1. Scope and Applicability
This Privacy Vector ("Policy") applies to all products, services, and digital surfaces operated by Teacher's Pet, LLC("Company," "we," "us"), including the PUPIL IEP™ web application, its API surfaces, stakeholder review portals, and any associated mobile experiences (collectively, the "Platform").
This Policy governs the collection, use, storage, sharing, and deletion of information from educators, administrators, parents/guardians, related service providers, and any other individuals who interact with the Platform ("Users"). By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described herein.
Where the Platform is adopted by a school district or local education agency ("LEA"), the data processing relationship is typically governed by a separate Data Processing Agreement ("DPA") executed between the Company and the LEA. In the event of a conflict between this Policy and a fully executed DPA, the terms of the DPA shall prevail with respect to the educational records covered by that agreement.
2. Definitions
- "Education Record" means any record directly related to a student that is maintained by an educational agency or institution, or by a party acting for the agency or institution, as defined under FERPA (20 U.S.C. § 1232g).
- "Personally Identifiable Information" (PII) means information that, alone or in combination, can be used to identify a specific individual, including but not limited to name, date of birth, address, disability classification, and educational performance data.
- "AI-Generated Content" means any narrative text, LaTeX document output, goal statements, or accommodation recommendations produced by the Platform's artificial intelligence subsystem based on structured educator inputs.
- "Stakeholder Review Token" means a cryptographically generated, single-use access credential that permits an invited external party (e.g., a parent or related service provider) to view, annotate, and approve or request changes to a specific report without requiring a registered Platform account.
- "Authorized Educator" means any Platform user who has been credentialed by their LEA or institution and assigned a role (case manager, specialist, general education teacher, school administrator, or district administrator) within the Platform.
3. Categories of Data Collected
3.1 Educator Account Data
When an Authorized Educator registers or is provisioned on the Platform, we collect:
- Full name, professional email address, and optional phone number
- Organizational affiliation (district, school, role classification)
- Authentication credentials (bcrypt-hashed passwords; plaintext passwords are never stored)
- Notification preferences (compliance alerts, status updates, progress digests)
- Multi-factor authentication enrollment status
- Aggregate AI usage telemetry (prompt and completion token counts)
3.2 Student Education Records
To generate IEP and PLAAFP compliance documents, Authorized Educators input structured student data, which may include:
- Student name, date of birth, gender, grade level, and grade equivalency
- Primary and secondary disability classifications
- Ethnicity, primary language, and school enrollment information
- Academic performance levels and curriculum-based measurement data by subject area
- Content standards, learning objectives, and IEP goal benchmarks
- Accommodation and modification selections
- Transition planning goals and post-secondary planning needs
- Related service logs (service type, frequency, duration, setting, session notes)
- Parent/guardian names, email addresses, and case manager identification
- IEP team roster and role assignments
All student data is classified as an Education Record under FERPA and is afforded the full protections described in Section 11 of this Policy.
3.3 AI Interaction Data
When the AI generation engine is invoked, we transiently process:
- Structured input payloads derived from educator-entered form data
- System prompts and instructional context (containing no student PII beyond what the educator has entered)
- Generated narrative outputs (which are stored as part of the Report record)
- Token usage metrics for billing and capacity planning
We do not retain raw prompts or AI model interaction logs beyond the session in which they are generated. See Section 5 for further detail.
3.4 Stakeholder Review Data
When an Authorized Educator invites an external stakeholder to review a document:
- The stakeholder's email address and invitation timestamp
- A cryptographically secure 256-bit review access token
- Review status (pending, reviewed, auto-approved, requested changes)
- Inline comments and section-level annotations submitted during review
3.5 Technical and Operational Data
- IP addresses recorded in audit logs for administrative actions
- Browser type, operating system, and device characteristics (via standard HTTP headers)
- Session duration and page navigation patterns (for performance optimization only)
- Error logs and stack traces for platform reliability monitoring
4. Legal Basis for Processing
We process personal data under the following legal bases:
- Contractual Necessity: Processing is necessary to perform the services contracted by the LEA or individual educator, including document generation, stakeholder collaboration, and compliance tracking.
- Legitimate Educational Interest: Under FERPA's "school official" exception (34 CFR § 99.31(a)(1)), the Company operates as a school official with a legitimate educational interest when performing services that the LEA would otherwise perform internally.
- Consent: Where required by applicable law (e.g., parental consent for certain data uses involving minors), we obtain or require our LEA partners to obtain appropriate consent prior to processing.
- Legal Obligation: We may process data to comply with applicable federal, state, or local laws, regulations, or enforceable governmental requests.
5. AI and Automated Processing
5.1 How AI is Used
The Platform employs large language models to generate narrative content for IEP and PLAAFP compliance documents. The AI operates exclusively within a structured tool-call paradigm—it does not make autonomous decisions about student placement, services, or eligibility. All AI-generated content is presented to the Authorized Educator for review, modification, and approval before it is incorporated into any official document.
5.2 Data Sent to AI Models
When generating a document, the Platform transmits structured, educator-entered data (student demographics, academic performance levels, accommodation selections, and transition goals) to the AI model provider. This data is transmitted over encrypted channels (TLS 1.2+) and is governed by our Data Processing Agreement with the model provider.
5.3 No Training on Student Data
Teacher's Pet does not use, permit, or authorize the use of any student Education Records for AI model training, fine-tuning, or improvement purposes. Our agreements with AI providers expressly prohibit the retention or use of input/output data for model training. Student data is processed ephemerally and is not stored by the AI model provider beyond the duration of the API request.
5.4 Human Oversight Guarantee
No document generated by the Platform is finalized, submitted to a stakeholder, or treated as an official compliance artifact without explicit human review and approval by an Authorized Educator. The Platform's workflow enforces a mandatory human-in-the-loop review step before any AI-generated content can progress to stakeholder review or finalization.
6. Data Sharing and Third-Party Access
We limit data sharing to the following categories of recipients, and only to the minimum extent necessary to provide the Platform's services:
6.1 Infrastructure Providers
- Cloud Hosting (Vercel): Application hosting, serverless compute, and edge delivery. Vercel processes request metadata in accordance with their DPA.
- Database (MongoDB Atlas): Persistent storage of all application data, encrypted at rest (AES-256) and in transit (TLS 1.2+).
- Email Delivery (Amazon SES): Transactional email delivery for stakeholder invitations, deadline notifications, and account communications. Only recipient email addresses and message content are shared.
- Document Compilation (LaTeX): PDF rendering is performed server-side. Student data processed during compilation is ephemeral and is not persisted outside the application's encrypted storage layer.
6.2 AI Model Providers
Structured student data is transmitted to the AI model provider solely for the purpose of document generation. See Section 5 for our comprehensive AI data governance framework.
6.3 We Do Not Sell Data
Teacher's Pet does not sell, rent, lease, or trade any personal information, student Education Records, or AI-generated content to any third party for any purpose, including advertising, marketing, or data brokerage.
6.4 Legal Disclosures
We may disclose information if we believe in good faith that disclosure is necessary to comply with applicable law, regulation, or legal process; protect the rights, property, or safety of our users or the public; or enforce our Terms of Operation.
7. Stakeholder Review Tokens
The Platform's stakeholder review system enables Authorized Educators to share specific documents with parents, guardians, and service providers for collaborative review and approval. This system operates as follows:
- Access tokens are generated using cryptographically secure 256-bit random values (via Node.js
crypto.randomBytes(32)). - Each token grants read-only access to a single, specific report. Tokens cannot be used to access other student records, navigate the Platform, or perform administrative actions.
- Stakeholders may submit inline annotations and section comments, and may approve or request modifications to the document under review.
- Review tokens are subject to configurable deadlines. Upon deadline expiration, unreturned reviews are automatically marked as "Auto-Approved" and the stakeholder is notified via email.
- Tokens are revocable at any time by the issuing Authorized Educator via the Platform's recall mechanism.
8. Security Architecture
We implement defense-in-depth security controls across all layers of the Platform:
- Encryption at Rest: All persistent data is encrypted using AES-256 encryption within MongoDB Atlas's managed encryption infrastructure.
- Encryption in Transit: All data transmissions between users, the Platform, and third-party services are encrypted using TLS 1.2 or higher.
- Authentication: User passwords are hashed using bcrypt with a configurable work factor. Session management is handled via signed, HTTP-only, secure-flagged JWT tokens.
- Role-Based Access Control (RBAC): The Platform enforces granular role-based permissions (district administrator, school administrator, case manager, specialist, general education teacher, parent) to ensure users can only access data within their authorized scope.
- Audit Logging: Administrative actions (district creation, campaign sends, configuration changes) are recorded in an append-only audit log with actor identification, timestamp, target reference, and originating IP address.
- Multi-Factor Authentication: MFA support is available for all user accounts and is enforceable at the district level.
- Input Validation: All user inputs are validated and sanitized to prevent injection attacks. LaTeX compilation inputs are processed in isolated contexts.
9. Data Retention and Deletion
9.1 Active Data
Student Education Records and associated report data are retained for the duration of the district's or educator's active subscription. Data is maintained in its most current state, with version history preserved as part of the report's audit trail.
9.2 Post-Termination
Upon termination of a district or educator subscription, we retain data for a period of ninety (90) calendar days to facilitate data export and transition. After this grace period, all associated Education Records are permanently and irreversibly deleted from our production systems and backups.
9.3 Deletion Requests
LEAs and individual educators may request deletion of specific student records at any time by contacting our Data Protection Officer. Deletion requests are processed within thirty (30) business days. Upon completion, a deletion confirmation certificate is issued to the requesting party.
9.4 Audit Log Retention
Administrative audit logs are retained for a minimum of three (3) years from creation to satisfy compliance and forensic investigation requirements. Audit logs are stored separately from Education Records and do not contain student PII beyond anonymized references.
10. Individual Rights
Depending on your jurisdiction and relationship to the data, you may exercise the following rights:
- Access: Request a copy of the personal data we hold about you or your child.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of personal data, subject to legal retention obligations.
- Data Portability: Request export of your data in a structured, machine-readable format (JSON or PDF).
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Objection: Object to processing of your data for specific purposes.
For Education Records, rights of access, correction, and deletion typically vest with the parent or eligible student, and are exercised through the LEA in accordance with FERPA. We will cooperate with all LEA-directed access and deletion requests.
To exercise any right, contact us at privacy@teacherspet.app.
11. FERPA Compliance
Teacher's Pet operates under the "school official" exception to FERPA's prior consent requirement (34 CFR § 99.31(a)(1)). Under this framework:
- The Company performs institutional services that the LEA would otherwise perform using its own employees.
- The Company is under the direct control of the LEA with respect to the use and maintenance of Education Records.
- The Company is subject to the same conditions governing the use and re-disclosure of Education Records that apply to other school officials.
- The Company does not use Education Records for any purpose other than the purpose(s) for which the disclosure was made.
We maintain strict organizational and technical boundaries to ensure that Education Records from one LEA are never accessible to users of another LEA. Multi-tenant data isolation is enforced at the database query layer through mandatory district and school scoping.
12. COPPA and Children's Data
The Platform is designed for use by adult educators and authorized educational professionals—not by children. Students do not directly interact with or create accounts on the Platform. Student data is entered exclusively by Authorized Educators acting in their professional capacity and within the scope of their educational duties.
To the extent that student Education Records constitute information about children under the age of 13, we rely on the COPPA exception for educational institutions (16 CFR § 312.5(c)(3)), under which the LEA provides consent on behalf of parents for the collection of student information used solely in the educational context.
13. Changes to This Policy
We may update this Policy to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Provide at least thirty (30) days' advance notice to affected LEAs and registered educators via email before material changes take effect.
- Where required by law or contract, obtain affirmative consent from LEAs before implementing changes that expand the scope of data collection or sharing.
14. Contact and Data Protection Officer
For questions, concerns, or requests related to this Policy or our data practices, contact:
Teacher's Pet, LLC — Data Protection Office
Email: privacy@teacherspet.app
Response Time: Within five (5) business days
For urgent matters involving suspected data breaches or unauthorized access to Education Records, please include "URGENT" in your subject line. We will acknowledge urgent reports within twenty-four (24) hours.