Skip to main content

Privacy policy

Effective Date: December 14, 2025
Previous Policy: 09/2024, 10/2024

Our Commitment: Maximum Data Protection and Sovereignty

1. Introduction and Core Commitment

Welcome to Student Story AI LLC ("we," "us," or "our"). We recognize that the privacy and safety of data is paramount. We are committed to protecting your information and ensuring compliance with applicable privacy laws.

Our Core Privacy Principles:

  • Ownership: You retain full ownership of your data.
  • No Sale of Data: We do not sell, rent, or lease your data to third parties.
  • No AI Training: We do not use your data to train our artificial intelligence models or those of third parties.
  • Purpose Limitation: Data is used strictly to provide the requested services. We comply with key federal and state regulations, including:
  • FERPA (Family Educational Rights and Privacy Act)
  • COPPA (Children's Online Privacy Protection Act)
  • CCPA/CPRA (California Consumer Privacy Act & Rights Act)
  • SOPIPA (Student Online Personal Information Protection Act)

2. Information Collection and Minimization

We adhere to the principle of Data Minimization, collecting only the information strictly necessary for the operation of our services.

A. Account Information

To establish and maintain your account, we collect:

  • Name (for account identification)
  • Email address (for authentication and service notifications)
  • School or organization affiliation

B. Payment Information

  • Payment Processing: All payment transactions are processed through a globally trusted e-commerce platform that powers nearly 30% of online stores worldwide. Your information is protected by industry-leading security measures and full PCI-DSS compliance.
  • Payment Privacy: At no time do we have access to credit card details for transactions made on our website.

C. Operational Usage Data

  • System Logs: We collect technical logs (e.g., timestamps, error codes) solely for system maintenance, security monitoring, and debugging.
  • No Behavioral Tracking: We do not track user activity across third-party websites.
  • No Advertising Profiling: We do not create user profiles for advertising or marketing purposes.

3. Strict Prohibitions and Data Safety

The "Zero PII" Environment

Our platform is designed as a Zero Personally Identifiable Information (PII) environment. Unless a specific Data Agreement is signed and on file, uploading or creating data that contains PII is strictly prohibited.

Restricted Data Types

Users must not upload the following types of information:

  • Student names (first or last)
  • Physical addresses
  • Personal email addresses
  • Telephone numbers
  • Social Security Numbers or other government identifiers
  • Biometric data (including photographs and voice recordings)
  • Geolocation data 

Automated Redaction: To further protect user privacy, you are encouraged to utilize our system features that are designed to flag and redact inadvertently uploaded PII.

4. Permitted Use of Information

We process data solely to fulfill the services requested by the user.

  • Service Delivery: User inputs are processed solely for the purpose of delivering analysis and educational content.
  • Communication: Sending necessary account notifications or responding to support inquiries.

Prohibited Uses

  • No Sale: We do not sell, rent, or lease, any user data.
  • No External Sharing: We do not share data with third parties for any reason, including marketing or advertising purposes.
  • Data Siloing & AI Privacy: Data and works are safely isolated and controlled solely by the user. Under no circumstances do we ingest user data to train, fine-tune, or improve our AI models, nor is it ever exposed to public AI models or third-party providers.

5. Data Ownership and Rights

User Sovereignty

  • Retention of Rights: Users and their respective educational institutions retain all rights, title, and ownership of the data submitted to and content generated by the platform.
  • Data Portability: Active users may export, retrieve, or permanently remove their data at any time.
  • Right to Deletion: Upon request or account cancellation, all related data is permanently deleted from our systems.

6. AI Security and Architecture

Our AI infrastructure is designed to ensure data isolation.

  • Transient Processing: Data submitted to AI models is processed in a transient state. The models utilize data solely to perform a function and do not retain any data after the transaction completes.
  • Isolated Environments: Our models operate within a secure, containerized environment, ensuring no data exposure to public frameworks.
  • Frozen Models: We utilize static ("frozen") model versions that do not learn or adapt based on prior operations or user inputted data.

7. Data Security Standards

We implement comprehensive technical and organizational measures to protect your data.

Encryption

  • In Transit: Data transmitted between your device and our servers is encrypted using industry-standard Transport Layer Security.
  • At Rest: Data stored within our databases is encrypted using AES-256 encryption.

Access Controls

  • Least Privilege: Internal access to user data is restricted to authorized personnel solely for support or maintenance.
  • User Works: Internal access to user-created content is strictly prohibited unless explicitly authorized by an account administrator. Temporary access may be granted for support purposes only within a defined time window and through a formal consent process.
  • Audit Logging: Internal access to data systems is logged and subject to periodic review.

8. Subprocessors and Third Parties

To maintain the security and integrity of our platform, we restrict our use of third-party subprocessors to a select few essential providers.

  • Infrastructure Providers: We rely on secure, industry-standard cloud infrastructure to host our services and data.

  • Transparency: A current list of subprocessors is available upon request.

9. Legal Compliance and Disclosure

Law Enforcement

We do not disclose data to persons, companies, government, state, or law enforcement agencies unless required by a valid legal process, such as a court order or subpoena. To the extent permitted by law, we will attempt to provide prior notice to the affected user to allow them to seek a protective order.

Educational Compliance

  • School Official Designation Option: Under FERPA, we agree to be designated as a "School Official" with "legitimate educational interests" in the data, subject to the direct control of the educational agency or institution.

10. Policy Updates

We reserve the right to modify this Privacy Policy.

  • Notification: In the event of material changes to our data collection or processing practices, we will notify users via email or a prominent notice on our platform.

Contact Information

For inquiries regarding this Privacy Policy, data deletion requests, or security concerns, please contact us.

info@studentstory.ai

 

Student Story AI

Devoted to discovering innovative systems that promote student success in the classroom and beyond.

Book a Demo

2026 © Student Story AI

google-startup-logo
footer-logo
2026 © Student Story AI