLA) and Data Processing Agreements (DPA) to meet specific organizational needs and compliance requirements. These agreements provide enhanced service commitments and data protection measures tailored to your enterprise's policies and standards. Please contact us for more information on customizing these agreements to align with your organization's requirements.

Changes to This Data Policy

We may update this Data Policy at any time. Any changes will be posted on this policy page with an updated effective date. We encourage users to review this Data Policy periodically to stay informed. Enterprise users will be notified if any changes create a circumstance where an updated DPA or SLA may be required.

Contact Information

If you have any questions or concerns about this Data Policy, or if you wish to exercise your rights under applicable laws, please contact us at:

Email: info @ studentstory.ai