🔒 Privacy Policy
Last Updated: June 14, 2026
Public de-identified use: Do not submit education records or student PII. Common identifier patterns are rejected before an AI provider is called. This control supports privacy but does not by itself make public use FERPA compliant.
1. Overview
EduSafe AI ("we," "us," "our") provides AI-powered educational tools for K-12 educators worldwide. This policy describes how we collect, use, and protect information.
2. Data We Collect
- Practice Session Data: Anonymous subject, grade level, question responses, and scores are held in application memory so the practice workflow can function. Persistent Firestore storage is disabled for the public deployment.
- Usage Metrics: Aggregate tool and provider health counts that exclude prompts and responses
- State Preference: Your selected state, stored in a browser session cookie
- Analytics: Google Analytics 4 may collect page and interaction data under Google's terms
3. Data We Do NOT Collect
- Student names, email addresses, or personal identifiers as intended application data
- Social Security numbers or financial information
- Location data beyond state preference
- No account registration or login is required for public AI tools
4. FERPA-Oriented Controls
The public service is limited to de-identified educational scenarios. It rejects common patterns for names, emails, phone numbers, birth dates, student IDs, Social Security numbers, and street addresses before provider calls. Detection is best effort and users must remove all identifying details themselves.
FERPA compliance depends on the school's purpose, direct control, authorization, contracts, and handling practices. EduSafe AI does not claim that use of this public service alone satisfies those requirements. We do not knowingly collect information directly from children under 13.
5. AI-Generated Content
All content is generated by AI language models and should be reviewed by educators before use. AI outputs may contain errors and should not be treated as authoritative educational guidance.
6. Data Security
- HTTPS/TLS encryption for all data in transit
- Content Security Policy headers and rate limiting
- Secure, HTTP-only session cookies
- Input validation and sanitization on all inputs
- Google Cloud Run enterprise-grade infrastructure
7. Third-Party Services
- Google Cloud Platform — Cloud Run hosting and operational logs. Public application persistence and EduTrack student-record features are disabled.
- Approved AI Providers — Cloudflare Workers AI, Ollama Cloud, Cerebras, SambaNova, and Groq only when account-level Zero Data Retention is confirmed. Mistral, OpenRouter, Hugging Face, Gemini, and Vertex AI are excluded from this education profile.
8. Cookies
We use essential session cookies and Google Analytics 4. Optional donation links do not purchase access or priority.
9. Changes
We may update this policy and will post changes with an updated date. Continued use constitutes acceptance.
10. Contact
Questions about this policy? Contact us at hello@freshsky.ai