Security & Privacy Statement

DistrictBinder is committed to protecting the security and privacy of our users' data. This statement outlines our practices regarding data collection, use, storage, and security for our AI-powered policy management platform designed exclusively for K-12 school districts.

Who We Serve

DistrictBinder is designed exclusively for:

• District staff and administrators
• Teachers and educators
• Parents and guardians
• Other authorized adult personnel (18+)

Information We Collect

Account Information

• Name and email address
• District affiliation
• Job title and role
• Department (optional)

Usage Information

• Search queries and questions submitted to our AI tools
• Content generated through our Clipboard feature
• Documents accessed in the Library
• Communication style preferences
• Feature usage patterns and analytics

District Documents

Policy documents, handbooks, and other materials uploaded by district administrators for use within the platform.

How We Use Your Information

• Service Delivery: To provide AI-powered policy search, content generation, and document management
• Personalization: To tailor responses and content to your role and communication style
• Authentication: To verify user identity and manage access
• Platform Improvement: To analyze usage patterns and improve our services
• Support: To respond to inquiries and provide technical assistance
• Compliance: To meet legal and regulatory requirements

Data Security Measures

Encryption

• All data transmitted to and from DistrictBinder is encrypted using TLS 1.2 or higher
• Passwords are hashed using industry-standard algorithms (bcrypt)
• Data is stored in secure, enterprise-grade database infrastructure with encryption capabilities
• Production deployments utilize database encryption at rest for enhanced data protection

Access Controls

• Multi-tenant architecture with strict data isolation between districts
• Row-level security policies ensure users only access their district's data
• Role-based access control (RBAC) for administrative functions
• Regular access audits and authentication logging

Infrastructure Security

• Hosted on enterprise-grade cloud infrastructure (Vercel, Supabase)
• Regular security updates and patch management
• Automated backups with point-in-time recovery
• DDoS protection and web application firewall
• 24/7 infrastructure monitoring and logging

AI Services & Third-Party Providers

DistrictBinder uses OpenAI's GPT models to power our Compass search and Clipboard content generation features. When you use these features:

• Your queries and generated content are processed by OpenAI's API
• OpenAI does not use data submitted via API to train or improve their models (as of March 1, 2023)
• API requests are encrypted in transit using TLS
• Data submitted through the API is retained for 30 days for abuse monitoring, then deleted

For more information, see OpenAI's Enterprise Privacy and API Data Usage Policies.

FERPA Compliance

While DistrictBinder is designed for adult staff use and does not collect student education records, we recognize the importance of FERPA (Family Educational Rights and Privacy Act) in K-12 environments.

Data Retention & Deletion

• Active Accounts: Data is retained while your district subscription is active
• Inactive Users: Individual user accounts can be deleted by district administrators at any time
• District Termination: Upon contract termination, all district data is deleted within 30 days
• Backups: Encrypted backups are retained for 90 days for disaster recovery purposes
• User Requests: Users may request deletion of their personal data by contacting their district administrator

Data Sharing & Disclosure

We do not sell, rent, or trade your data. We may share information only in the following circumstances:

• Within Your District: Your usage data and generated content may be visible to district administrators
• Service Providers: With trusted third parties who help us operate the platform (hosting, AI services, email delivery)
• Legal Requirements: When required by law, court order, or government request
• Safety & Security: To protect the rights, property, or safety of DistrictBinder, our users, or the public

Your Rights & Choices

• Access: Request a copy of your personal data through your district administrator
• Correction: Update your profile information at any time in account settings
• Deletion: Request deletion of your account and associated data
• Export: Request export of your generated content and search history
• Opt-Out: District administrators can disable specific features or AI processing if desired

Children's Privacy (COPPA)

DistrictBinder is not directed at children under 13 and we do not knowingly collect information from children. Our service is intended solely for authorized adult staff members. If we learn that we have inadvertently collected information from a child under 13, we will delete that information immediately.

Security Incident Response

In the event of a data breach or security incident:

• We will investigate and contain the incident immediately
• Affected districts will be notified within 72 hours
• We will provide detailed information about the scope and impact
• We will implement remediation measures and prevent recurrence
• We will comply with all applicable breach notification laws

Changes to This Statement

We may update this Security & Privacy Statement from time to time. When we make material changes, we will notify district administrators via email and update the "Last Updated" date at the top of this page. Continued use of DistrictBinder after changes constitutes acceptance of the updated statement.

Contact Us

If you have questions about our security practices or privacy policies:

Data Processing Agreement

Districts may request a formal Data Processing Agreement (DPA) or Data Protection Addendum that outlines our commitments regarding data protection, security measures, and compliance with applicable privacy laws. Please contact us at legal@districtbinder.io to request a DPA.