IEPVue — Privacy Policy

Effective: July 3, 2026  ·  Last Updated: July 3, 2026

Eccleston Education Consulting LLC ("IEPVue," "we," "us") operates IEPVue, an AI-powered educational guidance platform for parents and guardians navigating the IEP and Section 504 process. This Policy explains what information we collect, how we use and protect it, and the choices and rights you have. It applies to app.iepvue.com and iepvue.com.


1. Summary (the short version)

  • We are built for adults (parents, guardians, advocates). Children do not use IEPVue.
  • We never store the documents you upload. They are analyzed during your live session by our AI provider and then cleared.
  • We do not store students' diagnoses, assessment scores, medical records, or full legal names in our systems.
  • Your chat conversations are not retained after your session ends — they are processed in-session only.
  • We do not sell your data, do not run targeted advertising, do not share data with data brokers, and do not use your data to train AI models.
  • You can export or delete your data at any time, and you have rights you can exercise by emailing [email protected].

2. Information We Collect

  • Account information: email, display name, password hash, and SSO tokens (if you sign in with Google/Microsoft).
  • Student profile information (entered by you, the adult): student nickname (not legal name), grade level, plan type (IEP or 504), state, county, current stage, school level, primary concerns, next meeting date, and the school, principal, case-manager/coordinator, and parent/guardian names you choose to enter. Most fields are optional. These fields are used only to personalize your guidance and to auto-fill the advocacy-letter templates you generate. We do not collect or store the student's full legal name, date of birth, or student ID.
  • Documents and photos you upload for analysis (PDFs, Word files, and photos/scans of documents): processed ephemerally and never stored. Document content is sent to our AI provider for analysis only during your active session and is cleared when the session ends. This applies identically to PDFs, Word files, and photos/scanned images. Uploaded documents may contain a student's diagnoses or scores; because we never store the document, we do not retain that information.
  • Chat and conversation data: the messages you send and the AI responses generated are processed during your live session to produce responses. They are held only in your browser during the session and are not retained on our servers after the session ends.
  • Optional Case Tracker data (only if you turn it on): dates, goals, service notes, summaries, and personal observations you choose to add. We do not store raw documents, assessment scores, or diagnoses in Case Tracker.
  • Subscription data: Stripe customer ID and plan tier. Your payment card details never touch our servers — Stripe handles all payment processing.
  • Quality-feedback signals: when our AI flags uncertainty, a brief, non-identifying record is logged to help us improve.
  • Automatically collected data: browser type, IP address, device information, and usage analytics, collected via standard web technologies and subject to your Global Privacy Control choice (§11).

3. Sensitive Information — How We Handle It

Some information you provide relates to a student's disability, health condition, or diagnosis. Several privacy laws — including the Maryland Online Data Privacy Act (Md. Code, Com. Law §§14-4701–14-4714) — treat this, and information about a minor, as "sensitive data." We handle it as follows:

  • The diagnosis and assessment information contained in uploaded documents is processed only as strictly necessary to produce the analysis you request, and is never stored.
  • We collect and process other sensitive information only as strictly necessary to provide the guidance you request, and we minimize what we keep.
  • For optional stored features (such as Case Tracker), we obtain a separate, specific opt-in before saving any information, distinct from general acceptance of our Terms.
  • We never sell sensitive information and never use it for targeted advertising — for any user, and regardless of consent.
  • Where a state law requires your additional consent to process sensitive information, we obtain it through a clear, specific opt-in separate from your acceptance of our Terms.

4. How We Use Your Information

We use your information to: provide and personalize the guidance and reports you request; maintain continuity within your active session; process subscriptions and consultations; communicate with you (including service and, with your choice, marketing emails); maintain security and prevent abuse; and improve the Platform. We process personal data only as reasonably necessary and proportionate to these purposes (data minimization).

Marketing email is optional. Every marketing message includes a clear one-click way to unsubscribe (honored within 10 business days) and our physical mailing address. Opting out of marketing never affects the transactional messages you need to use IEPVue.

5. Artificial Intelligence

IEPVue uses AI (powered by Anthropic's Claude) to analyze your inputs and generate guidance. You are interacting with an automated AI system, not a human reviewer. Your chat messages and uploaded document content are sent to Anthropic's API for real-time processing only. Anthropic does not train its models on content submitted through its API, and we do not use your information, your student's information, or your documents to train AI models. AI outputs are educational only and may be inaccurate or incomplete; they are not legal advice, a diagnosis, or a professional opinion. Individual AI responses are not human-reviewed before delivery.

6. How We Share Information — Service Providers

We share data only with service providers that process it on our behalf under contractual data-protection obligations, and as required by law:

  • Anthropic — AI processing of chat and document content.
  • Base44 — application hosting and infrastructure.
  • Stripe — subscription and payment processing.
  • Loops.so — transactional email delivery only (account, billing, trial, and service notifications). Marketing email is handled by GoHighLevel, below.
  • GoHighLevel (LeadConnector) — marketing and customer-relationship management (lead capture and our own marketing communications to you). Scope is limited to your name, email, and engagement data (such as whether you opened a message or ran a free scan); we never share uploaded documents, assessment scores, diagnoses, or other sensitive data with this provider.
  • PostHog — product analytics (honors Global Privacy Control; see §11).
  • Sentry — error monitoring.

We may also disclose information to comply with law, a court order, or a lawful request, or to protect rights and safety. We do not sell your personal information, do not share it for targeted advertising, and do not disclose it to data brokers.

7. Children's Information

IEPVue is a service for adults — parents, guardians, and advocates. Children do not create accounts, are not the audience for the Platform, and do not provide information to us. Any information about a student is entered by the adult account holder. Because we collect information from adults — not online from children — the Children's Online Privacy Protection Act (COPPA), which governs the online collection of personal information from children under 13, does not apply to IEPVue. We nonetheless apply heightened safeguards to student information: we minimize what we collect (nickname, not legal name; no scores or diagnoses stored), we process the most sensitive content ephemerally, and we never sell or use for targeted advertising any data concerning a minor.

8. Data Retention

We keep information only as long as reasonably necessary. Summary of periods (full detail in our Data Retention Policy):

  • Uploaded documents/photos: not retained — processed in-session only and cleared (target: within 1 hour).
  • Chat conversations: not retained after your session ends (processed in-session only).
  • Student profiles: retained while your account is active; deleted within 12 months after account cancellation, with final purge by 18 months.
  • Case Tracker data: retained while enabled; deleted when you disable Case Tracker or delete your account; inactive records purged after 24 months.
  • Account information: deleted within 18 months after cancellation.
  • Payment records: retained as required by tax and PCI-DSS obligations (up to 7 years).
  • Analytics/usage: deleted after 12 months. Marketing email: until you unsubscribe.

We do not retain personal information indefinitely.

9. Your Privacy Rights

Depending on your state, you may have the right to: access the personal data we hold about you; correct inaccuracies; delete your data; obtain a portable copy; obtain a list of the categories of third parties to whom we have disclosed data; and opt out of any sale, targeted advertising, or profiling (note: we do none of these). To exercise any right, email [email protected]. We will respond within 45 days (extendable once by an additional 45 days where permitted, with notice).

Right to appeal. If we deny your request, you may appeal by replying to our decision or emailing [email protected] with "Appeal" in the subject line. We will respond to your appeal within 45 days and explain our decision. If your appeal is denied, you may contact your state attorney general.

You may also export all of your data or delete your Case Tracker data (without affecting your account), or delete your entire account at any time from Account Settings.

10. Sensitive Data Consent & Children Under 18

We do not sell personal data or use it for targeted advertising for any consumer, and specifically not for any consumer we know or should know is under 18. Where required, we obtain your separate, specific consent before processing sensitive data (§3).

11. Global Privacy Control & Universal Opt-Out

We honor the Global Privacy Control (GPC) browser signal. If your browser sends a GPC signal, we treat it as a request to opt out of any optional data collection and suppress non-essential analytics for your session.

12. Security

We use industry-standard safeguards: encryption in transit (TLS 1.2+), encryption at rest (AES-256, with keys managed in a cloud key-management service), hashed password storage (we never store plaintext passwords), secure authentication, ephemeral document processing, owner-scoped role-based access, and regular security reviews, as described in our Information Security Program. No system is completely secure, and we cannot guarantee absolute security.

13. Your California Privacy Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act (as amended), including to know, access, correct, and delete personal information, to limit the use of sensitive personal information, and to opt out of "sale" or "sharing" — though IEPVue does not sell or share personal information as those terms are defined. We do not discriminate against you for exercising any right. To exercise these rights, email [email protected].

14. Health-Data Breach Notification

Because special-education documents can contain health-related information, we maintain a breach-response program designed to meet the FTC Health Breach Notification Rule. If a breach of security involving unsecured identifiable health information occurs, we will notify affected individuals within 60 calendar days, and notify the FTC and media where 500 or more individuals are affected. (IEPVue is not a HIPAA-covered entity and does not claim to be.) See our Terms (§11) and Information Security Program.

15. International Users

IEPVue is intended for use in the United States. If you access it from outside the US, you do so on your own initiative and are responsible for compliance with local law.

16. Changes & Contact

We may update this Policy prospectively; material changes will be notified through the Platform or by email. Questions or requests: [email protected] · Eccleston Education Consulting LLC.

IEPVue provides general educational information about special education law and processes. It is not legal advice and is not a substitute for consultation with a qualified special education attorney. Topics involving due process, mediation, unilateral placement, or reimbursement claims require legal counsel. IEPVue is an AI-powered educational tool informed by expert knowledge. Information is based on federal and state regulations and may not reflect the most recent changes. Always verify information with your local school district or state education agency.

Privacy Policy Terms of Use Information Security Data Retention How We Use AI Contact

© 2026 Eccleston Education Consulting, LLC. All rights reserved.