Family Data Pledge

🔒

Your data belongs to you

Every piece of information you enter — your child's name, their goals, their documents — belongs to you. You can export it or delete it at any time, no questions asked.

🚫

We never sell your data

IEP Desk is funded by subscriptions, not by advertising. Your data is not a product. We have never sold user data and we never will.

🤖

AI never trains on your data

Documents you upload are analyzed by AI and then discarded. Anthropic's API terms prohibit using API data to train models. Your child's IEP is not training data.

👁️

Your documents are private

IEP documents you upload are stored in a private, encrypted bucket and are never deleted unless you choose to do so. Specialist reports shared with an advocate are stored temporarily (maximum 30 days) and deleted automatically once downloaded or expired.

🤝

You control advocate access

If you invite an advocate, you choose exactly which modules they can see. Advocates have read-only access and cannot modify any of your data. You can revoke access at any time, module by module.

💬

Messages stay in your account

Messages exchanged with your advocate are private, linked to your child's profile, and never shared with third parties. They are permanently deleted when you close your account.

We will never, under any circumstances:

Sell, rent, or trade your personal data or your child's data to any third party.
Share your data with advertisers, data brokers, or analytics companies.
Use your child's name, diagnosis, IEP contents, or any identifying information to train AI models.
Allow any employee, contractor, or partner to access your uploaded IEP documents except as required to resolve a specific technical support issue you have raised — and only with your knowledge.
Disclose your data to government agencies, law enforcement, or third parties except where required by a valid, legally binding court order or subpoena.
Use your data to build or sell an aggregated dataset that could be used to identify or profile any individual child or family.

The Technical Reality Behind These Promises

Promises are only as good as the systems that enforce them. Here is what we have actually built to make these commitments technically enforceable — not just contractually stated.

Row-Level Security (RLS)

Our database enforces security at the data layer — not just the application layer. Even if there is a bug in our application code, the database itself will refuse to return your data to anyone who is not you.

AES-256 Encryption at Rest

All data stored in our database and document storage is encrypted at rest using AES-256 encryption — the same standard used by financial institutions and government agencies.

TLS 1.3 in Transit

All data transmitted between your device and our servers uses TLS 1.3, the most current and secure version of the Transport Layer Security protocol. Data in transit is encrypted end-to-end.

Private Document Storage

Uploaded IEP documents are stored in a private, access-controlled storage bucket on Supabase. There are no public URLs that can be guessed or discovered. Access requires authenticated credentials.

No AI Training on Your Data

We use Anthropic's API under terms that explicitly prohibit the use of API data for model training. When your document is analyzed, the data is processed and discarded — it is not stored by the AI provider.

Minimal Staff Access

Production database access is restricted to authorized technical personnel only, governed by least-privilege principles. No employee has routine access to user data without a specific, logged reason.

Advocate Access and Consent

IEP Desk allows parents to invite an IEP advocate and selectively share specific modules with them — such as their child's IEP plan, meeting preparation, diary, documents, progress tracking or specialist reports. This sharing is always explicit, controlled by the parent, and revocable at any time.

Parent-controlled: You choose which modules to share. Your advocate sees only what you explicitly authorize — nothing more.
Read-only access: Advocates can view shared information but cannot modify, delete or export any of your data.
Digital consent record: Every access grant is recorded with a timestamp and consent version. This record is maintained for compliance purposes even after the access is revoked.
Messaging: Messages exchanged with your advocate through IEP Desk are stored in your account, linked to your child's profile, and are subject to the same privacy protections as all other data. They are permanently deleted when your account is closed.
Specialist reports: Reports you upload through the My Reports module are stored temporarily in a private encrypted bucket for a maximum of 30 days. A secure, time-limited link is generated for your advocate to download the file. Once the advocate downloads it, the file is permanently deleted from our servers automatically. If the advocate does not download it within 30 days, it is also deleted automatically — at which point you can re-upload it to generate a new link. Reports are never stored permanently on our servers.
FERPA compliance: Advocate access consent records are retained even after account cancellation, in alignment with FERPA's requirements for maintaining educational records documentation. These records contain only the consent metadata — not your child's personal information or documents.

Aggregated Data and Research

IEP Desk may in the future use anonymized, aggregated data — information that has been stripped of all personally identifiable information and cannot be linked to any individual user or child — to produce general research or insights about the IEP system. For example, we might publish a report on the most common types of IEP goals across disability categories, using data that cannot be traced to any individual.

We will never include personally identifiable information in any such research. Before initiating any aggregated data research program, we will update our Terms of Service and Privacy Policy to provide full transparency, and we will provide users with the ability to opt out.

A Note on Our AI Provider

IEP Desk uses the Anthropic API to power AI document analysis and the AI Legal Assistant. We have reviewed Anthropic's API usage policy and confirmed that data submitted through the API is not used to train Anthropic's models. You can review Anthropic's usage policy at anthropic.com/legal/aup.

We minimize the data sent to the API to only what is necessary for the specific analysis or question at hand. We do not send personally identifiable information (such as your child's name or school) in API prompts where it is not required for the task.

How to Hold Us Accountable

If you believe IEP Desk has violated any of the commitments on this page, or if you have concerns about how your data is being handled, contact us directly at the email address below. We will respond within 5 business days and investigate all concerns thoroughly.

Privacy concerns can also be raised with your state's Attorney General office or, for California residents, with the California Privacy Protection Agency (CPPA).

IEP Desk
Email:

This page is a statement of commitment, not a legally binding contract on its own. The legally binding provisions governing data handling are contained in our Privacy Policy and Terms of Service. In the event of any conflict between this page and those documents, the Privacy Policy and Terms of Service govern.

The Family Data Pledge