Privacy Policy

1. Overview

Paideon (“we,” “our,” or “us”) provides an AI-powered grading platform for educators. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our service.

We are committed to complying with the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), and applicable state student data privacy laws.

2. Information We Collect

Teacher Account Information

• Name, email address, and password (hashed)
• School or organization name (optional)
• Billing information (processed by Stripe — we do not store payment card numbers)

Student Education Records

Teachers provide student data in the course of using Paideon for grading. This may include:

• Student name and school-assigned student ID number
• Student submissions (essays, assignments, documents)
• Grades and feedback generated by AI and/or modified by the teacher
• Class enrollment information

We process student education records solely as a “school official” under FERPA, acting under the direct control of the teacher or school that provides the data.

Automatically Collected Information

• IP address and browser user agent (for security and audit logging)
• Usage data (pages visited, features used, timestamps)

3. How We Use Information

• AI Grading: Submission content is sent to our AI grading engine (Anthropic) for evaluation. Student names and identifiers are stripped before transmission — the AI receives only anonymous submission content and the rubric.
• Service Operation: To provide, maintain, and improve the grading platform.
• Audit Logging: To maintain FERPA-compliant records of who accessed student data and when.
• Communication: To send account-related notifications (never marketing to students).

4. How We Share Information

We do not sell, rent, or trade student data. We share data only with:

• Subprocessors: Supabase (database/storage), Vercel (hosting), Anthropic (AI grading — anonymous content only), Stripe (teacher billing only). See our Security page for the full subprocessor list.
• Within School Organizations: When teachers are part of the same school organization, they can see summary-level performance data (average grade, letter grade) for shared students — but never individual assignment scores or submission content from another teacher's class.
• Legal Requirements: If required by law, subpoena, or legal process.

5. Data Retention & Deletion

• Submission files: Automatically deleted from storage after 7 days. Grades and feedback are retained in the database.
• Student records: Retained as long as the teacher's account is active. Teachers and school admins can delete individual student records at any time, which permanently removes all associated submissions, grades, and enrollments.
• Account deletion: When a teacher deletes their account, all associated data (classes, students, assignments, submissions) is permanently deleted.
• Audit logs: Retained for 3 years per FERPA requirements, then automatically purged.

6. Data Export

Teachers and school administrators can export a complete copy of any student's data at any time, including all grades, submissions, and enrollment records. Exports are provided in JSON format.

7. Security

We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest (AES-256), row-level security at the database layer, and comprehensive audit logging. See our Security & Compliance page for full details.

8. Children's Privacy (COPPA)

Paideon is designed for use by educators. We do not knowingly collect personal information directly from children under 13. Student data is provided by teachers acting in their professional capacity as school officials. We obtain consent through the educational institution, not directly from students or parents.

9. State Student Privacy Laws

We comply with applicable state student data privacy laws, including but not limited to:

• New York Education Law 2-d
• Illinois Student Online Personal Protection Act (SOPPA)
• California Student Online Personal Information Protection Act (SOPIPA)
• Colorado Student Data Transparency and Security Act

We are prepared to sign state-specific Data Processing Agreements and participate in the Student Data Privacy Consortium (SDPC) framework.

10. Your Rights

• Access: Request a copy of all data we hold about you or your students.
• Correction: Request correction of inaccurate data.
• Deletion: Request permanent deletion of your data or student records.
• Data Portability: Export your data in a machine-readable format.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by email and update the “Last updated” date above.

12. Contact Us

For privacy-related questions, data requests, or DPA inquiries:

• Email: privacy@paideon.app
• Security: security@paideon.app