Privacy Policy

Last updated: March 12, 2026

1. Overview

SpecialEdAI ("we," "us," "our") is committed to protecting your privacy and the privacy of the students you serve. This Privacy Policy explains what information we collect, how we use it, and what we do not collect. We are designed from the ground up to never collect or store student data on our servers.

2. Information We Collect

Account Information:

  • Email address (required to create an account)
  • Password (stored as a secure hash — we never see your actual password)
  • Usage count (number of IEP generations used — a single integer, nothing more)
  • Subscription status (free or Pro)

Payment Information:

  • Payment processing is handled entirely by LemonSqueezy. We do not receive, store, or have access to your credit card number, billing address, or any payment card data.

Technical Information:

  • Standard server logs (IP address, browser type, pages visited) for security and performance monitoring. These are not linked to your identity and are routinely deleted.

3. Information We Do NOT Collect — Student Data

We do not collect, store, transmit, or retain any student data of any kind on our servers.

All input you enter into any generation form — including student characteristics, assessment data, strengths, areas of need, behavior descriptions, and any other information — is:

  • Processed in memory only at the time of generation
  • Sent directly to Anthropic's API for processing
  • Never written to any database or storage system on our servers
  • Permanently discarded immediately after your output is returned

We cannot retrieve, review, or reproduce any input you have entered. There is no student data on our servers to breach, subpoena, or misuse.

Note: The IEP Generator saves draft form progress in your browser's local storage on your own device as a convenience feature. This data never leaves your device. You can clear it at any time using the Clear button in the form.

4. FERPA Statement

The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records. SpecialEdAI is designed to operate outside the scope of FERPA by never receiving or maintaining education records.

  • SpecialEdAI does not function as a "school official" under FERPA.
  • We do not have a legitimate educational interest in any student's records.
  • Our Terms of Service explicitly prohibit users from entering personally identifiable student information into the Service.
  • Users are responsible for their own FERPA compliance in how they use and distribute AI-generated content.

5. How We Use Your Information

The limited account information we collect is used solely to:

  • Authenticate your identity when you log in
  • Track your usage against the free tier limit
  • Process and manage your subscription
  • Send transactional emails (account confirmation, password reset)
  • Respond to support requests

We do not sell, rent, trade, or share your personal information with third parties for marketing purposes.

6. Third-Party Services

We use the following third-party services, each with their own privacy practices:

  • Supabase — authentication and account database. Stores your email, hashed password, and usage count only.
  • Anthropic (Claude API) — processes your generation input for all tools (IEP, BIP, Progress Report, Prior Written Notice, Goal Bank). Per Anthropic's API Terms of Service, inputs are not used to train AI models. Review Anthropic's privacy policy at anthropic.com/privacy.
  • LemonSqueezy — payment processing for Pro subscriptions. We share only what is necessary to process payments.
  • Vercel — application hosting and delivery.

7. Data Retention

  • Account data (email, usage count, subscription status) is retained as long as your account is active.
  • Upon account deletion, all account data is permanently removed within 30 days.
  • Generation input is never stored on our servers and therefore has no retention period.
  • Browser local storage (IEP draft auto-save) exists only on your own device and is fully under your control.
  • Server logs are retained for up to 90 days for security purposes, then permanently deleted.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your account and associated data
  • Object to or restrict processing of your data
  • Data portability

To exercise any of these rights, contact us at privacy@specialeduai.com. We will respond within 30 days.

9. Children's Privacy (COPPA)

SpecialEdAI is intended for use by adults aged 18 and over. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us immediately at privacy@specialeduai.com.

10. Security

We implement industry-standard security measures including encrypted connections (HTTPS), hashed password storage, and row-level security on our database. However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your account information.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or requests: privacy@specialeduai.com