🔒 Privacy Policy

Last Updated: April 13, 2026

1. Introduction

NJ SafeAI Hub ("we," "our," or "the Platform") provides AI-powered educational tools for New Jersey K-12 educators. This Privacy Policy describes how we collect, use, protect, and disclose information when you use our platform.

2. Information We Collect

2.1 Educator Account Information

• Full name and school email address
• School name and district affiliation
• Grade band and primary subject area
• Authentication via Google SSO (school Google Workspace account) — we do not store passwords

2.2 Usage Data

• AI tool interactions (prompts and generated content)
• NJSLA practice session configurations and results
• Feature usage patterns for platform improvement
• IP addresses for security and rate limiting only

2.3 Genesis SIS Data (When Connected)

• Student roster information (names, grades, homerooms)
• Academic performance levels and NJ standard mastery
• Assessment score data

2.4 Information We Do NOT Collect

• Student Social Security numbers, home addresses, or phone numbers
• Student medical/health records or biometric data
• Financial information or student login credentials

3. How We Use Information

• Authentication: Verify educator identity via Google SSO (school Google Workspace account)
• AI Tools: Generate NJ-standards-aligned educational content
• NJSLA Practice: Create standards-based assessments targeting student weak areas
• Analytics: Provide student performance dashboards and mastery tracking
• Security: Protect against unauthorized access and abuse

4. Data Sharing

We do not sell or share personal information for marketing. Limited sharing occurs only with:

• AI Providers: Prompts (without student PII) sent to generate content
• Genesis SIS: Authenticated API calls to your school's Genesis instance
• Google Cloud Firestore: Session data, practice results, and analytics storage
• Legal Requirements: Only if required by law or court order

5. FERPA Compliance

NJ SafeAI Hub operates as a "school official" under FERPA (34 CFR § 99.31(a)(1)) when connected to Genesis SIS. We access education records solely for legitimate educational purposes and do not re-disclose student information.

6. COPPA Compliance

The platform is designed for educators. Student practice access is teacher-supervised, requires no account creation, and collects no personal information from students.

7. New Jersey Student Data Privacy

We comply with N.J.S.A. 18A:36-39 (student record confidentiality), N.J.A.C. 6A:32-7 (records maintenance/security), and NJDOE data governance standards.

8. Data Security

• HTTPS/TLS encryption for all data in transit
• OAuth 2.0 for Google SSO authentication
• Content Security Policy headers, rate limiting, and input sanitization
• Secure, HTTP-only session cookies

9. Data Retention

• Account Data: Retained while active; deleted within 30 days of deletion request
• AI Content: Cached temporarily (up to 1 hour), not permanently stored
• Genesis SIS Data: Stored in Firestore; retained for the current school year
• Practice Results: Retained for the current school year, purged at year-end
• Security Logs: Retained 90 days, then deleted

10. Your Rights

You may access, correct, export, or request deletion of your data. We notify affected users of any data breach within 72 hours.

11. Cookies

We use only essential session cookies for authentication. We do not use advertising cookies, tracking pixels, or third-party analytics.

12. Third-Party Services

• AI Language Model Providers — content generation (no student PII transmitted)
• Google Cloud Platform (Firestore) — session, analytics, and practice result storage
• Genesis SIS — student roster and performance data (district-authorized)

13. Changes to This Policy

We may update this policy and will post changes with an updated date. Continued use constitutes acceptance.

14. Contact

For privacy questions or data requests:

• Email: admin@freshskyai.com
• Subject: Privacy Inquiry — [Your School District]

We respond within 10 business days.