P
PaideonBack to Home
Security & Compliance

Your data is safe with us

Paideon is built for schools. We take student data privacy seriously and design every feature with FERPA compliance in mind.

Compliance Framework

FERPA Compliant
Paideon operates as a “school official” under FERPA, processing student education records only at the direction of teachers and school administrators. We never use student data for non-educational purposes.
Data Processing Agreement
We sign Data Processing Agreements (DPAs) with school districts, compatible with the Student Data Privacy Consortium (SDPC) National Data Privacy Agreement framework.
No Student PII in AI
Student names, classmate names, email addresses, phone numbers, and street addresses are automatically stripped from text submissions before content is sent to our AI grading engine. For image and PDF submissions (e.g., handwritten work), the AI is instructed to ignore any visible PII such as names on headers. No student identifiers are included in AI requests.
Audit Logging
All access to student data is logged with timestamps, user identity, and action type. Audit logs are retained for 3 years per FERPA requirements and are available to school administrators on request.

Data Rights

Right to Access
Teachers and school admins can export a complete copy of any student's data at any time, including all grades, submissions, and enrollment records.
Right to Delete
Student records can be permanently deleted by the teacher or school admin. Deletion removes all associated submissions, grades, and enrollment records.
Data Minimization
We only collect data necessary for grading: student name, ID number, email (optional), and submission files. Uploaded files are automatically deleted after 7 days.

Infrastructure & Encryption

  • Hosting: Application hosted on Vercel (SOC 2 Type II certified). Database hosted on Supabase (SOC 2 Type II certified, AWS us-east-1).
  • Encryption in transit: All data transmitted over TLS 1.2+. HTTPS enforced on all endpoints.
  • Encryption at rest: Database encrypted with AES-256. File storage encrypted at rest via AWS S3 server-side encryption.
  • Access control: Row-level security (RLS) enforced at the database layer. Teachers can only access their own students' data. Org members see summary-only cross-class data — never individual assignment scores for another teacher's class.
  • Authentication: Email/password with bcrypt hashing, Google OAuth, session-based auth with secure HTTP-only cookies.

Subprocessors

The following third-party services process data on behalf of Paideon. All subprocessors maintain SOC 2 compliance and data processing agreements.

ServicePurposeData ProcessedLocation
SupabaseDatabase, Auth, File StorageAll application data, user accounts, submission filesUS (AWS us-east-1)
VercelApplication HostingHTTP requests, server-side renderingUS
AnthropicAI Grading EnginePII-stripped submission content only (names, phones, addresses removed; images/PDFs sent with AI instruction to ignore visible PII)US
StripePayment ProcessingTeacher billing info only (no student data)US

Student Data Lifecycle

Every submission follows this exact path — from upload to deletion.

  1. 1

    Upload

    Teacher uploads submission (essay, PDF, image). File encrypted in transit (TLS 1.2+) and at rest (AES-256). Stored in US-based data center.

  2. 2

    Text Extraction

    Text extracted server-side from PDF/DOCX/RTF. Original file retained for 7 days only, then automatically deleted.

  3. 3

    PII Stripping

    Before AI sees anything: student names → [STUDENT], emails → [EMAIL], IDs → [STUDENT_ID], phone numbers → [PHONE], addresses → [ADDRESS]. Images/PDFs: prompt-level instruction to ignore visible PII.

  4. 4

    AI Grading

    Anonymous content sent to Anthropic Claude API (US servers). No student name, class, or school identifier included. Anthropic does NOT train on API inputs.

  5. 5

    Teacher Review

    AI suggests scores per rubric criterion with written feedback. Marked “Needs Review” — never auto-finalized. Teacher adjusts, edits, or overrides entirely.

  6. 6

    Export & Sync

    Grades exportable as Canvas CSV. Pushable to Canvas via API with rubric assessments and feedback. Emailable to students. Student data exportable as JSON.

  7. 7

    Data Retention

    Uploaded files: auto-deleted after 7 days. Grades & feedback: retained until deleted by teacher/admin. Audit logs: 3 years per FERPA. Student records: permanently deletable on demand.

Related Documents

AI Transparency Disclosure

How AI grading works, what data it receives

Incident Response Plan

Breach notification and response procedures

Privacy Policy

How we collect, use, and protect your data

Terms of Service

Usage terms and end user license agreement

Questions?

For security inquiries, DPA requests, or compliance questions, contact us at security@paideon.app. We respond to all security-related inquiries within 2 business days.

Last updated: March 2026

Privacy PolicyTerms of Service