🌱EdEquity AI

Privacy Policy

Last updated: March 31, 2026

1. Information We Collect

We collect only the information necessary to provide our educational service:

  • Account information: Name, email address, password (hashed), role (student/teacher/parent).
  • Student profile: Grade level, region, state, date of birth (for COPPA compliance), dialect preference.
  • Learning data: Module progress, assessment scores, mastery levels, streaks, XP, and tutor conversation history.
  • Technical data: Device type, browser, and connection status (online/offline) for service optimization.

2. How We Use Information

  • Personalize the AI tutor experience based on region, grade, and learning progress.
  • Track and display academic progress to the student, their teacher, and their parent/guardian.
  • Generate adaptive assessments and curriculum recommendations.
  • Improve our platform and curriculum based on aggregate, anonymized usage data.

3. COPPA Compliance (Students Under 13)

We take the protection of children's privacy seriously. For students under 13:

  • Verifiable parental consent is required before account creation.
  • Parents receive a consent request via email with a secure, time-limited verification token.
  • Student accounts are not activated until parental consent is verified.
  • Parents can review their child's data and request deletion at any time.
  • We do not collect more information than is reasonably necessary for educational purposes.

4. FERPA Compliance

EdEquity AI operates as a “school official” under FERPA when used by educational institutions. Student education records are accessible only to the student, their assigned teacher, and their linked parent/guardian. We do not disclose student records to third parties without consent. Teachers cannot access student tutor conversation content — only progress metrics.

5. Data Storage and Security

  • Data is stored in Supabase (PostgreSQL) with Row-Level Security enforcing access controls.
  • Passwords are hashed using industry-standard algorithms.
  • Authentication tokens are stored in httpOnly cookies to prevent XSS attacks.
  • All data in transit is encrypted via TLS/HTTPS.
  • Rate limiting and brute-force protection are enforced on all authentication endpoints.

6. Third-Party Services

We use the following third-party services to power our platform:

  • Supabase: Database hosting, authentication, and file storage.
  • OpenAI: Powers the NAANO AI tutor and assessment generation. Conversation data is sent to OpenAI for processing but is not used to train their models.
  • ElevenLabs: Provides text-to-speech and speech-to-text for voice interactions.
  • Upstash: Redis caching for performance optimization. No personally identifiable information is stored in cache.

7. Data Retention and Deletion

We retain student data for as long as the account is active. Upon account deletion or a verified deletion request, all personal data and learning records are permanently removed within 30 days. Anonymized, aggregate data may be retained for platform improvement.

8. Your Rights

  • Access your data at any time through your dashboard or by contacting us.
  • Request correction of inaccurate personal information.
  • Request deletion of your account and all associated data.
  • Parents may review, modify, or delete their child's information at any time.
  • Opt out of non-essential data collection (analytics, usage tracking).

9. Contact Information

If you have questions about this privacy policy or wish to exercise your data rights, please contact us at privacy@edequity.ai.