Privacy Policy

School Psych AI Privacy Policy

​

Last updated 3/25/2026

 

Thank you for choosing School Psych AI, a tool designed for school psychologists that leverages Artificial Intelligence (AI) technology. At School Psych AI, we champion data protection and your right to privacy. This Privacy Policy clarifies how we gather, use, retain, and protect your information as you use our platform.

If you are entering into this Agreement on behalf of a company or other legal entity (including if you are School Personnel entering on behalf of your school), you represent that you have the authority to bind such entity to these terms and conditions, in which case the terms "you", "your" or "User" shall refer to such entity. If you do not have such authority, or if you do not agree with these terms and conditions, you must not accept this Agreement and may not use the Service.

​​

1. Information Collection and SPAI Moderation

​

1.1 Student Personal Identifiable Information (PII): Protecting the confidentiality and security of any inadvertent student PII shared via our application is paramount to us.

 

1.2 Collection and Use of Student PII: Our platform neither mandates nor encourages users to input student PII. We consciously avoid gathering sensitive identifiers such as names, addresses, student IDs, or any data that would reveal a student's identity.

 

1.3 Accidental Submission of Student PII: Users are responsible for using the platform in accordance with applicable law, their district or employer policies, and their own professional obligations regarding student data. As an independently evaluated FERPA-compliant platform, School Psych AI does not treat the submission of student PII, when permitted under applicable law and local policy, as a policy breach. Users should review and comply with our Data Retention Policy, as well as any district-specific requirements for data handling, storage, and deletion.

​

1.4 Moderation of Submitted Student PII: Our moderation entails encryption, fortified storage systems, and periodic security assessments to deter unsanctioned access, disclosure, or data manipulation.

​

1.5 Confidentiality and Security Protocols: Robust technical and administrative measures safeguard the sanctity and security of all user data, covering accidental student PII inclusions.

​

1.6 Reporting Unplanned Submissions: If you are convinced that you have unintentionally entered student PII, reach out to our customer support onboarding@schoolpsych.ai. Addressing such situations is a priority for us.

​

1.7 Conformity with Legal Mandates: Our data handling aligns with critical regulations, namely the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA). Using our application implies agreement with the terms contained herein.

​

1.8 Usage Data: To refine our offering and enrich user experience, we might gather aggregated usage data, which remains non-personal and stripped of identifiers.

​

1.9 Information Collected from All Users of the Service

School Psych AI collects information from all categories of users who access the platform, including school psychologists, teachers, administrators, practitioners, and other authorized personnel affiliated with a subscribing Institution. The categories of information collected and the purposes for which they are used are described below.
 

Account Registration Information: When any user creates an account or is provisioned access through an Institution, we collect the user's first name, last name, email address, role or title, and institutional affiliation. This information is used to authenticate users, manage subscriptions, provide customer support, and ensure that access to the platform is limited to authorized individuals.
 

Automatically Collected Technical Information: When any user accesses the platform, we automatically collect certain technical and device information, including IP address, browser type and version, operating system, device identifiers, screen dimensions, geographic region, time zone, and referring URLs. This information is used to maintain platform security, troubleshoot technical issues, and improve performance.

Usage and Interaction Data: We collect information about how users interact with the platform, such as features accessed, queries submitted, pages viewed, and session duration. This data is collected in aggregate and is used to analyze usage patterns, improve product functionality, and inform product development. Usage data is not linked to individual student records.
 

Payment Information: For users who manage billing, we collect payment-related information (such as credit card details and billing address) through our third-party payment processor, Stripe. School Psych AI does not directly store full payment card information on its servers.

Communications Data: When users contact us for support, submit feedback, or communicate with us through Intercom or email, we collect the content of those communications along with associated metadata (such as timestamps and email addresses) to respond to inquiries and improve our services.
 

Information Collected from Parents: School Psych AI does not collect information directly from parents. In the event that a parent or guardian contacts us regarding student data, we will coordinate with the relevant Institution to respond to such requests in accordance with FERPA and applicable state law. Parents seeking to inspect, review, or request deletion of their child's data should direct such requests to their child's school or district, which may then coordinate with School Psych AI as needed.

Information Collected from Teachers, Administrators, and Other School Personnel: Teachers, administrators, and other school personnel who are granted access by their Institution may use the platform in accordance with the permissions and scope defined by their Institution. The information collected from these users is limited to account registration information, technical information, and usage data as described above. These users are subject to the same restrictions on inputting student PII as all other users of the platform.

How Information from All Users Is Used: Information collected from all users is used to provide, maintain, and improve the Service; authenticate and authorize access; communicate with users regarding their accounts; process payments; comply with legal obligations; enforce our Terms and Conditions; and protect the rights and safety of our users and third parties.

Stay informed of any adjustments or additions to this section. We will communicate via app notifications or website updates.

Direct any queries about our student PII handling to support at onboarding@schoolpsych.ai. 

 

2. Use of Information

​

2.1 Elevating the Tool: The accumulated usage insights propel our drive to discern patterns, derive understanding, and boost our tool's efficacy and response. This data remains impersonal, ensuring individual users remain unidentified. The information is used in such a way that allows a user of School Psych AI to generate LLM responses to queries that they submit. 

​

Output created by our artificial intelligence tools assists educators but by no means replaces your professional skills and judgment. It is imperative that users review content generated by our services and revise it to ensure it is appropriate for use. This includes but is not limited to the following considerations: bias and accuracy, maintenance and protection of privacy, acknowledgment of the limitations of any AI system, etc.

 

3. Data Tenure, Review, Erasure, and Utility for Enhancement

​

3.1 Data Tenure: All gathered data, including usage specifics, is held just long enough for analysis, technical troubleshooting, and product refinement. Although we hold the data in its raw form for up to 30 days, depersonalized versions might be retained longer, purely for tool optimization.

​

3.2 Data Inspection:  Users seeking to inspect, have deleted, and/or refuse to permit further collection or use of a student’s information must submit a request through onboarding@schoolpsych.ai. We will generate a CSV containing only data related to the specific student in question. We will not release or delete any data in response to such a request unless we are completely certain it belongs to that student. If the data cannot be definitively identified as belonging to the student, we will not provide it for review.

For explicit requests to amend student data, please contact us at onboarding@schoolpsych.ai. 

​

3.3 Data Erasure: We adhere to leading industry practices, ensuring a secure deletion post-retention. Encryption, restricted access, and regular audits fortify data confidentiality. Upon receiving a written request from an educational institution, school district, or other authorized entity (the “Institution”) for the deletion of student Personally Identifiable Information (“PII”) at onboarding@schoolpsych.ai, School Psych AI (the “Provider”) shall take the following steps within one month to ensure compliance with applicable data protection laws and contractual obligations:

​

1. De-identification: The Provider shall first apply de-identification measures to the relevant data, ensuring that any PII is irreversibly removed or anonymized in accordance with industry best practices and applicable legal standards, such that the data can no longer be reasonably linked to an individual student.

2. Permanent Deletion: After the de-identification process is completed, the Provider shall permanently delete the original data from its active databases and storage systems, rendering it irretrievable.

3. Backup and Retention Considerations: The Provider shall ensure that any residual copies of the original data in backup or archival systems are either deleted within the standard data retention period or subject to additional security measures to prevent unauthorized access until automated deletion occurs.

4. Confirmation of Deletion: Upon completion of the data erasure process, the Provider shall, upon request, furnish the Institution with a written confirmation of deletion, specifying the scope of the erased data and the date of deletion.

​

3.4 Product Enhancement Utility: For continual improvement, we might harness depersonalized data to train our AI algorithms, amplifying tool accuracy. This data is devoid of any PII, keeping user confidentiality intact.

​

3.5 Refusal: In the event that an educational institution, school district, or other authorized entity (the "Institution") notifies School Psych AI (the "Provider") of its decision to prohibit further data collection or to discontinue its contractual relationship with the Provider, the Provider will suspend user accounts within 2-3 business days of notification, and then permanently purge and transfer personally identifiable data to the institution within one month (twenty business days). It shall be the sole responsibility of the individual school psychologist or other authorized user (the "User") to immediately cease inputting any further student Personally Identifiable Information ("PII") into the Provider’s platform.

 

Additionally, any fees paid under the contractual agreement are non-refundable. If the Institution or the User elects to terminate the contract prior to its expiration, no refunds or prorated reimbursements shall be issued for any remaining period of the agreement.
 

4. Third-Party Interfaces

School Psych AI utilizes AWS Bedrock, leveraging a mix of capable models to power AI-driven features on our platform. Our integration with AWS Bedrock ensures user data is processed in a secure and compliant environment aligned with FERPA requirements.

We retain data temporarily for security monitoring and service integrity, subject to strict data minimization policies. Data processing occurs within a controlled infrastructure to prevent unauthorized access and ensure confidentiality. We will allow Safe Harbor de-identified data to be used to train AI Models.
 

School Psych AI does not share personally identifiable information (PII) with AWS Bedrock beyond what is necessary for system functionality. For further details on AWS Bedrock's data policies, refer to AWS Service Terms and AWS Privacy Notice.
 

The following table expresses what data is shared with Third Parties and for what purpose the information is shared.

​

​​

​​

​

 

 

 

 

 

 

 

 

 

 

 

 

5. FERPA Adherence

5.1 Student Data Sanctity: Our strict adherence to FERPA regulations underlines our devotion to student data protection. We're committed to avoiding the collection, storage, or utilization of student PII or any sensitive educational documentation.

 

6. Security Protocols

6.1 Data Shielding: Our rigorous efforts are aimed at defending your information, deploying technical and administrative barriers against unauthorized access, disclosure, or data tampering.
 

6.2 Data Security and Integrity Practices

School Psych AI maintains comprehensive security practices to protect all data processed through our platform. These practices include encryption of data in transit and at rest, role-based access controls, routine security assessments, and continuous monitoring of our systems for unauthorized access or anomalous activity. Our cloud infrastructure is hosted on Amazon Web Services (AWS), and we leverage AWS security features including network isolation, identity and access management, and audit logging.

6.3 Data Breach Notification

In the event of a security breach involving unauthorized access to, disclosure of, or loss of personally identifiable information or education records, School Psych AI will take the following steps:
 

a. Immediate Containment: Upon discovery of a suspected breach, our technical and executive team will immediately work to contain the incident, which may include isolating affected systems, revoking compromised credentials, and blocking unauthorized access points.

b. Investigation and Assessment: We will promptly investigate the scope and nature of the breach to determine what data was affected, how the breach occurred, and what remediation steps are necessary.

c. Notification to Affected Parties: Within 72 hours of confirming a breach, School Psych AI will notify affected Institutions and users. Notifications will include a description of the incident, the types of information involved, the date or estimated date of the breach, the steps we are taking to address and remediate the incident, and recommended actions for affected users.

d. Regulatory Notification: Where required by applicable federal or state law, School Psych AI will notify relevant regulatory authorities within the timeframes mandated by such laws.

e. Remediation and Prevention: Following containment and notification, we will implement remediation measures including patching vulnerabilities, updating security controls, revising access permissions, and enhancing monitoring capabilities. A post-incident review is conducted within two weeks of resolution to identify lessons learned and improve our response processes.

f. Ongoing Communication: School Psych AI will continue to communicate with affected Institutions and users as the investigation progresses and additional information becomes available.

You can review our full Data Breach Notification here. For questions or concerns regarding our data security practices or to report a potential security incident, please contact us at onboarding@schoolpsych.ai.
 

7. Children's Privacy

7.1 COPPA Adherence: In compliance with COPPA, we refrain from knowingly amassing personal details from children below 13 years of age. Discovering any such data prompts its immediate deletion.

 

8. Privacy Policy Updates

8.1 Change Notifications: Users will be notified of policy adjustments reflecting our evolving practices or legislative necessities by a Post via Intercom and via email no less than 30 days prior to the implementation of the change. Contact onboarding@schoolpsych.ai for questions or comments regarding our privacy policy.

 

9. Contact Information of School Psych AI Operators with Access to PII

9.1 School Psych AI

    - 3041 Kathryn Oaks Ln, Spring Texas, 77386

    - (301) 442-2447

    - onboarding@schoolpsych.ai
 

10. Change of Control 

Over time, School Psych AI may grow and reorganize. We may share your information, including personal information with affiliates such as a parent company, subsidiaries, joint venture partners or other companies that we control or that are under common control with us, in which case we will require those companies to agree to use your personal information in a way that is consistent with this Privacy Policy.  

​

In the event of a change to our organizations such that all or a portion of School Psych AI or its assets are acquired by or merged with a third-party, or in any other situation where information that we have collected from users would be one of the assets transferred to or acquired by that third-party, only a deidentified data sheet will be transferred. This Privacy Policy will continue to apply to your information, and any acquirer would only be able to handle your personal information as per this policy (unless you give consent to a new policy). We will provide you with notice of an acquisition within thirty (30) days following the completion of such a transaction, by posting on our homepage and by email to the email address that you provided to us. If you do not consent to this deidentified use of your information by such a successor company, subject to applicable law, you may request its deletion from the company.

​

In the unlikely event that School Psych AI goes out of business, or files for bankruptcy, all underlying data will be erased.

Last Updated: 3.2.2026