Privacy notice

SafeGuideEd, Inc. (“SafeGuideEd,” “we”) builds lesson planning, T-TESS evidence, and compliance tooling for Texas K-12 educators. This notice explains what personal information we collect, how we use it, who we share it with, and the rights you have over it. It applies to safeguided.app, the SafeGuideEd dashboard, the Presenter desktop application, and any other service that links to this notice.

1. Who we are

SafeGuideEd is a Texas-based education technology company. Our service is hosted in the Supabase us-tx primary region. The data controller for educator and student data is the school district that licenses SafeGuideEd. We operate as a service provider and school-official designee for districts under FERPA, the Texas Student Privacy Act (Education Code § 32.151 et seq.), and applicable state and federal laws.

2. What we collect

Educator account data. Email address, name, school or district, role (teacher, coordinator, administrator), single sign-on provider (Canvas, Schoology, Google Classroom, Clever, ClassLink, or LTI 1.3), and OAuth tokens needed to publish to your LMS. OAuth tokens are encrypted application-side with rotation-safe Fernet keys before they touch the database.

Google Classroom OAuth scopes.When you sign in with Google Classroom, SafeGuideEd requests read access to your Classroom courses, Topics, and Student Groups, and stores a refresh token (encrypted at rest) so we don't re-prompt you each visit. We never request write access to student submissions, grades, or direct messages. The Google Classroom add-on iframe runs inside your Classroom assignment under the same domain allowlist as the rest of our integrations.

Lesson and instructional content. Lessons, assessments, accommodations, and notes you create or upload. Content remains the intellectual property of the educator or district that authored it.

Roster and student data. When your district connects a roster source (Clever, ClassLink, or LMS roster sync), we receive student names, district IDs, and enrollment relationships. We do not collect student grades, disciplinary records, or health information unless your district explicitly enables a feature that requires them.

Service usage data. Request logs, error traces, performance metrics, and AI cost-ledger entries. We use Sentry for error tracking and PostHog (cookieless) for product analytics; both are configured to exclude direct identifiers from event payloads where possible.

3. How we use it

We use the information above to operate the service: authenticate sign-ins, generate TEKS-aligned lessons, tag T-TESS evidence, publish to your LMS, run the HB 1605 parent preview, render TIA dashboards, bill credits, and protect the platform from abuse. We do not sell personal information. We do not use student personal information for advertising, profiling, or any purpose unrelated to the educational service the district asked us to deliver.

4. AI providers and training

Generative-AI requests route through the Portkey gateway to a curated list of providers (Anthropic, xAI, Google, Ideogram, OpenAI). District administrators choose which providers are enabled per tenant. Every provider in our roster is contractually bound to a no-training clause: customer content does not enter their model-training pipelines. That contract is verified at the gateway before each call leaves our network, not promised in a footer. See /sub-processors for the full list.

5. Who we share it with

We share information only with: (a) the district that licenses your access; (b) the sub-processors listed at /sub-processors, each under a written agreement that mirrors the protections in this notice; and (c) authorities where law requires it. We do not share student personal information with third parties for marketing.

6. How long we keep it

Educator accounts and instructional content are retained for the term of the district agreement and deleted on request after termination. Roster data is refreshed each sync and superseded records are aged out within 30 days. Audit logs (planning_shield_logs, tia_audit_logs, credit_ledger) are append-only by Postgres trigger and retained for the period required by the district's compliance program — typically seven years for T-TESS and HB 1605 evidence. Sentry and PostHog event data are kept for 90 days and 12 months respectively unless a shorter window applies by request.

7. Security

We enforce row-level security on every Supabase table, encrypt sensitive identifiers (TSDS unique IDs, dates of birth, OAuth tokens) with rotation-safe MultiFernet, restrict HTTP egress to a domain allowlist (Canvas, Schoology, Google Classroom, Clever, ClassLink, TEA, TSDS), and guarantee append-only audit logs at the database level. SOC 2 Type I is targeted for H2 2026 and Type II for Q1 2027. See /trust for current security posture.

8. Your rights

Teachers, parents, and eligible students can request access to, correction of, or deletion of personal information through their district. SafeGuideEd will execute district-issued deletion requests across primary records, encrypted backups, and AI provider caches within 30 days. Parents of Texas students retain all rights afforded by FERPA and the Texas Student Privacy Act — see /ferpa-notice.

9. Cookies

We use only the minimum cookies needed to keep you signed in and to remember your theme and accessibility preferences. Our analytics are cookieless (PostHog), so there are no tracking or advertising cookies to consent to — and therefore no cookie banner.

10. Children under 13

SafeGuideEd is licensed to school districts and used by educators. Students do not create SafeGuideEd accounts. When a roster sync brings student records into the system, the legal basis is the school-official exception under FERPA and the contract with the district. We do not collect personal information directly from children.

11. Changes to this notice

We will post material changes here and, where required by district contract, send notice to district administrators at least 30 days before they take effect.

12. Contact

Privacy questions: privacy@safeguided.com. District procurement and DPA requests: districts@safeguided.com. Mailing address: SafeGuideEd, Inc., Austin, Texas.