Privacy Policy

Introduction

IEP Coordinator ("we," "us," or "the Service") is a compliance orchestration platform for special education administrators. We are committed to protecting the privacy of students, parents, and school district staff. This Privacy Policy explains what information we collect, how we use it, and your rights.

IEP Coordinator does not store student personally identifiable information (PII). All student data remains in your school district's Google Workspace for Education environment. We function as an orchestration service, not a data processor.

Our Trust Model

Unlike traditional education software, IEP Coordinator operates on an orchestration model:

Information We Collect

A. Staff Authentication Data

When district staff sign in with Google, we receive and process:

• Google account email address
• Display name
• OAuth access and refresh tokens (used to interact with your district's Google Workspace on your behalf)

Tokens are held in your browser session only. We do not store OAuth tokens on our servers.

B. Anonymized Orchestration Metadata

We store minimal metadata to coordinate compliance workflows. This metadata contains no student PII:

• Anonymized UUIDs (not student IDs or names)
• District identifiers
• Timestamps (document created, audited, approved)
• Compliance status (per-requirement compliant, weak, or missing)
• Approval decisions (approved or returned, with coded reasons)

C. Information We Do NOT Collect

We do not collect, store, or process:

• Student names, IDs, or dates of birth
• Parent names or contact information
• IEP content, goals, or assessment data
• Meeting notes or evaluation reports
• Progress monitoring data
• Medical or disability information

All of this data resides exclusively in your district's Google Workspace for Education.

How We Use Google Workspace APIs

When you sign in, you grant IEP Coordinator permission to interact with your district's Google Workspace on your behalf. We use these permissions to:

• Google Drive — Upload generated compliance documents (PDFs) to the student's folder in your district's Drive. We only access files our application creates.
• Google Calendar — Create IEP meeting events on the case manager's calendar and invite team members.
• Google Docs — Generate IEP documents within your district's Workspace.
• Google Sheets — Read student lifecycle tracking data from district-owned spreadsheets.
• Email (via service account) — Send meeting reminders and notifications to IEP team members using your district's email system.

We do not use any Google Workspace data for advertising, marketing, or training machine learning models.

FERPA Compliance

The Family Educational Rights and Privacy Act (FERPA) protects student education records. Our architecture is designed for FERPA compliance:

• No student records on our servers. All student PII and education records remain in the district's Google Workspace for Education, which is covered under Google's education agreements.
• Role-based access. Case managers see only their caseload. Supervisors see their team. Directors see their district. Parents see only their own children.
• Audit trail. Every document generation, approval, and distribution is logged with timestamps for FERPA compliance verification.
• Access logging. All Google Drive operations are logged in a FERPA-compliant audit trail.

Data Security

• All data in transit is encrypted using TLS 1.2+
• The platform is hosted on Google Cloud Run with enterprise-grade infrastructure security
• OAuth tokens are stored in browser sessions only, not on our servers
• Service account credentials are managed through Google Secret Manager
• We maintain Errors & Omissions (E&O) insurance and Cyber Liability insurance

Third-Party Services

We use the following third-party services:

• Google Cloud Platform — Hosting and infrastructure
• Google Workspace APIs — Document generation, calendar, and email (on behalf of your district)
• Google Gemini AI — Compliance document assistance (temperature=0, no student data sent; only compliance rule lookups)

We do not sell, share, or transfer data to any other third party.

Parent Portal

Parents access the portal via passwordless magic links sent to their email. Parent sessions use:

• SHA-256 hashed tokens (never stored in plain text)
• 4-hour session duration with 30-minute inactivity timeout
• FERPA access control: parents can only view students for whom they have documented educational rights
• All parent access is logged for audit compliance

Data Retention

• Orchestration metadata is retained for the duration of the district's subscription plus 90 days.
• Audit logs are retained for 7 years to support MDOE monitoring requirements.
• All student documents are in your district's Google Workspace and governed by your district's own retention policies.

Upon subscription termination, we delete all district orchestration metadata within 90 days. Since we hold no student data, there is no student data to return or delete.

Your Rights

District administrators may:

• Request a report of all orchestration metadata associated with their district
• Request deletion of all district metadata (subject to audit retention requirements)
• Revoke our application's access at any time through Google's security settings or their Admin Console
• Request an export of all audit logs for MDOE monitoring

Children's Privacy

IEP Coordinator does not collect personal information directly from children. We do not provide any student-facing interfaces. Our platform is designed exclusively for use by authorized school district staff and parents with documented educational rights.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify district administrators of any material changes at least 30 days before they take effect. The "Last Updated" date at the top of this page reflects the most recent revision.