Privacy Policy
Last updated: pending · Version: draft
Draft pending legal review. This describes how IEPIQ actually handles data today, but the final Privacy Policy must be reviewed by an attorney before launch.
Our approach: keep as little as possible
Trust is the product. We are built around handling your child's information with the least exposure we can manage — masking it on the way in, never sending it to train anyone else's model, and letting you delete it on demand.
What we collect
Your account email; the IEP you upload; your child's first name (which you confirm); any observations or supporting documents you choose to add; and a payment reference from our processor (Stripe). We never receive or store your full card number.
Mask-on-ingest — what we actually store
When you upload an IEP, it is converted to text and every personal detail except your child's first name is masked. The original uploaded file is then deleted. Only the masked text and your child's first name persist — that masked text is what the review runs against.
Where your data goes (and doesn't)
Your child's data is processed inside our cloud environment. It is not used to train third-party AI models, and it is isolated to your account — other users cannot see it.
Retention and deletion
You can delete your account and all of its data at any time from your settings. To avoid holding data indefinitely, accounts inactive for 24 months are deleted (with an email warning first), and purchased credits expire after 2 years.
Your choices
You can access, export, or delete your information. [State-specific privacy rights and data-processing disclosures to be finalized by counsel.]
Contact
Privacy questions: [contact email to be added].