Privacy Policy

Last updated: February 2026

At IEP Ally, we understand that the information you share with us is deeply personal. It involves your family, your child, and their educational needs. We take that responsibility seriously. This Privacy Policy explains what data we collect, how we use it, and the steps we take to keep it safe.

1. Information We Collect

Account Information: When you create an IEP Ally account, we collect your name and email address. If you sign up using a third-party authentication provider, we receive the basic profile information they share (such as your name and email).

IEP Documents: When you upload your child's IEP or related educational documents, we store the document content securely so that our service can analyze it and provide you with actionable insights.

Usage Data: We collect information about how you interact with IEP Ally, including pages visited, features used, and general usage patterns. This helps us understand how to improve the product.

Payment Information: If you subscribe to IEP Ally Premium, your payment is processed by Stripe. We do not receive or store your full credit card number. Stripe provides us with a limited summary (such as the last four digits and expiration date) for your account management convenience.

2. How We Use Your Information

We use the information we collect to:

• Provide our core service: Analyze your uploaded IEP documents, generate meeting prep packages, create letters, and power AI chat conversations about your child's IEP.
• Process payments: Manage subscriptions, process billing, and handle refunds through our payment provider, Stripe.
• Improve IEP Ally: Understand usage patterns, identify bugs, and develop new features that better serve families navigating the IEP process.
• Communicate with you: Send account-related notifications, respond to support requests, and (with your consent) share product updates or educational resources.

3. Children's Privacy (COPPA)

IEP Ally is designed for parents, guardians, and caregivers. We do not knowingly collect personal information directly from children under the age of 13. The IEP documents you upload may contain information about your child, including their name, age, disability category, educational performance, and related details.

We handle all child-related data with extra care. This information is only used to provide you with document analysis and advocacy support. It is never sold, shared for advertising purposes, or used in any way that is not directly related to the service you requested.

If you believe a child under 13 has provided us with personal information without parental consent, please contact us immediately and we will take steps to remove that information.

4. AI Usage and Data Processing

IEP Ally uses artificial intelligence (specifically, Anthropic's Claude) to analyze your uploaded documents, answer your questions, and generate letters and meeting prep materials. When you use these features, the relevant document content is sent to the AI for processing.

Your data is not used to train AI models. The content you upload and the conversations you have with IEP Ally are processed to generate responses for you, but they are not fed back into AI training datasets.

All AI-generated suggestions, analyses, and drafted content within IEP Ally are clearly labeled as AI-generated. IEP Ally is a support tool, not a substitute for professional legal or educational advice.

5. Payment Processing

All payment processing is handled by Stripe, a PCI-compliant payment processor. When you enter your payment information, it goes directly to Stripe's secure servers. IEP Ally never receives, processes, or stores your full credit card number.

We receive only the information necessary to manage your subscription: confirmation of payment, the last four digits of your card, card type, and expiration date. For details on how Stripe handles your payment data, please review Stripe's Privacy Policy.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption at rest: Your documents and personal data are encrypted when stored in our database.
• Encryption in transit: All data transmitted between your browser and our servers is protected using TLS (HTTPS).
• Access controls: Only authorized personnel have access to user data, and access is limited to what is necessary to operate and support the service.
• Regular security reviews: We conduct periodic security assessments to identify and address potential vulnerabilities.

While no system can guarantee absolute security, we are committed to protecting your data using best practices and continuously improving our security posture.

7. Data Retention and Deletion

We retain your account information and uploaded documents for as long as your account is active or as needed to provide you with our services. Usage data may be retained in aggregated, anonymized form for analytics purposes.

You can request deletion of your data at any time. When you delete your account, we will remove your personal information, uploaded documents, and associated data from our active systems within 30 days. Some information may be retained in encrypted backups for a limited period, after which it will be permanently deleted.

We may retain certain information as required by law (for example, billing records for tax compliance) even after account deletion.

8. Your Rights

You have the following rights regarding your personal information:

• Access: You can request a copy of the personal data we hold about you.
• Correction: You can update or correct your account information at any time through your account settings.
• Deletion: You can request that we delete your account and associated data.
• Data portability: You can request an export of your data in a standard, machine-readable format.
• Opt out of communications: You can unsubscribe from marketing emails at any time using the link provided in each email. Account-related notifications (such as billing confirmations) will continue as long as your account is active.

To exercise any of these rights, please contact us at the email address listed below. We will respond to your request within 30 days.

9. Cookies

IEP Ally uses a minimal number of cookies, limited to what is necessary for the service to function:

• Authentication cookies: Used to keep you signed in and maintain your session securely.
• Preference cookies: Used to remember your settings, such as theme preferences.

We do not use advertising cookies or tracking cookies from third-party ad networks. We do not sell your browsing data to advertisers.

10. Third-Party Services

IEP Ally relies on a small number of trusted third-party services to operate:

• Stripe for payment processing. Stripe Privacy Policy
• Anthropic for AI-powered document analysis and chat. Anthropic Privacy Policy
• Supabase for data storage and authentication infrastructure. Supabase Privacy Policy

Each of these providers has their own privacy policy governing how they handle data. We encourage you to review their policies. We only share the minimum data necessary for each service to function.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email (using the address associated with your account) and by posting a prominent notice on our website before the changes take effect.

We encourage you to review this page periodically. Your continued use of IEP Ally after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how your information is handled, please contact us:

Email: hello@iep-ally.com

We aim to respond to all privacy-related inquiries within 30 days.