IEP Advocate.ai
Back to Home

Privacy Policy

Last updated: January 2025

Privacy at a Glance

  • We don't sell your data. Ever.
  • We don't share it with other users.
  • You own your documents. Delete anytime.
  • AI providers don't train on your data.

1. Information We Collect

We collect information you provide directly to us:

  • Account information: Name, email address, password
  • Student information: Names, disabilities, and profile details you choose to add
  • Documents: Files you upload (IEPs, evaluations, correspondence)
  • Chat history: Conversations with our AI assistant
  • Payment information: Processed securely by Stripe (we don't store card numbers)

We automatically collect:

  • Usage data: Pages visited, features used, session duration
  • Device information: IP address, browser type, operating system
  • Cookies: For authentication and preferences

2. How We Use Your Information

  • Providing services: Document analysis, AI responses, legal research
  • Improving the service: Understanding usage patterns, fixing bugs
  • Communication: Account updates, support, product news (you can opt out)
  • Security: Detecting fraud, preventing abuse
  • Legal compliance: Responding to legal requests when required

3. AI Services & Third Parties

AI Processing: Your documents and chat messages are sent to OpenAI for analysis. We use the OpenAI API, which is configured to:

  • Not train on your data (per OpenAI's API data usage policy)
  • Retain data for only 30 days for abuse monitoring, then delete

We also use:

  • Supabase: Authentication and database hosting
  • Cloudflare R2: Secure document storage
  • Stripe: Payment processing
  • Vercel: Application hosting
  • Pinecone: Legal research vector database
  • AssemblyAI: Audio and video transcription
  • Resend: Transactional emails
  • Sanity: Blog content management

4. Data Security

We implement industry-standard security measures:

  • Encryption in transit: TLS 1.2+ for all connections
  • Encryption at rest: AES-256 for stored documents
  • Access controls: Role-based access, secure authentication
  • Infrastructure: SOC 2 compliant cloud providers

No system is 100% secure. We promptly notify affected users of any data breaches.

5. Your Rights

You have the right to:

  • Access: View all data we have about you
  • Update: Correct inaccurate information
  • Delete: Request deletion of your account and data
  • Export: Download your documents and data
  • Opt out: Unsubscribe from marketing emails

To exercise these rights, contact us at support@iepadvocate.ai

6. Data Retention

We retain your data as long as your subscription is active.

When your subscription ends (trial expires or paid subscription is canceled):

  • You have a 3-day grace period to resubscribe and keep your data
  • After 3 days, all documents, student profiles, and associated data are permanently deleted
  • We will send email reminders before deletion occurs

Account deletion: If you delete your account, data is removed immediately.

  • Anonymized usage data: May be retained for analytics
  • Legal/compliance records: Retained as required by law

7. Children's Privacy

IEP Advocate.ai is designed for parents and guardians (18+). We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Continued use after changes constitutes acceptance.

9. Contact Us

If you have questions about this Privacy Policy, please contact us at:

support@iepadvocate.ai