IEP Advocate.ai
Back to Home

Trust & Security

Your child's educational records are sensitive. We treat them that way. Here's how we protect your family's data.

We Never Sell Your Data

Your documents, student profiles, and conversations are never sold, shared, or used for advertising. Period.

You Own Your Data

Export everything anytime with one click. Delete your account and all data is removed immediately.

AI Doesn't Train on You

We use OpenAI's API which does not use your data to train their models. Your conversations stay private.

Security Measures

Encryption

  • In Transit: TLS 1.2+ encrypts all data between your browser and our servers
  • At Rest: AES-256 encryption for all stored documents and data (bank-level security)

Verified: Cloudflare R2 and Supabase security docs

Access Controls

  • Authentication: Secure login with Supabase Auth
  • Isolation: Your data is completely separate from other users

Infrastructure

  • Hosting: Vercel (SOC 2 Type II compliant)
  • Database: Supabase (SOC 2 Type II compliant)
  • File Storage: Cloudflare R2 (enterprise-grade)

Data Handling

  • Account deletion: Removes all data immediately
  • Subscription ends: Data deleted after 3-day grace period
  • Export: Download all your data anytime as a ZIP file

Your Data Stays Yours

Your Files Never See Anyone Else's

Every family has their own private space. Your documents, student profiles, and conversations are stored separately from all other users. There is no shared database where your child's IEP could accidentally mix with another family's records. It's architecturally impossible.

Complete Data Isolation

Each account has a unique identifier that governs all data access. Database queries can only return your own data. File storage paths are keyed to your account. Even if someone tried, they couldn't access your information.

Your FERPA Rights

FERPA (Family Educational Rights and Privacy Act) is a federal law that gives you powerful rights over your child's educational records. Understanding these rights is essential to effective advocacy.

Access All Records

You have the right to inspect and review ALL educational records the school maintains about your child—IEPs, evaluations, emails, meeting notes, discipline records, and more.

Request Copies

Schools must provide copies of records upon request. They may charge a reasonable fee for copying, but cannot charge for searching or retrieving records.

Share With Anyone You Choose

Once you have your child's records, you can share them with anyone—advocates, attorneys, tutors, doctors, or tools like IEP Advocate. This is YOUR choice.

Request Corrections

If records contain inaccurate or misleading information, you can request amendments. If the school refuses, you can add a statement to the record.

How This Relates to IEP Advocate

When you upload documents to IEP Advocate, you're exercising your FERPA rights to share records with a service of your choosing. Here's what this means:

  • You control the sharing. Only you can upload documents. Schools cannot share records with us directly.
  • We are not a "school official." FERPA applies to schools receiving federal funds, not to tools parents choose to use.
  • Your rights, your choice. We help you understand documents you already have legal rights to access and share.

How We Use AI

Your Documents Do NOT Train AI Models

This is a common concern, and we want to be crystal clear: Your child's IEP, evaluations, and other documents are not used to train OpenAI's models or any other AI system.

We use OpenAI's API, which has a strict data usage policy: API data is not used to train their models.

Here's exactly what happens when you upload a document:

  1. 1You upload your child's IEP or evaluation to IEP Advocate
  2. 2We send the text to OpenAI's API for analysis (summarization, data extraction, chat responses)
  3. 3OpenAI processes it and returns the result to us
  4. 4OpenAI retains the data for 30 days for abuse monitoring, then permanently deletes it
  5. 5Your document never becomes part of "the AI" that others use. It's processed for you, then gone.

AI Is Your Research Assistant, Not Your Decision-Maker

We use AI to help you find information faster, surface relevant laws, and organize your documents. But you are always in control. AI suggests—you decide. Every citation comes from verified sources (real laws, your actual documents), not AI imagination. We built this tool to empower parents, not replace your judgment.

Third-Party Services We Use

We use trusted, industry-leading services to provide our platform:

OpenAI →

AI document analysis and chat (does not train on your data)

Supabase →

Authentication and database hosting

Cloudflare R2 →

Secure document storage

Stripe →

Payment processing (we never see your card number)

Pinecone →

Legal research database

AssemblyAI →

Audio and video transcription

Vercel →

Application hosting

Resend →

Transactional emails

Data Deletion Policy

Account deletion: When you delete your account, we delete everything immediately.

Subscription ends: If your trial expires or you cancel your subscription, you have a 3-day grace period to resubscribe. After 3 days, all data is permanently deleted:

  • All uploaded documents are permanently removed from storage
  • Student profiles and all associated data are deleted
  • Chat history and AI analysis are erased

Tip: Use the Export feature in Settings to download your data before your subscription ends.

Questions?

If you have questions about our security practices, please contact us.

support@iepadvocate.ai

For complete details, see our Privacy Policy and Terms of Service.