Privacy Policy
What we collect, how we use it, and how your organization controls it.
Last updated July 2026
SpEd Coach is provided to school districts, educational organizations, and related education service providers as a modular workflow and documentation platform. This Privacy Policy describes the categories of information we process, how we handle it, and how your organization maintains control.
1. Who We Are
SpEd Coach is operated by SpEd Coach, LLC, headquartered in the United States. Contact: support@spedcoach.com
2. Data Controller and Processor Roles
The organization that licenses SpEd Coach is the data controller for the educational records, student information, and workspace content created or uploaded within their account. SpEd Coach acts as a data processor on that organization's behalf, processing data only as directed by the organization and as described in this Policy.
3. Information We Collect
Account and Identity Data
- Name and email address used to create an account
- Authentication identifiers (passwords are hashed; we do not store plaintext credentials)
- Role and organization membership information
Organization Data
- Organization name, status, and configuration settings
- Module enablement settings and seat assignments
- Billing and payment information (processed through Stripe; we do not store full card numbers)
Operational Logs
- Authentication events (logins, session starts, failures)
- Module launch events and access records
- Administrator actions (role changes, member management, configuration updates)
- AI usage counts and invocation logs
- Support request content and resolution records
Educational Records and Module Content
Content created or uploaded inside SpEd Coach modules - including IEP drafts, evaluation records, meeting notes, service logs, and uploaded documents - is educational data controlled by the organization. SpEd Coach processes this data to provide the service and does not use it for any other purpose.
4. How We Use Data
- To provide, operate, and maintain the SpEd Coach platform
- To authenticate users and enforce access controls
- To process AI-assisted workflows as directed by users
- To generate audit logs for organizational review
- To respond to support requests
- To process billing and payments
- To detect and prevent security incidents
We do not sell personal data. We do not use student educational records for advertising, profiling, or any purpose unrelated to providing the platform services.
5. Data Isolation
Each organization's workspace data is isolated at the database layer using row-level security policies. No member of one organization can read, modify, or list data belonging to another organization. This separation is enforced at the infrastructure layer, not only in the application interface.
6. AI Processing and Student Data
When users invoke AI-assisted features, content passes through a privacy-aware processing pipeline before being sent to external AI model providers. This pipeline is designed to detect and minimize personally identifiable information through redaction, masking, and tokenization. AI model providers (Anthropic and Google) operate under data processing agreements that prohibit use of customer data for model training.
No automated system can guarantee complete PII detection. Users should avoid entering raw student identifiers into free-text AI prompts. All AI-generated outputs must be reviewed by a qualified professional before use.
7. Sub-Processors
SpEd Coach uses the following infrastructure sub-processors:
- Supabase - Managed database, authentication, and file storage
- Cloudflare - Edge delivery, DNS, and runtime infrastructure
- Stripe - Payment processing
- Anthropic - AI model provider (Claude models for high-stakes document drafting)
- Google - AI model provider (Gemini models for scheduling, classification, and summaries)
- Resend - Transactional email delivery
All sub-processors are bound by contract to maintain confidentiality and appropriate data protection safeguards.
8. Data Retention and Deletion
Data is retained for the lifetime of the active organization workspace, unless a shorter period is agreed in writing. Organization administrators may request export or deletion of workspace data by contacting support@spedcoach.com. See our Data Retention & Deletion page for full details.
9. FERPA and Educational Records
SpEd Coach is designed with FERPA-aware practices, including role-based access controls, audit logging, and organization-controlled data sharing. SpEd Coach does not certify FERPA compliance on behalf of any organization. Schools and districts remain responsible for their own FERPA obligations, including required parental notice and consent.
10. Security
SpEd Coach maintains technical and organizational measures to protect data, including encryption in transit (TLS 1.2+) and at rest (AES-256), authentication controls, audit logging, and tenant-isolated architecture. See our Security Overview for full details.
11. Your Rights
Organization administrators may update, export, or request deletion of workspace data at any time. Individual staff members may update their account profile from account settings. For questions or requests, contact support@spedcoach.com.
12. Changes to This Policy
We will notify organization administrators of material changes to this Policy. Continued use of SpEd Coach following notice of changes constitutes acceptance.
13. Contact
Privacy questions may be sent to: support@spedcoach.com
